YunoHost-Apps/grav_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/grav_ynh.git synced 2024-09-03 19:16:01 +02:00
Code Issues Activity Actions 1

Protect against alias_traversal & httpoxy

Browse source
This commit is contained in:
Jean-Baptiste Holcroft 2018-09-03 23:44:41 +02:00
parent fa6064fcd4
commit 94198dbdb5
3 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -17,5 +17,4 @@ sudo yunohost app install --url grav https://github.com/YunoHost-Apps/grav_ynh
## TODO ## TODO
[ ] fix alias_traversal
[ ] send email to admin [ ] send email to admin

2
check_process
View file

@ -41,4 +41,4 @@ Notification=all
;;; Upgrade options ;;; Upgrade options
; commit=8b79023a4fb3633b1a01e4ad4dafb41a5344c3fd ; commit=8b79023a4fb3633b1a01e4ad4dafb41a5344c3fd
name=pre rebuild name=pre rebuild
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr_FR&is_public="Yes"& manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr_FR&is_public=PUBLIC&

5
conf/nginx.conf
View file

@ -1,4 +1,5 @@
location __PATH__ { #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
alias __FINALPATH__/; alias __FINALPATH__/;
index index.php; index index.php;
@ -33,6 +34,8 @@ location __PATH__ {
fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
# https://learn.getgrav.org/webservers-hosting/servers/nginx#fix-against-httpoxy-vulnerability
fastcgi_param HTTP_PROXY "";
fastcgi_param REMOTE_USER $remote_user; fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;