From 55b5aab45843a2c4a89b2ea974f1f88ff001e3e6 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 26 May 2026 16:52:09 +0200 Subject: [PATCH] Security fixes: remove dangerous public scripts, add .htaccess hardening, disable log-viewer by default, remove root index.php --- config/log-viewer.php | 2 +- index.php | 18 ----------- public/.htaccess | 10 ++++++ public/check_icons.php | 62 ------------------------------------ public/test_open_basedir.php | 3 -- 5 files changed, 11 insertions(+), 84 deletions(-) delete mode 100755 index.php delete mode 100755 public/check_icons.php delete mode 100755 public/test_open_basedir.php diff --git a/config/log-viewer.php b/config/log-viewer.php index 638e98e..47d7420 100755 --- a/config/log-viewer.php +++ b/config/log-viewer.php @@ -16,7 +16,7 @@ return [ | */ - 'enabled' => (bool) env('LOG_VIEWER_ENABLED', true), + 'enabled' => (bool) env('LOG_VIEWER_ENABLED', false), 'require_auth_in_production' => true, diff --git a/index.php b/index.php deleted file mode 100755 index 668d55f..0000000 --- a/index.php +++ /dev/null @@ -1,18 +0,0 @@ -make(Kernel::class); - -$response = $kernel->handle( - $request = Request::capture(), -)->send(); - -$kernel->terminate($request, $response); diff --git a/public/.htaccess b/public/.htaccess index 341df38..f496d40 100755 --- a/public/.htaccess +++ b/public/.htaccess @@ -5,6 +5,9 @@ RewriteEngine On + # Security: Block access to sensitive files + RewriteRule ^(\.env|\.git|composer\.(json|lock)|artisan)$ - [F,L] + # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP_AUTHORIZATION}] @@ -20,6 +23,13 @@ RewriteRule ^ index.php [L] +# Security headers + + Header always set X-Frame-Options "SAMEORIGIN" + Header always set X-Content-Type-Options "nosniff" + Header always set Referrer-Policy "strict-origin-when-cross-origin" + + # Browser Caching - Improve performance for returning visitors ExpiresActive On diff --git a/public/check_icons.php b/public/check_icons.php deleted file mode 100755 index 0981d11..0000000 --- a/public/check_icons.php +++ /dev/null @@ -1,62 +0,0 @@ -make(Kernel::class); -$kernel->bootstrap(); - -// Stap 3: Instellingen -$iconFolder = public_path('assets/gordon/album1544/'); -$outputFile = $basePath . '/missende_icons.txt'; - -// Stap 4: Database scannen -// We halen de namen op uit items_base omdat daar de icon-referenties staan -echo "\n--- EPIC WEB CONTROL: 100% ICON SCAN ---\n"; -$items = DB::table('items_base')->pluck('item_name')->toArray(); -$missing = []; - -echo 'Bezig met controleren van ' . count($items) . " meubels...\n"; - -foreach ($items as $item) { - // We checken of het bestand fysiek bestaat - $filename = $item . '_icon.png'; - $path = $iconFolder . $filename; - - if (! file_exists($path)) { - $missing[] = $item; - } -} - -// Stap 5: Resultaten verwerken -echo "Scan voltooid.\n"; -echo 'Totaal in database: ' . count($items) . "\n"; -echo 'Aantal missende icons: ' . count($missing) . "\n"; - -if (count($missing) > 0) { - // Schrijf ELKE missende naam naar het tekstbestand - file_put_contents($outputFile, implode("\n", $missing)); - - echo "\nRESULTAAT:\n"; - echo '- Alle ' . count($missing) . ' namen zijn opgeslagen in: ' . $outputFile . "\n"; - echo "- Je kunt nu de downloader starten met dit bestand.\n"; - - echo "\nEerste 5 van de lijst:\n"; - foreach (array_slice($missing, 0, 5) as $m) { - echo ' -> ' . $m . "_icon.png\n"; - } -} else { - echo "\nGEWELDIG: Je bent 100% compleet! Geen actie nodig.\n"; - if (file_exists($outputFile)) { - unlink($outputFile); - } // Verwijder oud bestand -} diff --git a/public/test_open_basedir.php b/public/test_open_basedir.php deleted file mode 100755 index d4fc137..0000000 --- a/public/test_open_basedir.php +++ /dev/null @@ -1,3 +0,0 @@ -