Disable php in .htaccess of images directory as a hardening measure.

All our docs strongly reccomend doing this. There is even a prompt in the installer. Not all webservers listen to this of course, but it won't hurt things that ignore it. The general idea is that there should be no directory that is both writable and executable at the same time by the webserver. images must be writable, so we should turn off php so its not executable. Change-Id: Ic03cee12845a56a0f4f7e356493eb0f446ccf34c
author: Brian Wolff <bawolff+wn@gmail.com> 2022-11-12 08:16:21 -0800
committer: Brian Wolff <bawolff+wn@gmail.com> 2022-11-12 08:26:23 -0800
commit: def09fd9ebe1da051709f816d47c8313be5b514d (patch)
tree: 957db9f8e4c43ced2254247da073d133f1720fc0 /images
parent: f53163461340e99c985af060c6ddfcbe99f3907e (diff)
download: mediawikicore-def09fd9ebe1da051709f816d47c8313be5b514d.tar.gz
mediawikicore-def09fd9ebe1da051709f816d47c8313be5b514d.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/images/.htaccess b/images/.htaccess
index e69de29bb2d1..0c8194886f4c 100644
--- a/images/.htaccess
+++ b/images/.htaccess
@@ -0,0 +1,7 @@
+<IfModule php7_module>
+php_flag engine off
+</IfModule>
+# In php8, php dropped the version number.
+<IfModule php_module>
+php_flag engine off
+</IfModule>
author	Brian Wolff <bawolff+wn@gmail.com>	2022-11-12 08:16:21 -0800
committer	Brian Wolff <bawolff+wn@gmail.com>	2022-11-12 08:26:23 -0800
commit	def09fd9ebe1da051709f816d47c8313be5b514d (patch)
tree	957db9f8e4c43ced2254247da073d133f1720fc0 /images
parent	f53163461340e99c985af060c6ddfcbe99f3907e (diff)
download	mediawikicore-def09fd9ebe1da051709f816d47c8313be5b514d.tar.gz mediawikicore-def09fd9ebe1da051709f816d47c8313be5b514d.zip