Merge remote-tracking branch 'origin/1.13' into 2.5

ezsystems · Apr 1, 2020 · f21ecfa · f21ecfa
2 parents 7474012 + 6325bca
commit f21ecfa
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 10 deletions.
diff --git a/doc/apache2/vhost.template b/doc/apache2/vhost.template
@@ -99,7 +99,7 @@
         RewriteRule ^/(css|js|fonts?)/.*\.(css|js|otf|eot|ttf|svg|woff) - [L]
 
         # Prevent access to website with direct usage of app.php in URL
-        RewriteRule ^/(.+/)?app\.php - [R=404,L]
+        RewriteRule ^/([^/]+/)?app\.php([/?#]|$) - [R=404,L]
 
         RewriteRule .* /app.php
     </IfModule>

diff --git a/doc/nginx/ez_params.d/ez_rewrite_params b/doc/nginx/ez_params.d/ez_rewrite_params
@@ -18,7 +18,7 @@ rewrite "^/bundles/(.*)" "/bundles/$1" break;
 rewrite "^/assets/(.*)" "/assets/$1" break;
 
 # Prevent access to website with direct usage of app.php in URL
-if ($request_uri ~ "^/(.+/)?app\.php") {
+if ($request_uri ~ "^/([^/]+/)?app\.php([/?#]|$)") {
     return 404;
 }
 

diff --git a/web/app.php b/web/app.php
@@ -47,14 +47,6 @@
 
 $request = Request::createFromGlobals();
 
-// Deny request if it contains the frontcontroller script ie. http://example.com/app.php
-$frontControllerScript = preg_quote(basename($request->server->get('SCRIPT_FILENAME')));
-if (preg_match("<^/([^/]+/)?$frontControllerScript([/?#]|$)>", $request->getRequestUri(), $matches) === 1) {
-    http_response_code(400);
-    echo('<html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1></center></body></html>');
-    die;
-}
-
 // If behind one or more trusted proxies, you can set them in SYMFONY_TRUSTED_PROXIES environment variable.
 // !! Proxies here refers to load balancers, TLS/Reverse proxies and so on. Which Symfony need to know about to
 // work correctly: identify https, allow Varnish to lookup fragment & user hash routes, get correct client ip, ...