From 7198b80d4b123f58d369e2dd4108a5ee09c6e028 Mon Sep 17 00:00:00 2001 From: trendschau Date: Wed, 25 Nov 2020 10:36:41 +0100 Subject: [PATCH] Version 1.4.2 Fix htaccess for pages with name like system folders --- .htaccess | 61 ++++++++++++++++++++------- system/Controllers/PageController.php | 9 ++-- 2 files changed, 50 insertions(+), 20 deletions(-) diff --git a/.htaccess b/.htaccess index f677e52..c22aef8 100644 --- a/.htaccess +++ b/.htaccess @@ -1,3 +1,5 @@ + + RewriteEngine On # If your homepage is http://yourdomain.com/yoursite @@ -7,27 +9,14 @@ RewriteEngine On # In some environements, an empty RewriteBase is required: # RewriteBase / -# Protect your system files from prying eyes -RewriteRule ^(system\/author\/) - [L] -RewriteRule ^(system) - [F,L] -RewriteRule ^(data) - [F,L] -RewriteRule ^(content) - [F,L] -RewriteRule ^(settings) - [F,L] -RewriteRule ^(.*)?\.yml$ - [F,L] -Rewriterule ^(.*)?\.yaml$ - [F,L] -RewriteRule ^(.*)?\.txt$ - [F,L] -RewriteRule ^(.*)?\.example$ - [F,L] -RewriteRule ^(.*/)?\.git+ - [F,L] - # Use this to redirect HTTP to HTTPS on apache servers # RewriteCond %{HTTPS} off # RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # Use this to redirect www to non-wwww on apache servers -# RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] # RewriteRule ^(.*)$ http://%1/$1 [R=301,L] -# Use this to redirect slash/ to no slash urls on apache servers +# Use this to redirect slash/ to url without slash on apache servers # RewriteCond %{REQUEST_FILENAME} !-d # RewriteRule ^(.*)/$ /$1 [R=301,L] @@ -35,8 +24,48 @@ RewriteRule ^(.*/)?\.git+ - [F,L] RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC] RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L] -# Directs all web requests through the site index file +# REWRITE TO INDEX + +# If the requested path and file not /index.php RewriteCond %{REQUEST_URI} !^/index\.php + +# if requested doesn't match a physical file RewriteCond %{REQUEST_FILENAME} !-f + +# if requested doesn't match a physical folder RewriteCond %{REQUEST_FILENAME} !-d -RewriteRule ^ index.php [QSA,L] \ No newline at end of file + +# then rewrite the request to the index.php script +RewriteRule ^ index.php [QSA,L] + + +# FILE/FOLDER PROTECTION + +# Deny access to these file types generally +RewriteRule ^(.*)?\.yml$ - [F,L] +Rewriterule ^(.*)?\.yaml$ - [F,L] +RewriteRule ^(.*)?\.txt$ - [F,L] +RewriteRule ^(.*)?\.example$ - [F,L] +RewriteRule ^(.*/)?\.git+ - [F,L] +RewriteRule ^(.*/)?\.md - [F,L] +RewriteRule ^(.*/)?\.php - [F,L] +RewriteRule ^(.*/)?\.twig - [F,L] + +# Block access to specific files in the root folder +RewriteRule ^(licence\.md|readme\.md|composer\.lock|composer\.json|\.htaccess)$ error [F,L] + +# block files and folders starting with a dot except for the .well-known folder (Let's Encrypt) +RewriteRule (^|/)\.(?!well-known\/) index.php [L] + +# Allow access to frontend files in author folder +RewriteRule ^(system\/author\/css\/) - [L] +RewriteRule ^(system\/author\/img\/) - [L] +RewriteRule ^(system\/author\/js\/) - [L] + +# redirect all other direct requests to the following physical folders to the index.php so pages with same name work +RewriteRule ^(system|content|data|settings) index.php [QSA,L] + +# disallow browsing other folders generally +Options -Indexes + + \ No newline at end of file diff --git a/system/Controllers/PageController.php b/system/Controllers/PageController.php index 1e22421..1e07d24 100644 --- a/system/Controllers/PageController.php +++ b/system/Controllers/PageController.php @@ -23,7 +23,8 @@ use Typemill\Extensions\ParsedownExtension; class PageController extends Controller { public function index($request, $response, $args) - { + { + /* Initiate Variables */ $structure = false; $contentHTML = false; @@ -115,9 +116,9 @@ class PageController extends Controller } else { - # get the request url - $urlRel = $uri->getBasePath() . '/' . $args['params']; - + # get the request url, trim args so physical folders have no trailing slash + $urlRel = $uri->getBasePath() . '/' . trim($args['params'], "/"); + # find the url in the content-item-tree and return the item-object for the file # important to use the structure here so it is found, even if the item is hidden. $item = Folder::getItemForUrl($structure, $urlRel, $uri->getBasePath());