Prevents the display of hidden files

.htaccess

@@ -12,6 +12,7 @@ ErrorDocument 501 /index.php/RESERVED.TEENY-501.html
 
 RewriteEngine On
 
+# Ignore hidden files
 RewriteRule (^\.|/\.) index.php [L]
 
 # Redirect to public folder

README.html

@@ -1133,24 +1133,26 @@ <h2 id="nginx">NGINX<a class="headerlink" href="#nginx" title="Permanent link">
     root  /home/foo/bar/teeny;
     index index.html index.htm index.php;
 
-    # Redirect page errors to route system
-    error_page 401 /index.php/RESERVED.TEENY-401.html;
-    error_page 403 /index.php/RESERVED.TEENY-403.html;
-    error_page 500 /index.php/RESERVED.TEENY-500.html;
-    error_page 501 /index.php/RESERVED.TEENY-501.html;
-
-    try_files /public/$uri /index.php?$query_string;
+    location ~ /\. {
+        return 404;
+    }
 
     location ~ \.php$ {
-        include       fastcgi_params;
+        fastcgi_pass  127.0.0.1:9000; # Replace by your FastCGI or FPM
         fastcgi_index index.php;
-        fastcgi_param INPHINIT_ROOT   $document_root
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
-
-        # Replace by your FastCGI or FPM
-        fastcgi_pass  127.0.0.1:9000;
+        include       fastcgi_params;
     }
+
+    # Redirect page errors to route system
+    error_page 401 /index.php/RESERVED.TEENY-401.html;
+    error_page 403 /index.php/RESERVED.TEENY-403.html;
+    error_page 404 /index.php/RESERVED.TEENY-404.html;
+    error_page 500 /index.php/RESERVED.TEENY-500.html;
+    error_page 501 /index.php/RESERVED.TEENY-501.html;
+
+    try_files /public/$uri /index.php;
 }
 </pre></div>
 

README.md

@@ -75,24 +75,26 @@ location / {
     root  /home/foo/bar/teeny;
     index index.html index.htm index.php;
 
-    # Redirect page errors to route system
-    error_page 401 /index.php/RESERVED.TEENY-401.html;
-    error_page 403 /index.php/RESERVED.TEENY-403.html;
-    error_page 500 /index.php/RESERVED.TEENY-500.html;
-    error_page 501 /index.php/RESERVED.TEENY-501.html;
-
-    try_files /public/$uri /index.php?$query_string;
+    location ~ /\. {
+        return 404;
+    }
 
     location ~ \.php$ {
-        include       fastcgi_params;
+        fastcgi_pass  127.0.0.1:9000; # Replace by your FastCGI or FPM
         fastcgi_index index.php;
-        fastcgi_param INPHINIT_ROOT   $document_root
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
-
-        # Replace by your FastCGI or FPM
-        fastcgi_pass  127.0.0.1:9000;
+        include       fastcgi_params;
     }
+
+    # Redirect page errors to route system
+    error_page 401 /index.php/RESERVED.TEENY-401.html;
+    error_page 403 /index.php/RESERVED.TEENY-403.html;
+    error_page 404 /index.php/RESERVED.TEENY-404.html;
+    error_page 500 /index.php/RESERVED.TEENY-500.html;
+    error_page 501 /index.php/RESERVED.TEENY-501.html;
+
+    try_files /public/$uri /index.php;
 }
 ```
 

vendor/Teeny.php

@@ -278,7 +278,12 @@ private function dispatch($callback, $code, $params)
     private function fileInBuiltIn()
     {
         $path = $this->pathInfo;
-        return $path !== '/' && is_file('public' . $path);
+        return (
+            $path !== '/' &&
+            strpos($path, '.') !== 0 &&
+            strpos($path, '/.') === false &&
+            is_file('public' . $path)
+        );
     }
 }
 

web.config

@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
     <system.webServer>
+        <directoryBrowse enabled="false" />
         <defaultDocument>
             <files>
                 <clear />
@@ -10,29 +11,36 @@
         <httpErrors>
             <remove statusCode="401" subStatusCode="-1" />
             <remove statusCode="403" subStatusCode="-1" />
+            <remove statusCode="500" subStatusCode="-1" />
             <remove statusCode="501" subStatusCode="-1" />
             <error statusCode="401"
                    responseMode="ExecuteURL"
                    path="/index.php/RESERVED.TEENY-401.html?RESERVED_IISREDIRECT=1" />
             <error statusCode="403"
                    responseMode="ExecuteURL"
                    path="/index.php/RESERVED.TEENY-403.html?RESERVED_IISREDIRECT=1" />
+            <error statusCode="500"
+                   responseMode="ExecuteURL"
+                   path="/index.php/RESERVED.TEENY-501.html?RESERVED_IISREDIRECT=1" />
             <error statusCode="501"
                    responseMode="ExecuteURL"
                    path="/index.php/RESERVED.TEENY-501.html?RESERVED_IISREDIRECT=1" />
         </httpErrors>
         <rewrite>
             <rules>
-                <rule name="Ignore system vendor" stopProcessing="true">
-                    <match url="^(vendor/|vendor$)" ignoreCase="false" />
+                <rule name="Ignore hidden files" stopProcessing="true">
+                    <match url="(^\.|/\.)" />
                     <action type="Rewrite" url="index.php" />
                 </rule>
-                <rule name="Redirect to routes" stopProcessing="true">
+                <rule name="Redirect to public folder" stopProcessing="false">
+                    <match url="^(.*)" />
+                    <action type="Rewrite" url="public/{R:1}" />
+                </rule>
+                <rule name="Redirect all urls to index.php if no exits files" stopProcessing="true">
                     <conditions>
                         <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
-                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                     </conditions>
-                    <match url="^" ignoreCase="false" />
+                    <match url="^public/" />
                     <action type="Rewrite" url="index.php" />
                 </rule>
             </rules>