From d59abad833eff939ae3296950ed6d28a59c77d06 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Wed, 20 Nov 2024 20:49:40 +0100
Subject: [PATCH] Ensure private directories are not served

---
 docker/glpi/entrypoint.sh |  8 ++++++++
 glpi                      | 10 ++++++++++
 2 files changed, 18 insertions(+)

diff --git a/docker/glpi/entrypoint.sh b/docker/glpi/entrypoint.sh
index 6460cc8..dcef563 100755
--- a/docker/glpi/entrypoint.sh
+++ b/docker/glpi/entrypoint.sh
@@ -41,5 +41,13 @@ cronjob() {
         sleep 60
     done
 }
+if [ -z "$(grep RewriteBase /var/www/html/.htaccess)" ]; then
+cat << EOF >> /var/www/html/.htaccess
+RewriteBase /
+RewriteEngine On
+RewriteCond %{REQUEST_URI} !^/public
+RewriteRule ^(.*)$ public/index.php [QSA,L]
+EOF
+fi
 cronjob &
 exec apache2ctl -DFOREGROUND
diff --git a/glpi b/glpi
index 4d7f53e..b7c6766 100755
--- a/glpi
+++ b/glpi
@@ -97,6 +97,16 @@ upgrade_glpi() {
     $0 console plugin:activate --all
     # Cleanup
     $cmd rm $prefix/install/install.php
+    # Ensure security
+    if [ -z "$(grep RewriteBase $prefix/.htaccess)" ]; then
+        cat << EOF >> $prefix/.htaccess
+RewriteBase /
+RewriteEngine On
+RewriteCond %{REQUEST_URI} !^/public
+RewriteRule ^(.*)$ public/index.php [QSA,L]
+EOF
+    fi
+
 }
 
 action=$1
-- 
GitLab