Fix the way htaccess are structured inside data folder: make data for…

…bidden by default, and allow data/public/ only, instead of forbidding all the others one by one. Close #635
pydio · Sep 15, 2014 · ca6666b · ca6666b
1 parent 6fefa80
commit ca6666b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/core/src/data/.htaccess b/core/src/data/.htaccess
@@ -0,0 +1,2 @@
+Order Deny,Allow
+Deny from all
diff --git a/core/src/plugins/action.share/class.ShareCenter.php b/core/src/plugins/action.share/class.ShareCenter.php
@@ -925,7 +925,8 @@ public function initPublicFolder($downloadFolder)
         @copy($pDir."/res/button_cancel.png", $downloadFolder."/button_cancel.png");
         @copy(AJXP_INSTALL_PATH."/server/index.html", $downloadFolder."/index.html");
         $dlUrl = $this->buildPublicDlURL();
-        $htaccessContent = "ErrorDocument 404 ".$dlUrl."/404.html\n<Files \".ajxp_*\">\ndeny from all\n</Files>\n";
+        $htaccessContent = "Order Deny,Allow\nAllow from all\n";
+        $htaccessContent .= "\n<Files \".ajxp_*\">\ndeny from all\n</Files>\n";
         $path = parse_url($dlUrl, PHP_URL_PATH);
         $htaccessContent .= '
         <IfModule mod_rewrite.c>