diff options
| author |  Inverle <inverle@proton.me>
| 2025-09-16 00:53:15 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-09-16 00:53:15 +0200 |
| commit | 25250f46b4f110e9c9a1a1f4366889c3701bca18 (patch) | |
| tree | bcc4aebd11669cf5fbd74214e572c5a479b1d8b4 | |
| parent | f8310a587c26b0965bab71abfeb2d018e414f572 (diff) | |
Safer calling of `install.php` (#7971)
To prevent `install.php` from being accessed in unintended places
| -rw-r--r-- | app/install.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/install.php b/app/install.php index 3d7f88913..f7b15d468 100644 --- a/app/install.php +++ b/app/install.php @@ -1,6 +1,11 @@ <?php declare(strict_types=1); +if (isset($_SESSION) || basename(is_string($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : '') !== 'index.php') { + header('HTTP/1.1 403 Forbidden'); + exit('Forbidden'); +} + if (function_exists('opcache_reset')) { opcache_reset(); } |