From 7e1f431eca7a8aa68fc0badfaa88e88de3ba094c Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Wed, 31 Oct 2018 15:56:08 +1100 Subject: yet another blueimp vulnerability. Move to composer. --- .../jquery-file-upload/server/php/files/.gitignore | 3 +++ .../jquery-file-upload/server/php/files/.htaccess | 26 ++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 vendor/blueimp/jquery-file-upload/server/php/files/.gitignore create mode 100644 vendor/blueimp/jquery-file-upload/server/php/files/.htaccess (limited to 'vendor/blueimp/jquery-file-upload/server/php/files') diff --git a/vendor/blueimp/jquery-file-upload/server/php/files/.gitignore b/vendor/blueimp/jquery-file-upload/server/php/files/.gitignore new file mode 100644 index 000000000..e24a60fae --- /dev/null +++ b/vendor/blueimp/jquery-file-upload/server/php/files/.gitignore @@ -0,0 +1,3 @@ +* +!.gitignore +!.htaccess diff --git a/vendor/blueimp/jquery-file-upload/server/php/files/.htaccess b/vendor/blueimp/jquery-file-upload/server/php/files/.htaccess new file mode 100644 index 000000000..6f454afb9 --- /dev/null +++ b/vendor/blueimp/jquery-file-upload/server/php/files/.htaccess @@ -0,0 +1,26 @@ +# To enable the Headers module, execute the following command and reload Apache: +# sudo a2enmod headers + +# The following directives prevent the execution of script files +# in the context of the website. +# They also force the content-type application/octet-stream and +# force browsers to display a download dialog for non-image files. +SetHandler default-handler +ForceType application/octet-stream +Header set Content-Disposition attachment + +# The following unsets the forced type and Content-Disposition headers +# for known image files: + + ForceType none + Header unset Content-Disposition + + +# The following directive prevents browsers from MIME-sniffing the content-type. +# This is an important complement to the ForceType directive above: +Header set X-Content-Type-Options nosniff + +# Uncomment the following lines to prevent unauthorized download of files: +#AuthName "Authorization required" +#AuthType Basic +#require valid-user -- cgit v1.2.3