Security: Add app/Resources/public/css to the list of directories where execution of PHP is forbidden

.htaccess

@@ -9,7 +9,7 @@
 RewriteEngine on
 
 # Prevent execution of PHP from directories used for different types of uploads
-RedirectMatch 403 ^/app/(cache|courses|home|logs|upload)/.*\.ph(p[3457]?|t|tml|ar)$
+RedirectMatch 403 ^/app/(cache|courses|home|logs|upload|Resources/public/css)/.*\.ph(p[3457]?|t|tml|ar)$
 RedirectMatch 403 ^/main/default_course_document/images/.*\.ph(p[3457]?|t|tml|ar)$
 RedirectMatch 403 ^/main/lang/.*\.ph(p[3457]?|t|tml|ar)$
 RedirectMatch 403 ^/web/css/.*\.ph(p[3457]?|t|tml|ar)$

documentation/security.html

@@ -122,6 +122,9 @@ This will prevent direct access to your settings and make it seem totally the sa
   <Directory /var/www/URL/app/upload>
     php_admin_value engine Off
   </Directory>
+  <Directory /var/www/URL/app/Resources/public/css>
+    php_admin_value engine Off
+  </Directory>
   <Directory /var/www/URL/main/default_course_document/images>
     php_admin_value engine Off
   </Directory>
@@ -138,7 +141,7 @@ This will prevent direct access to your settings and make it seem totally the sa
         rules would have to be at the top of your location rules to take the
         highest priority:
         <pre>
-  location ~ ^/app/(cache|courses|home|logs|upload)/.*\.ph(p[3457]?|t|tml|ar)$ {
+  location ~ ^/app/(cache|courses|home|logs|upload|Resources/public/css)/.*\.ph(p[3457]?|t|tml|ar)$ {
     deny all;
   }
   location ~ ^/main/default_course_document/images/.*\.ph(p[3457]?|t|tml|ar)$ {