From 2a5344069c170915f7c70cb96a1fd97830d89a77 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Fri, 19 Aug 2016 17:00:08 +0200
Subject: [PATCH] Add .htaccess to image proxy folder as defense in depth

---
 wcfsetup/install/files/images/proxy/.htaccess                 | 4 ++++
 .../files/lib/system/cronjob/DailyCleanUpCronjob.class.php    | 2 ++
 2 files changed, 6 insertions(+)
 create mode 100644 wcfsetup/install/files/images/proxy/.htaccess

diff --git a/wcfsetup/install/files/images/proxy/.htaccess b/wcfsetup/install/files/images/proxy/.htaccess
new file mode 100644
index 0000000000..fb00544588
--- /dev/null
+++ b/wcfsetup/install/files/images/proxy/.htaccess
@@ -0,0 +1,4 @@
+order allow,deny
+<Files ~ "\.(png|jpg|gif)$">
+	allow from all
+</Files>
diff --git a/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php b/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
index 9448d686c8..67b9c072b2 100644
--- a/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
+++ b/wcfsetup/install/files/lib/system/cronjob/DailyCleanUpCronjob.class.php
@@ -183,6 +183,8 @@ class DailyCleanUpCronjob extends AbstractCronjob {
 		// clean up proxy images
 		if (MODULE_IMAGE_PROXY) {
 			DirectoryUtil::getInstance(WCF_DIR.'images/proxy/')->executeCallback(new Callback(function($filename, $object) {
+				if ($filename === WCF_DIR.'images/proxy/.htaccess') return;
+				
 				if ($object->isFile() && $object->getMTime() < TIME_NOW - 86400 * IMAGE_PROXY_EXPIRATION) {
 					@unlink($filename);
 				}
-- 
2.20.1