summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.htaccess4
-rw-r--r--Bugzilla/Install/Filesystem.pm42
2 files changed, 6 insertions, 40 deletions
diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000000000..72a96e064
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,4 @@
+# Don't allow people to retrieve non-cgi executable files or our private data
+<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
+ deny from all
+</FilesMatch>
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index 4dc8a484d..eb959f0f3 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -279,14 +279,8 @@ EOT
contents => HT_DEFAULT_DENY },
't/.htaccess' => { perms => $ws_readable,
contents => HT_DEFAULT_DENY },
-
- '.htaccess' => { perms => $ws_readable, contents => <<EOT
-# Don't allow people to retrieve non-cgi executable files or our private data
-<FilesMatch ^(.*\\.pm|.*\\.pl|.*localconfig.*)\$>
- deny from all
-</FilesMatch>
-EOT
- },
+ "$datadir/.htaccess" => { perms => $ws_readable,
+ contents => HT_DEFAULT_DENY },
"$webdotdir/.htaccess" => { perms => $ws_readable, contents => <<EOT
# Restrict access to .dot files to the public webdot server at research.att.com
@@ -306,18 +300,6 @@ EOT
Deny from all
EOT
},
-
- # Even though $datadir may not (and should not) be accessible from the
- # web server, we can't know for sure, so create the .htaccess anyway.
- # It's harmless if it isn't accessible...
- "$datadir/.htaccess" => { perms => $ws_readable, contents => <<EOT
-# Nothing in this directory is retrievable unless overridden by an .htaccess
-# in a subdirectory.
-deny from all
-EOT
-
-
- },
);
my %all_files = (%create_files, %htaccess, %index_html, %files);
@@ -433,26 +415,6 @@ sub create_htaccess {
_create_files(%{FILESYSTEM()->{htaccess}});
# Repair old .htaccess files
- my $htaccess = new IO::File('.htaccess', 'r') || die ".htaccess: $!";
- my $old_data;
- { local $/; $old_data = <$htaccess>; }
- $htaccess->close;
-
- my $repaired = 0;
- if ($old_data =~ s/\|localconfig\|/\|.*localconfig.*\|/) {
- $repaired = 1;
- }
- if ($old_data !~ /\(\.\*\\\.pm\|/) {
- $old_data =~ s/\(/(.*\\.pm\|/;
- $repaired = 1;
- }
- if ($repaired) {
- print "Repairing .htaccess...\n";
- $htaccess = new IO::File('.htaccess', 'w') || die $!;
- print $htaccess $old_data;
- $htaccess->close;
- }
-
my $webdot_dir = bz_locations()->{'webdotdir'};
# The public webdot IP address changed.