IBX-7818: Fixed direct access to index.php with long URL (#34)

micszo · web-flow · commit 0e66b93a3c78 · 2024-10-10T10:17:03.000+02:00
* IBX-7818: Fixed direct acces to index.php with long URL * imagick workaround * redis 6.0.2 * fixup! imagick workaround
diff --git a/php/Dockerfile-7.3 b/php/Dockerfile-7.3
@@ -88,7 +88,7 @@ RUN set -xe \
     && docker-php-ext-enable igbinary \
     \
 # Install redis (manualy build in order to be able to enable igbinary)
-    && for i in $(seq 1 3); do pecl install -o --nobuild redis && s=0 && break || s=$? && sleep 1; done; (exit $s) \
+    && for i in $(seq 1 3); do pecl install -o --nobuild "redis-6.0.2" && s=0 && break || s=$? && sleep 1; done; (exit $s) \
     && cd "$(pecl config-get temp_dir)/redis" \
     && phpize \
     && ./configure --enable-redis-igbinary \
diff --git a/php/Dockerfile-8.3 b/php/Dockerfile-8.3
@@ -79,9 +79,18 @@ RUN set -xe \
     && docker-php-ext-enable opcache \
     && cp /usr/src/php/php.ini-production ${PHP_INI_DIR}/php.ini \
     \
-# Install imagemagick
-    && for i in $(seq 1 3); do pecl install -o imagick && s=0 && break || s=$? && sleep 1; done; (exit $s) \
-    && docker-php-ext-enable imagick \
+# Imagick is installed from the archive because regular installation fails
+# See: https://github.com/Imagick/imagick/issues/643#issuecomment-1834361716
+    && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz \
+    && tar --strip-components=1 -xf /tmp/imagick.tar.gz \
+    && phpize \
+    && ./configure \
+    && make \
+    && make install \
+    && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \
+    && rm -rf /tmp/* \
+    # <<< End of Imagick installation
+
 # Install xdebug
     && for i in $(seq 1 3); do echo yes | pecl install -o "xdebug" && s=0 && break || s=$? && sleep 1; done; (exit $s) \
 # Install blackfire: https://blackfire.io/docs/integrations/docker
diff --git a/templates/apache2/vhost.template b/templates/apache2/vhost.template
@@ -100,7 +100,7 @@
         RewriteRule ^/(css|js|fonts?)/.*\.(css|js|otf|eot|ttf|svg|woff) - [L]
 
         # Prevent access to website with direct usage of index.php in URL
-        RewriteRule ^/([^/]+/)?index\.php([/?#]|$) - [R=404,L]
+        RewriteRule ^/([^/]+/)*?index\.php([/?#]|$) - [R=404,L]
 
         RewriteRule .* /index.php
     </IfModule>
diff --git a/templates/nginx/ez_params.d/ez_rewrite_params b/templates/nginx/ez_params.d/ez_rewrite_params
@@ -19,7 +19,7 @@ rewrite "^/build/(.*)" "/build/$1" break;
 rewrite "^/assets/(.*)" "/assets/$1" break;
 
 # Prevent access to website with direct usage of index.php in URL
-if ($request_uri ~ "^/([^/]+/)?index\.php([/?#]|$)") {
+if ($request_uri ~ "^/([^/]+/)*?index\.php([/?#]|$)") {
     return 404;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ RUN set -xe \`
`88`	`88`	`&& docker-php-ext-enable igbinary \`
`89`	`89`	`\`
`90`	`90`	`# Install redis (manualy build in order to be able to enable igbinary)`
`91`		`- && for i in $(seq 1 3); do pecl install -o --nobuild redis && s=0 && break \|\| s=$? && sleep 1; done; (exit $s) \`
	`91`	`+ && for i in $(seq 1 3); do pecl install -o --nobuild "redis-6.0.2" && s=0 && break \|\| s=$? && sleep 1; done; (exit $s) \`
`92`	`92`	`&& cd "$(pecl config-get temp_dir)/redis" \`
`93`	`93`	`&& phpize \`
`94`	`94`	`&& ./configure --enable-redis-igbinary \`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ rewrite "^/build/(.*)" "/build/$1" break;`
`19`	`19`	`rewrite "^/assets/(.*)" "/assets/$1" break;`
`20`	`20`
`21`	`21`	`# Prevent access to website with direct usage of index.php in URL`
`22`		`-if ($request_uri ~ "^/([^/]+/)?index\.php([/?#]\|$)") {`
	`22`	`+if ($request_uri ~ "^/([^/]+/)*?index\.php([/?#]\|$)") {`
`23`	`23`	`return 404;`
`24`	`24`	`}`
`25`	`25`