Closed shefik closed 7 years ago
We don't have control over the vendor
directory, as this dynamically created by composer. Of course we could add something to the CI build, but this isn't a very elegant approach I think.
Thus I propose that we change the root file at https://github.com/zikula/core/blob/1.4/src/.htaccess#L17 to block the whole directory from there.
Reopening: perhaps we should allow JS and CSS files until 2.0, because currently not everything is published in /web
yet.
Example: https://github.com/Guite/MostGenerator/blob/37b648e869d9f5e8e1b6b903ee2c11f0451bbe0d/bundles/org.zikula.modulestudio.generator/src/org/zikula/modulestudio/generator/cartridges/zclassic/view/Forms.xtend#L105
Expected behavior
An .htaccess file should exist, to restrict public access to certain file.
Actual behavior
An .htaccess file does not exist in the
/vendor
directory.Steps to reproduce
Download Zikula 1.4.4.