Sensitive files are exposed

[conf-test]

---

Some sensitive directories and files are exposed to users and can be accessed by url publicly:
inc/
vendor/.htaccess.dist
/bin/.htaccess
/inc/.htaccess
/vendor/.htaccess

Expected Behavior

All these files should not be expose as warned in https://www.dokuwiki.org/security.

Specially, the .htaccess files can be used in web-based exploitation, as mentioned in https://www.acunetix.com/vulnerabilities/web/htaccess-file-readable/. They use this file to hide malware, to redirect search engines to their own sites, and for many other purposes (hide backdoors, inject content, to modify the php.ini values, etc).

Current Behavior

These files can be accessed by url from outside users.

Steps to Reproduce

Just construct url to access these files and directories, and you can access them with 200 status returned.

Environment

OS:
CPU architecture: x86_64/arm32/arm64
How docker service was installed:

From the official docker repo linuxserver/dokuwiki.

Potential Fix

Disable the access of these files and directories in access configuration of this docker image.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

[aptalca]

See message here: https://github.com/linuxserver/docker-dokuwiki/blob/master/root/defaults/default#L18-L19
and here where it gets uncommented once you go through the wizard and restart: https://github.com/linuxserver/docker-dokuwiki/blob/master/root/etc/cont-init.d/50-config#L65-L69

My guess is, you didn't go through the wizard and restart

[aptalca]

I guess we're just missing the vendor folder