Merge remote-tracking branch 'origin/main' into staging/1.5.4

install/deb/templates/web/nginx/php-fpm/drupal-composer.stpl

@@ -30,21 +30,11 @@ server {
         access_log off;
     }
 
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ ^/sites/.*/private/ {
         deny all;
         return 404;
     }
 
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ /\.(?!well-known\/) {
         deny all;
         return 404;
@@ -57,7 +47,17 @@ server {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
-
+        
+        location ~ \..*/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
         location ~ [^/]\.php(/|$)|^/update.php {
             fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

install/deb/templates/web/nginx/php-fpm/drupal-composer.tpl

@@ -25,20 +25,11 @@ server {
         access_log off;
     }
 
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ ^/sites/.*/private/ {
         deny all;
         return 404;
     }
 
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
 
     location ~ /\.(?!well-known\/) {
         deny all;
@@ -53,6 +44,16 @@ server {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~ \..*/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+            return 404;
+        }
 
         location ~ [^/]\.php(/|$)|^/update.php {
             fastcgi_split_path_info ^(.+?\.php)(|/.*)$;

install/deb/templates/web/nginx/php-fpm/drupal-social.stpl

@@ -30,21 +30,11 @@ server {
         access_log off;
     }
 
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ ^/sites/.*/private/ {
         deny all;
         return 404;
     }
 
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ /\.(?!well-known\/) {
         deny all;
         return 404;
@@ -57,6 +47,16 @@ server {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~ \..*/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+            return 404;
+        }
 
         location ~ [^/]\.php(/|$)|^/update.php {
             fastcgi_split_path_info ^(.+?\.php)(|/.*)$;

install/deb/templates/web/nginx/php-fpm/drupal-social.tpl

@@ -25,21 +25,11 @@ server {
         access_log off;
     }
 
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ ^/sites/.*/private/ {
         deny all;
         return 404;
     }
 
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ /\.(?!well-known\/) {
         deny all;
         return 404;
@@ -53,6 +43,16 @@ server {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~ \..*/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+            return 404;
+        }
 
         location ~ [^/]\.php(/|$)|^/update.php {
             fastcgi_split_path_info ^(.+?\.php)(|/.*)$;

install/deb/templates/web/nginx/php-fpm/drupal.stpl

@@ -34,22 +34,12 @@ server {
         deny all;
         return 404;
     }
-
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
+    
     location ~ ^/sites/.*/private/ {
         deny all;
         return 404;
     }
 
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ /vendor/.*\.php$ {
         deny all;
         return 404;
@@ -67,7 +57,17 @@ server {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
-
+        
+        location ~ \..*/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
         location ~ [^/]\.php(/|$)|^/update.php {
             fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

install/deb/templates/web/nginx/php-fpm/drupal.tpl

@@ -30,21 +30,11 @@ server {
         return 404;
     }
 
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ ^/sites/.*/private/ {
         deny all;
         return 404;
     }
 
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ /vendor/.*\.php$ {
         deny all;
         return 404;
@@ -63,6 +53,16 @@ server {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~ \..*/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+            return 404;
+        }
 
         location ~ [^/]\.php(/|$)|^/update.php {
             fastcgi_split_path_info ^(.+?\.php)(|/.*)$;

install/deb/templates/web/nginx/php-fpm/joomla.stpl

@@ -34,18 +34,18 @@ server {
         deny all;
         return 404;
     }
-
-    location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
-        deny all;
-        return 404;
-    }
-
     location / {
         try_files $uri $uri/ /index.php?$args;
         location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
+            deny all;
+            return 404;
+        }
+        
 
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

install/deb/templates/web/nginx/php-fpm/joomla.tpl

@@ -30,17 +30,17 @@ server {
         return 404;
     }
 
-    location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
-        deny all;
-        return 404;
-    }
-
     location / {
         try_files $uri $uri/ /index.php?$args;
         location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
+            deny all;
+            return 404;
+        }
 
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

install/deb/templates/web/nginx/php-fpm/moodle.stpl

@@ -37,10 +37,6 @@ server {
         deny all;
     }
 
-    location ~ \..*/.*\.php$ {
-        return 403;
-    }
-
     # No no for private
     location ~ ^/sites/.*/private/ {
         return 403;
@@ -51,6 +47,10 @@ server {
             expires     max;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~ \..*/.*\.php$ {
+            return 403;
+        }
 
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

install/deb/templates/web/nginx/php-fpm/moodle.tpl

@@ -33,10 +33,6 @@ server {
         deny all;
     }
 
-    location ~ \..*/.*\.php$ {
-        return 403;
-        }
-
     # No no for private
     location ~ ^/sites/.*/private/ {
         return 403;
@@ -47,6 +43,10 @@ server {
             expires     max;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~ \..*/.*\.php$ {
+        return 403;
+        }
 
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

install/deb/templates/web/nginx/php-fpm/thunder.stpl

@@ -25,21 +25,11 @@ server {
         access_log off;
     }
 
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ ^/sites/.*/private/ {
         deny all;
         return 404;
     }
 
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ /\.(?!well-known\/) {
         deny all;
         return 404;
@@ -53,6 +43,16 @@ server {
             fastcgi_hide_header "Set-Cookie";
         }
 
+        location ~ \..*/.*\.php$ {
+            deny all;
+            return 404;
+        }
+
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+            return 404;
+        }
+        
         location ~ [^/]\.php(/|$)|^/update.php {
             fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

install/deb/templates/web/nginx/php-fpm/thunder.tpl

@@ -19,22 +19,12 @@ server {
         log_not_found off;
         access_log off;
     }
-
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
+    
     location ~ ^/sites/.*/private/ {
         deny all;
         return 404;
     }
 
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
     location ~ /\.(?!well-known\/) {
         deny all;
         return 404;
@@ -48,6 +38,16 @@ server {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
+        
+        location ~ \..*/.*\.php$ {
+            deny all;
+            return 404;
+        }
+
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+            return 404;
+        }
 
         location ~ [^/]\.php(/|$)|^/update.php {
             fastcgi_split_path_info ^(.+?\.php)(|/.*)$;

install/deb/templates/web/nginx/php-fpm/wordpress.stpl

@@ -35,18 +35,18 @@ server {
         return 404;
     }
 
-    location ~* /(?:uploads|files)/.*.php$ {
-        deny all;
-        return 404;
-    }
-
     location / {
         try_files $uri $uri/ /index.php?$args;
         location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
-
+        
+        location ~* /(?:uploads|files)/.*.php$ {
+            deny all;
+            return 404;
+        }
+        
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             try_files $uri =404;

install/deb/templates/web/nginx/php-fpm/wordpress.tpl

@@ -30,18 +30,18 @@ server {
         return 404;
     }
 
-    location ~* /(?:uploads|files)/.*.php$ {
-        deny all;
-        return 404;
-    }
-
     location / {
         try_files $uri $uri/ /index.php?$args;
         location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
-
+        
+        location ~* /(?:uploads|files)/.*.php$ {
+            deny all;
+            return 404;
+        }
+        
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             try_files $uri =404;