From 73e0cffa78644e74f3634e8dd10c67e2f349616b Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 30 Jan 2023 23:00:56 +0100 Subject: [PATCH] Hide .inc and .inc.php files --- src/worker/local_handler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/worker/local_handler.c b/src/worker/local_handler.c index fc7a619..c177621 100644 --- a/src/worker/local_handler.c +++ b/src/worker/local_handler.c @@ -134,7 +134,7 @@ static int local_handler(client_ctx_t *ctx) { http_add_header_field(&res->hdr, "Access-Control-Allow-Origin", "*"); } - if (!strstarts(uri->req_path, "/.well-known/") && strcontains(uri->path, "/.")) { + if ((!strstarts(uri->req_path, "/.well-known/") && strcontains(uri->path, "/.")) || strends(uri->filename, ".inc") || strends(uri->filename, ".inc.php")) { res->status = http_get_status(403); sprintf(err_msg, "Parts of this URI are hidden."); return 0;