function htaccess_update_7201 in Htaccess 7.2

Update htaccess profiles : Prevent browsers from sniffing a response and picking a MIME type different from the declared content-type, since that can lead to XSS and other vulnerabilities.

File

./htaccess.install, line 137

Htaccess module install file.

Code

function htaccess_update_7201() {
  $updated_rules = PHP_EOL;
  $updated_rules .= "# Add headers to all responses." . PHP_EOL;
  $updated_rules .= "<IfModule mod_headers.c>" . PHP_EOL;
  $updated_rules .= "# Disable content sniffing, since it's an attack vector." . PHP_EOL;
  $updated_rules .= "Header always set X-Content-Type-Options nosniff" . PHP_EOL;
  $updated_rules .= "</IfModule>" . PHP_EOL;

  // Get all htacess profiles
  $htaccess_profiles = db_select('htaccess', 'h')
    ->fields('h')
    ->execute()
    ->fetchAll();

  // Update the htacess profiles
  foreach ($htaccess_profiles as $key => $htaccess_profile) {
    $rules = $htaccess_profiles[$key]->htaccess . $updated_rules;
    db_update('htaccess')
      ->fields(array(
      'htaccess' => $rules,
    ))
      ->condition('id', $htaccess_profiles[$key]->id, '=')
      ->execute();
  }
  return t('All htaccess profiles have been updated correctly. You have to re-deploy your current htaccess profile.');
}