Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport] Secure errors directory #21946

Merged
merged 1 commit into from
Apr 17, 2019
Merged

[Backport] Secure errors directory #21946

merged 1 commit into from
Apr 17, 2019

Conversation

amol2jcommerce
Copy link
Contributor

Original Pull Request

#20212

Description (*)

For Apache: deny access to XML and PHTML files within errors directory (pub/errors/.htaccess)
For Nginx: deny access to PHTML files in general and XML files within errors directory (nginx.conf.sample)

Fixed Issues (if relevant)

  1. errors/local.xml and error page templates are publicly accessible #20209: errors/local.xml and error page templates are publicly accessible

Manual testing scenarios (*)

See issue #20209

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds on Travis CI are green)

@schmengler @amol2jcommerce
Deny access to XML and PHTML files in pub/errors
2d291a7 
For apache via .htaccess and in nginx sample configuration
@magento-engcom-team
Copy link
Contributor

Hi @amol2jcommerce. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

  • @magento-engcom-team give me test instance - deploy test instance based on PR changes
  • @magento-engcom-team give me 2.2-develop instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Assistant documentation

@orlangur orlangur self-assigned this Mar 26, 2019
@amol2jcommerce
Copy link
Contributor Author

Hi @orlangur, please review.

@orlangur
Copy link
Contributor

orlangur commented Apr 1, 2019

@amol2jcommerce you could've notice I put in on hold. Will be reviewed soon.

@magento-engcom-team
Copy link
Contributor

Hi @orlangur, thank you for the review.
ENGCOM-4657 has been created to process this Pull Request

@soleksii soleksii self-assigned this Apr 9, 2019
@soleksii
Copy link

soleksii commented Apr 9, 2019

✔️ QA Passed

Before:

before

After:

after

@p-bystritsky p-bystritsky self-assigned this Apr 16, 2019
@magento-engcom-team magento-engcom-team mentioned this pull request Apr 17, 2019
Closed
@magento-engcom-team magento-engcom-team merged commit 2d291a7 into magento:2.2-develop Apr 17, 2019
@m2-assistant
Copy link

m2-assistant bot commented Apr 17, 2019

Hi @amol2jcommerce, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

magento-engcom-team pushed a commit that referenced this pull request Apr 17, 2019
@sivaschenko
ENGCOM-4657: [Backport] Secure errors directory #21946
5cb3a0f
@magento-engcom-team magento-engcom-team added this to the Release: 2.2.9 milestone Apr 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orlangur orlangur orlangur approved these changes

Assignees

@orlangur orlangur

@p-bystritsky p-bystritsky

@soleksii soleksii

Labels
Partner: Two Jay partners-contribution Pull Request is created by Magento Partner Progress: accept Release Line: 2.2
Projects
None yet
Milestone
Release: 2.2.9
Development

Successfully merging this pull request may close these issues.
6 participants
@amol2jcommerce @magento-engcom-team @orlangur @soleksii @p-bystritsky @schmengler