From d5129ad7ede4d8f21b039689559c77616cf8a891 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Mon, 23 Jul 2018 15:58:38 -0500
Subject: [PATCH] Security: Update PHP files extension matching pattern in
 .htaccess and documentation to match all possible forms supported by PHP 5
 and PHP 7.

---
 .htaccess                   | 8 ++++----
 documentation/security.html | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.htaccess b/.htaccess
index 69ad3ff511..c84dbea1e2 100755
--- a/.htaccess
+++ b/.htaccess
@@ -9,10 +9,10 @@
 RewriteEngine on
 
 # Prevent execution of PHP from directories used for different types of uploads
-RedirectMatch 403 ^/app/(cache|courses|home|logs|upload)/.*\.(php|php4|php5)$
-RedirectMatch 403 ^/main/default_course_document/images/.*\.(php|php4|php5)$
-RedirectMatch 403 ^/main/lang/.*\.(php|php4|php5)$
-RedirectMatch 403 ^/web/css/.*\.(php|php4|php5)$
+RedirectMatch 403 ^/app/(cache|courses|home|logs|upload)/.*\.ph(p[3457]?|t|tml|ar)$
+RedirectMatch 403 ^/main/default_course_document/images/.*\.ph(p[3457]?|t|tml|ar)$
+RedirectMatch 403 ^/main/lang/.*\.ph(p[3457]?|t|tml|ar)$
+RedirectMatch 403 ^/web/css/.*\.ph(p[3457]?|t|tml|ar)$
 
 # http://my.chamilo.net/certificates/?id=123 to http://my.chamilo.net/certificates/index.php?id=123
 RewriteCond %{QUERY_STRING} ^id=(.*)$
diff --git a/documentation/security.html b/documentation/security.html
index 89256ce085..bb1c1d9488 100755
--- a/documentation/security.html
+++ b/documentation/security.html
@@ -138,16 +138,16 @@ This will prevent direct access to your settings and make it seem totally the sa
         rules would have to be at the top of your location rules to take the
         highest priority:
         <pre>
-  location ~ ^/app/(cache|courses|home|logs|upload)/.*\.(php|php4|php5)$ {
+  location ~ ^/app/(cache|courses|home|logs|upload)/.*\.ph(p[3457]?|t|tml|ar)$ {
     deny all;
   }
-  location ~ ^/main/default_course_document/images/.*\.(php|php4|php5)$ {
+  location ~ ^/main/default_course_document/images/.*\.ph(p[3457]?|t|tml|ar)$ {
     deny all;
   }
-  location ~ ^/main/lang/.*\.(php|php4|php5)$ {
+  location ~ ^/main/lang/.*\.ph(p[3457]?|t|tml|ar)$ {
     deny all;
   }
-  location ~ ^/web/css/.*\.(php|php4|php5)$ {
+  location ~ ^/web/css/.*\.ph(p[3457]?|t|tml|ar)$ {
     deny all;
   }
         </pre>