[nextcloud-web: 1/2] Fix "security issue in NGINX/php-fpm"

From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
To: commits-list gnome org
Cc:
Subject: [nextcloud-web: 1/2] Fix "security issue in NGINX/php-fpm"
Date: Sun, 26 Jan 2020 10:24:58 +0000 (UTC)

commit e5bc0c0e6db6390a5f0cc28dfc23e254aee98032
Author: Nicholas Harvey <727-FrostyPenguin users noreply gitlab gnome org>
Date:   Fri Nov 29 19:16:36 2019 +0000

    Fix "security issue in NGINX/php-fpm"
    
    This commit mainly applies the changes stated in 
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

 nginx/nginx.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
---
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 70441b5..64e21d4 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -92,7 +92,7 @@ http {
     #pagespeed off;
 
     location / {
-      rewrite ^ /index.php$uri;
+      rewrite ^ /index.php;
     }
 
     location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
@@ -104,6 +104,7 @@ http {
 
     location ~ 
^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
+      try_files $fastcgi_script_name =404;
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]