In .htaccess deny files, use "Satisfy All"REL1_42

These .htaccess files are intended to prohibit all web access. But if the user sets "Satisfy Any" on a parent directory, in conjunction with any permissive require directive like "Require all granted", access will be allowed despite "Require all denied" in .htaccess. So, override Satisfy so that the "Require all denied" will reliably take effect. Note that "Satisfy All" is the default. This only affects non-default installations. Change-Id: Ia5862fb69e439b7ea2ed7af011e1ebf8f1b1f6d6 (cherry picked from commit a50d2e69f8ce9e5720b05615d04c35cc9008b6ae)
author: Tim Starling <tstarling@wikimedia.org> 2025-04-04 17:08:47 +1100
committer: Reedy <reedy@wikimedia.org> 2025-04-04 13:33:54 +0000
commit: 4d6ef841e2c6825406e0b4993f3b366e35f7841e (patch)
tree: 9338194dcab113e3c5824cb9e89054e9d8c80414 /includes/libs
parent: 3a700aec5852baa787b14ce8d8d5850903c3e18b (diff)
download: mediawikicore-4d6ef841e2c6825406e0b4993f3b366e35f7841e.tar.gz
mediawikicore-4d6ef841e2c6825406e0b4993f3b366e35f7841e.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/includes/libs/filebackend/FSFileBackend.php b/includes/libs/filebackend/FSFileBackend.php
index 78c698a29d15..d84e3a8399d5 100644
--- a/includes/libs/filebackend/FSFileBackend.php
+++ b/includes/libs/filebackend/FSFileBackend.php
@@ -966,7 +966,8 @@ class FSFileBackend extends FileBackendStore {
 	 * @return string
 	 */
 	protected function htaccessPrivate() {
-		return "Require all denied\n";
+		return "Require all denied\n" .
+			"Satisfy All\n";
 	}
 
 	/**
author	Tim Starling <tstarling@wikimedia.org>	2025-04-04 17:08:47 +1100
committer	Reedy <reedy@wikimedia.org>	2025-04-04 13:33:54 +0000
commit	4d6ef841e2c6825406e0b4993f3b366e35f7841e (patch)
tree	9338194dcab113e3c5824cb9e89054e9d8c80414 /includes/libs
parent	3a700aec5852baa787b14ce8d8d5850903c3e18b (diff)
download	mediawikicore-4d6ef841e2c6825406e0b4993f3b366e35f7841e.tar.gz mediawikicore-4d6ef841e2c6825406e0b4993f3b366e35f7841e.zip