Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-492w-2pp5-xhvg
Protect the composer.lock file and remove docker-compose.yml in the zip archive
  • Loading branch information
matks committed Jun 29, 2020
2 parents bac9ea6 + f70ca07 commit 35ef7e9
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
12 changes: 12 additions & 0 deletions classes/Tools.php
Expand Up @@ -2647,7 +2647,19 @@ public static function generateHtaccess($path = null, $rewrite_settings = null,
Header set Access-Control-Allow-Origin \"*\"
</FilesMatch>
</IfModule>\n\n");
fwrite($write_fd, "<Files composer.lock>
# Apache 2.2
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
# Apache 2.4
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</Files>
");
// Cache control
if ($cache_control) {
$cache_control = "<IfModule mod_expires.c>
Expand Down
2 changes: 1 addition & 1 deletion tools/build/Library/ReleaseCreator.php
Expand Up @@ -140,7 +140,7 @@ class ReleaseCreator
'\.eslintignore$',
'\.eslintrc\.js$',
'\.php_cs\.dist$',
'\.docker-compose\.yml$',
'docker-compose\.yml$',
'tools/assets$',
'\.webpack$',
];
Expand Down

0 comments on commit 35ef7e9

Please sign in to comment.