From f9aafe7c3cf3e9fd896c62aaf575532f4efb0afd Mon Sep 17 00:00:00 2001
From: Joe Bordes <joe@tsolucio.com>
Date: Sun, 20 Mar 2022 00:28:55 +0100
Subject: [PATCH] sec(GIT) protect .git directory contents

---
 build/HelperScripts/bettersafe.sh | 10 ++++++++--
 htaccess.txt                      |  2 ++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/build/HelperScripts/bettersafe.sh b/build/HelperScripts/bettersafe.sh
index b7cf1c2e00..34b7d7be7f 100755
--- a/build/HelperScripts/bettersafe.sh
+++ b/build/HelperScripts/bettersafe.sh
@@ -6,6 +6,8 @@ build/createLanguage.sh
 build/HelperScripts
 build/migrate6
 build/migrate_from_vt6.php
+build/migrate5
+build/migrate_from_vt5.php
 build/missingLanguage.sh
 build/oo-merge
 build/InstallRESTChanges.php
@@ -17,8 +19,7 @@ include/install/resources/utils.php
 include/utils/DBHealthCheck.php
 install
 install.php
-modules/Users/authTypes/adldap_test.php
-modules/Migration"
+modules/Users/authTypes/adldap_test.php"
 for f in $FILES
 do
 	if [ -e $f ]
@@ -28,6 +29,11 @@ do
 	fi
 done
 chmod 444 config.inc.php
+if [ -e .git ]
+then
+	echo "Protecting .git"
+	cp backup/.htaccess .git
+fi
 echo
 echo "Deactivate all modules you are not using. Besides being more secure the application will be faster."
 echo "Optionally you can"
diff --git a/htaccess.txt b/htaccess.txt
index 07c3b4e078..849a6e5ffc 100644
--- a/htaccess.txt
+++ b/htaccess.txt
@@ -10,3 +10,5 @@ Allow from all
 Satisfy Any
 </FilesMatch>
 
+RedirectMatch 403 ^/.*/\.git/.*$
+RedirectMatch 403 ^/\.git/.*$