Security fixes: remove dangerous public scripts, add .htaccess hardening, disable log-viewer by default, remove root index.php

config/log-viewer.php

@@ -16,7 +16,7 @@ return [
     |
     */
 
-    'enabled' => (bool) env('LOG_VIEWER_ENABLED', true),
+    'enabled' => (bool) env('LOG_VIEWER_ENABLED', false),
 
     'require_auth_in_production' => true,
 

index.php

@@ -1,18 +0,0 @@
-<?php
-
-use Illuminate\Contracts\Http\Kernel;
-use Illuminate\Http\Request;
-
-define('LARAVEL_START', microtime(true));
-
-require __DIR__ . '/vendor/autoload.php';
-
-$app = require_once __DIR__ . '/bootstrap/app.php';
-
-$kernel = $app->make(Kernel::class);
-
-$response = $kernel->handle(
-    $request = Request::capture(),
-)->send();
-
-$kernel->terminate($request, $response);

public/.htaccess

@@ -5,6 +5,9 @@
 
     RewriteEngine On
 
+    # Security: Block access to sensitive files
+    RewriteRule ^(\.env|\.git|composer\.(json|lock)|artisan)$ - [F,L]
+
     # Handle Authorization Header
     RewriteCond %{HTTP:Authorization} .
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP_AUTHORIZATION}]
@@ -20,6 +23,13 @@
     RewriteRule ^ index.php [L]
 </IfModule>
 
+# Security headers
+<IfModule mod_headers.c>
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+</IfModule>
+
 # Browser Caching - Improve performance for returning visitors
 <IfModule mod_expires.c>
     ExpiresActive On

public/check_icons.php

@@ -1,62 +0,0 @@
-<?php
-
-use Illuminate\Contracts\Console\Kernel;
-
-// Stap 1: Paden goedzetten (we gaan vanuit /public één map omhoog)
-$basePath = dirname(__DIR__);
-
-if (! file_exists($basePath . '/vendor/autoload.php')) {
-    exit("Fout: Kan vendor/autoload.php niet vinden op $basePath. Start dit script vanuit de /public map.\n");
-}
-
-// Stap 2: Laravel framework laden
-include $basePath . '/vendor/autoload.php';
-$app = require_once $basePath . '/bootstrap/app.php';
-$kernel = $app->make(Kernel::class);
-$kernel->bootstrap();
-
-// Stap 3: Instellingen
-$iconFolder = public_path('assets/gordon/album1544/');
-$outputFile = $basePath . '/missende_icons.txt';
-
-// Stap 4: Database scannen
-// We halen de namen op uit items_base omdat daar de icon-referenties staan
-echo "\n--- EPIC WEB CONTROL: 100% ICON SCAN ---\n";
-$items = DB::table('items_base')->pluck('item_name')->toArray();
-$missing = [];
-
-echo 'Bezig met controleren van ' . count($items) . " meubels...\n";
-
-foreach ($items as $item) {
-    // We checken of het bestand fysiek bestaat
-    $filename = $item . '_icon.png';
-    $path = $iconFolder . $filename;
-
-    if (! file_exists($path)) {
-        $missing[] = $item;
-    }
-}
-
-// Stap 5: Resultaten verwerken
-echo "Scan voltooid.\n";
-echo 'Totaal in database: ' . count($items) . "\n";
-echo 'Aantal missende icons: ' . count($missing) . "\n";
-
-if (count($missing) > 0) {
-    // Schrijf ELKE missende naam naar het tekstbestand
-    file_put_contents($outputFile, implode("\n", $missing));
-
-    echo "\nRESULTAAT:\n";
-    echo '- Alle ' . count($missing) . ' namen zijn opgeslagen in: ' . $outputFile . "\n";
-    echo "- Je kunt nu de downloader starten met dit bestand.\n";
-
-    echo "\nEerste 5 van de lijst:\n";
-    foreach (array_slice($missing, 0, 5) as $m) {
-        echo '  -> ' . $m . "_icon.png\n";
-    }
-} else {
-    echo "\nGEWELDIG: Je bent 100% compleet! Geen actie nodig.\n";
-    if (file_exists($outputFile)) {
-        unlink($outputFile);
-    } // Verwijder oud bestand
-}

public/test_open_basedir.php

@@ -1,3 +0,0 @@
-<?php
-
-echo ini_get('open_basedir');