From 86bced910a28ccf21e7958c9166856ad6f09aa0d Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Fri, 20 Jan 2023 14:18:55 +0000
Subject: Issue #3191389 by anmolgoyal74, greggles, larowlan, mcdruid,
 pwolanin, brayfe: File Inclusion issue security hardening

---
 .ht.router.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to '.ht.router.php')

diff --git a/.ht.router.php b/.ht.router.php
index 054f7119b0e..2c8a6f6ac35 100644
--- a/.ht.router.php
+++ b/.ht.router.php
@@ -24,6 +24,12 @@
  * @see http://php.net/manual/en/features.commandline.webserver.php
  */
 
+if (PHP_SAPI !== 'cli-server') {
+  // Bail out if this is not PHP's Development Server.
+  header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+  exit;
+}
+
 $url = parse_url($_SERVER['REQUEST_URI']);
 if (file_exists(__DIR__ . $url['path'])) {
   // Serve the requested resource as-is.
-- 
cgit v1.2.3