Release 7.0.6 - See CHANGELOG.md

tiredofit · tiredofit · commit 68567b0d4c52 · 2022-07-09T08:10:57.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 7.0.6 2022-07-09 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Escape document_root for FastCGI default scripts
+
+
 ## 7.0.5 2022-07-06 <dave at tiredofit dot ca>
 
    ### Changed
diff --git a/install/assets/functions/20-php-fpm b/install/assets/functions/20-php-fpm
@@ -251,37 +251,37 @@ EOF
 phpfpm_configure_site_default() {
     if [ -z "${NGINX_SITE_ENABLED}" ] && [ ! -f "/etc/nginx/sites.available/default.conf" ] && [ -f "/etc/cont-init.d/20-php-fpm" ]; then
         cat <<EOF > /etc/nginx/sites.available/default.conf
-  server {
-     ### Don't Touch This
-     listen ${NGINX_LISTEN_PORT};
-     root ${NGINX_WEBROOT};
-
-     ### Populate your custom directives here
-     index  index.php index.html index.htm;
-
-     location / {
-        try_files \$uri \$uri/ /index.php?\$args;
-      }
-
-     ### Populate your custom directives here
-     location ~ \.php(/|\$) {
-        include /etc/nginx/snippets/php-fpm.conf;
-        fastcgi_split_path_info ^(.+?\.php)(/.+)\$;
-        fastcgi_param PATH_INFO \$fastcgi_path_info;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root\$fastcgi_script_name;
+    server {
+        ### Don't Touch This
+        listen ${NGINX_LISTEN_PORT};
+        root ${NGINX_WEBROOT};
+
+        ### Populate your custom directives here
+        index  index.php index.html index.htm;
+
+        location / {
+            try_files \$uri \$uri/ /index.php?\$args;
+        }
+
+        ### Populate your custom directives here
+        location ~ \.php(/|\$) {
+            include /etc/nginx/snippets/php-fpm.conf;
+            fastcgi_split_path_info ^(.+?\.php)(/.+)\$;
+            fastcgi_param PATH_INFO \$fastcgi_path_info;
+            fastcgi_index index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
+        }
+
+        # Deny access to any files with a .php extension in the uploads directory
+        location ~* /(?:uploads|files)/.*\.php$ {
+            deny all;
+        }
+
+        ### Don't edit past here
+        include /etc/nginx/snippets/site_optimization.conf;
+        include /etc/nginx/snippets/exploit_protection.conf;
     }
-
-     # Deny access to any files with a .php extension in the uploads directory
-     location ~* /(?:uploads|files)/.*\.php$ {
-   	    deny all;
-     }
-
-    ### Don't edit past here
-    include /etc/nginx/snippets/site_optimization.conf;
-    include /etc/nginx/snippets/exploit_protection.conf;
-}
 EOF
         NGINX_SITE_ENABLED=default
         nginx_site_enable default
