.htaccess file missing from vendor directory

zikula / core

Zikula Core Framework

GNU Lesser General Public License v3.0

237 stars 67 forks source link

.htaccess file missing from vendor directory #3288

Closed shefik closed 7 years ago

shefik commented 7 years ago

Q	A
Zikula Version	1.4.4
PHP Version	5.6

Expected behavior

An .htaccess file should exist, to restrict public access to certain file.

Actual behavior

An .htaccess file does not exist in the /vendor directory.

Steps to reproduce

Download Zikula 1.4.4.

Guite commented 7 years ago

We don't have control over the vendor directory, as this dynamically created by composer. Of course we could add something to the CI build, but this isn't a very elegant approach I think. Thus I propose that we change the root file at https://github.com/zikula/core/blob/1.4/src/.htaccess#L17 to block the whole directory from there.

Guite commented 7 years ago

Reopening: perhaps we should allow JS and CSS files until 2.0, because currently not everything is published in /web yet. Example: https://github.com/Guite/MostGenerator/blob/37b648e869d9f5e8e1b6b903ee2c11f0451bbe0d/bundles/org.zikula.modulestudio.generator/src/org/zikula/modulestudio/generator/cartridges/zclassic/view/Forms.xtend#L105