function htaccess_update_7201 in Htaccess 7.2
Update htaccess profiles : Prevent browsers from sniffing a response and picking a MIME type different from the declared content-type, since that can lead to XSS and other vulnerabilities.
File
- ./
htaccess.install, line 137 - Htaccess module install file.
Code
function htaccess_update_7201() {
$updated_rules = PHP_EOL;
$updated_rules .= "# Add headers to all responses." . PHP_EOL;
$updated_rules .= "<IfModule mod_headers.c>" . PHP_EOL;
$updated_rules .= "# Disable content sniffing, since it's an attack vector." . PHP_EOL;
$updated_rules .= "Header always set X-Content-Type-Options nosniff" . PHP_EOL;
$updated_rules .= "</IfModule>" . PHP_EOL;
// Get all htacess profiles
$htaccess_profiles = db_select('htaccess', 'h')
->fields('h')
->execute()
->fetchAll();
// Update the htacess profiles
foreach ($htaccess_profiles as $key => $htaccess_profile) {
$rules = $htaccess_profiles[$key]->htaccess . $updated_rules;
db_update('htaccess')
->fields(array(
'htaccess' => $rules,
))
->condition('id', $htaccess_profiles[$key]->id, '=')
->execute();
}
return t('All htaccess profiles have been updated correctly. You have to re-deploy your current htaccess profile.');
}