[packages/stikked] deny access system and whole application dir

glen glen at pld-linux.org
Sun Mar 16 02:47:27 CET 2014 

commit fdea84f14fa0a3b025c50fbadb32276e3a47cf37
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sun Mar 16 03:47:09 2014 +0200

    deny access system and whole application dir

 apache.conf   | 2 +-
 lighttpd.conf | 2 +-
 stikked.spec  | 5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/stikked.spec b/stikked.spec
index 75c656d..d99c81e 100644
--- a/stikked.spec
+++ b/stikked.spec
@@ -1,7 +1,7 @@
 Summary:	Stikked is an Open-Source PHP Pastebin
 Name:		stikked
 Version:	0.8.6
-Release:	0.11
+Release:	0.12
 License:	CC0
 Group:		Applications/WWW
 Source0:	https://github.com/claudehohl/Stikked/archive/%{version}/%{name}-%{version}.tar.gz
@@ -47,6 +47,9 @@ rm htdocs/application/libraries/index.html
 rm htdocs/application/logs/index.html
 rm htdocs/application/models/index.html
 rm htdocs/application/third_party/index.html
+rm htdocs/application/.htaccess
+rm htdocs/application/cache/.htaccess
+rm htdocs/system/.htaccess
 
 # this is to simplify install
 mv htdocs/application/config .
diff --git a/apache.conf b/apache.conf
index 73b6fdf..0b30979 100644
--- a/apache.conf
+++ b/apache.conf
@@ -42,7 +42,7 @@ Alias /stikked /usr/share/stikked
 	</IfModule>
 </Directory>
 
-<Directory ~ "/usr/share/stikked/application/(config|cache|controllers|core|errors|helpers|hooks|libraries|logs|models|third_party)">
+<Directory ~ "/usr/share/stikked/(system|application)">
     # Apache 2.x
     <IfModule !mod_authz_core.c>
         Order deny,allow
diff --git a/lighttpd.conf b/lighttpd.conf
index 8a31163..0715d6f 100644
--- a/lighttpd.conf
+++ b/lighttpd.conf
@@ -11,6 +11,6 @@ url.rewrite-once += (
 	"^" + var.stikked_url + "/(.*)$" => var.stikked_url + "/index.php$2",
 )
 
-$HTTP["url"] =~ "^" + var.stikked_url + "/(config|cache|controllers|core|errors|helpers|hooks|libraries|logs|models|third_party)" {
+$HTTP["url"] =~ "^" + var.stikked_url + "/(system|application)" {
     url.access-deny = ("")
 }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/stikked.git/commitdiff/fdea84f14fa0a3b025c50fbadb32276e3a47cf37

More information about the pld-cvs-commit mailing list