Add .htaccess to image proxy folder as defense in depth

diff --git a/wcfsetup/install/files/images/proxy/.htaccess b/wcfsetup/install/files/images/proxy/.htaccess
new file mode 100644 (file)
index 0000000..fb00544
--- /dev/null
+++ b/wcfsetup/install/files/images/proxy/.htaccess
@@ -0,0 +1,4 @@
+order allow,deny
+<Files ~ "\.(png|jpg|gif)$">
+       allow from all
+</Files>

diff --git a/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php b/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
index 9448d686c8b98602dce9e18b3fc1ee26542c2ed4..67b9c072b29e5785eed0c97704e6ee24b8182ff7 100644 (file)
--- a/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
+++ b/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
@@ -183,6 +183,8 @@ class DailyCleanUpCronjob extends AbstractCronjob {
                // clean up proxy images
                if (MODULE_IMAGE_PROXY) {
                        DirectoryUtil::getInstance(WCF_DIR.'images/proxy/')->executeCallback(new Callback(function($filename, $object) {
+                               if ($filename === WCF_DIR.'images/proxy/.htaccess') return;
+                               
                                if ($object->isFile() && $object->getMTime() < TIME_NOW - 86400 * IMAGE_PROXY_EXPIRATION) {
                                        @unlink($filename);
                                }