parkerslingshotrentals/uploads/.htaccess at main - parkerslingshotrentals - Orbis Gitea

myron/parkerslingshotrentals

mirror of https://github.com/myronblair/parkerslingshotrentals synced 2026-06-30 17:50:31 -05:00

Files

T

myron bb21fca399 Security: block direct upload access, fix view-doc path traversal guard

- uploads/.htaccess: deny all direct web access to uploaded customer docs
- admin/view-doc.php: add realpath() path-traversal check (mirrors view-doc.php)
- admin/view-doc.php: remove dead double-query (result was always overwritten)
- .gitignore: uploads/* wildcard so .htaccess can be tracked

2026-06-13 14:20:41 +00:00

9 lines

222 B

ApacheConf

Raw Permalink Blame History

 # Block direct web access — documents served only through admin/view-doc.php
 <IfModule mod_authz_core.c>
     Require all denied
 </IfModule>
 <IfModule !mod_authz_core.c>
     Order deny,allow
     Deny from all
 </IfModule>