From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Fri, 19 Aug 2016 15:00:08 +0000 (+0200)
Subject: Add .htaccess to image proxy folder as defense in depth
X-Git-Tag: 3.0.0_Beta_1~655
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2a5344069c170915f7c70cb96a1fd97830d89a77;p=GitHub%2FWoltLab%2FWCF.git

Add .htaccess to image proxy folder as defense in depth
---

diff --git a/wcfsetup/install/files/images/proxy/.htaccess b/wcfsetup/install/files/images/proxy/.htaccess
new file mode 100644
index 0000000000..fb00544588
--- /dev/null
+++ b/wcfsetup/install/files/images/proxy/.htaccess
@@ -0,0 +1,4 @@
+order allow,deny
+<Files ~ "\.(png|jpg|gif)$">
+	allow from all
+</Files>
diff --git a/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php b/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
index 9448d686c8..67b9c072b2 100644
--- a/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
+++ b/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
@@ -183,6 +183,8 @@ class DailyCleanUpCronjob extends AbstractCronjob {
 		// clean up proxy images
 		if (MODULE_IMAGE_PROXY) {
 			DirectoryUtil::getInstance(WCF_DIR.'images/proxy/')->executeCallback(new Callback(function($filename, $object) {
+				if ($filename === WCF_DIR.'images/proxy/.htaccess') return;
+				
 				if ($object->isFile() && $object->getMTime() < TIME_NOW - 86400 * IMAGE_PROXY_EXPIRATION) {
 					@unlink($filename);
 				}