From cfc7cfd53ba6e0cf021297e101cba23b74ac878b Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 20 Jan 2024 00:27:11 +0900
Subject: [PATCH] Block direct access to cached files in files/faceOff

---
 .htaccess                                            | 2 +-
 common/manual/server_config/rhymix-nginx-subdir.conf | 2 +-
 common/manual/server_config/rhymix-nginx.conf        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.htaccess b/.htaccess
index 0495b6dda..a160d6cbd 100644
--- a/.htaccess
+++ b/.htaccess
@@ -2,7 +2,7 @@ RewriteEngine On
 
 # block direct access to templates, XML schema files, config files, dotfiles, environment, etc.
 RewriteCond %{REQUEST_URI} !/modules/editor/(skins|styles)/
-RewriteRule ^(addons|common/tpl|files/ruleset|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml|blade\.php)$ - [L,F]
+RewriteRule ^(addons|common/tpl|files/(faceOff|ruleset)|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml|blade\.php)$ - [L,F]
 RewriteRule ^files/(attach|config|cache)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ - [L,F]
 RewriteRule ^files/(env|member_extra_info/(new_message_flags|point))/ - [L,F]
 RewriteRule ^(\.git|\.ht|\.travis|codeception\.|composer\.|Gruntfile\.js|package\.json|CONTRIBUTING|COPYRIGHT|LICENSE|README) - [L,F]
diff --git a/common/manual/server_config/rhymix-nginx-subdir.conf b/common/manual/server_config/rhymix-nginx-subdir.conf
index 91e3b01d7..60b71e731 100644
--- a/common/manual/server_config/rhymix-nginx-subdir.conf
+++ b/common/manual/server_config/rhymix-nginx-subdir.conf
@@ -2,7 +2,7 @@
 location ~ ^/rhymix/modules/editor/(skins|styles)/.+\.html$ {
 	# pass
 }
-location ~ ^/rhymix/(addons|common/tpl|files/ruleset|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml|blade\.php)$ {
+location ~ ^/rhymix/(addons|common/tpl|files/(faceOff|ruleset)|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml|blade\.php)$ {
 	return 403;
 }
 location ~ ^/rhymix/files/(attach|config|cache)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ {
diff --git a/common/manual/server_config/rhymix-nginx.conf b/common/manual/server_config/rhymix-nginx.conf
index 64ae57e3b..5909e362f 100644
--- a/common/manual/server_config/rhymix-nginx.conf
+++ b/common/manual/server_config/rhymix-nginx.conf
@@ -2,7 +2,7 @@
 location ~ ^/modules/editor/(skins|styles)/.+\.html$ {
 	# pass
 }
-location ~ ^/(addons|common/tpl|files/ruleset|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml|blade\.php)$ {
+location ~ ^/(addons|common/tpl|files/(faceOff|ruleset)|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml|blade\.php)$ {
 	return 403;
 }
 location ~ ^/files/(attach|config|cache)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ {