Don't append but set the "Content-Encoding" header value in htaccess.…

…txt (joomla#39205)
alikon · Mar 7, 2023 · 1b763de · 1b763de
1 parent 081afed
commit 1b763de
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 1 deletion.
diff --git a/administrator/components/com_admin/postinstall/htaccesssetce.php b/administrator/components/com_admin/postinstall/htaccesssetce.php
@@ -0,0 +1,30 @@
+<?php
+
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_admin
+ *
+ * @copyright   (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ *
+ * This file contains post-installation message handling for notifying users of a change
+ * in the default .htaccess file regarding setting the Content-Encoding header.
+ */
+
+// phpcs:disable PSR1.Files.SideEffects
+\defined('_JEXEC') or die;
+// phpcs:enable PSR1.Files.SideEffects
+
+/**
+ * Notifies users of a change in the default .htaccess file regarding setting the Content-Encoding header
+ *
+ * This check returns true regardless of condition.
+ *
+ * @return  boolean
+ *
+ * @since   __DEPLOY_VERSION__
+ */
+function admin_postinstall_htaccesssetce_condition()
+{
+    return true;
+}
diff --git a/administrator/components/com_admin/sql/updates/mysql/4.2.9-2023-03-07.sql b/administrator/components/com_admin/sql/updates/mysql/4.2.9-2023-03-07.sql
@@ -0,0 +1,5 @@
+--
+-- Add post-installation message about setting the Content-Encoding header in .htaccess
+--
+INSERT IGNORE INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description_key`, `action_key`, `language_extension`, `language_client_id`, `type`, `action_file`, `action`, `condition_file`, `condition_method`, `version_introduced`, `enabled`)
+SELECT `extension_id`, 'COM_ADMIN_POSTINSTALL_MSG_HTACCESS_SETCE_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_HTACCESS_SETCE_DESCRIPTION', '', 'com_admin', 1, 'message', '', '', 'admin://components/com_admin/postinstall/htaccesssetce.php', 'admin_postinstall_htaccesssetce_condition', '4.2.9', 1 FROM `#__extensions` WHERE `name` = 'files_joomla';
diff --git a/administrator/components/com_admin/sql/updates/postgresql/4.2.9-2023-03-07.sql b/administrator/components/com_admin/sql/updates/postgresql/4.2.9-2023-03-07.sql
@@ -0,0 +1,6 @@
+--
+-- Add post-installation message about setting the Content-Encoding header in .htaccess
+--
+INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description_key", "action_key", "language_extension", "language_client_id", "type", "action_file", "action", "condition_file", "condition_method", "version_introduced", "enabled")
+SELECT "extension_id", 'COM_ADMIN_POSTINSTALL_MSG_HTACCESS_SETCE_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_HTACCESS_SETCE_DESCRIPTION', '', 'com_admin', 1, 'message', '', '', 'admin://components/com_admin/postinstall/htaccesssetce.php', 'admin_postinstall_htaccesssetce_condition', '4.2.9', 1 FROM "#__extensions" WHERE "name" = 'files_joomla'
+ON CONFLICT DO NOTHING;
diff --git a/administrator/language/en-GB/com_admin.ini b/administrator/language/en-GB/com_admin.ini
@@ -141,6 +141,8 @@ COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_DESCRIPTION="<p>For Joomla sites
 COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_TITLE="New Server Setting \"Behind Load Balancer\""
 COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_DESCRIPTION="<p>Before 3.9.22 the default htaccess.txt file contained erroneous code meant for disabling directory listings. The security team recommends to manually apply the necessary changes to any existing .htaccess file, as this file can not be updated automatically.</p><p>The old code:</p><pre>&lt;IfModule autoindex&gt;\n  IndexIgnore *\n&lt;/IfModule&gt;</pre><p>The new code:</p><pre>&lt;IfModule mod_autoindex.c&gt;\n  IndexIgnore *\n&lt;/IfModule&gt;</pre>"
 COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_TITLE=".htaccess Update Concerning Directory Listings"
+COM_ADMIN_POSTINSTALL_MSG_HTACCESS_SETCE_DESCRIPTION="<p>Before 4.2.9 the default htaccess.txt file contained erroneous code for appending the \"Content-Encoding\" HTTP header. This could result in double encoding errors when Joomla is installed in a subdirectory and both this directory and its parent directory contain an .htaccess file with this code. You should manually apply the necessary changes to any existing .htaccess file, as this file can not be updated automatically.</p><p>The old code:</p><pre>Header append Content-Encoding gzip</pre><p>The new code:</p><pre>Header set Content-Encoding gzip</pre>"
+COM_ADMIN_POSTINSTALL_MSG_HTACCESS_SETCE_TITLE=".htaccess Update Concerning Setting the Content-Encoding Header"
 COM_ADMIN_SAVE_SUCCESS="Profile saved."
 COM_ADMIN_SESSION_AUTO_START="Session Auto Start"
 COM_ADMIN_SESSION_SAVE_PATH="Session Save Path"

diff --git a/htaccess.txt b/htaccess.txt
@@ -163,7 +163,7 @@ Options -Indexes
 
 	<FilesMatch "(\.js\.gz|\.css\.gz)$">
 		# Serve correct encoding type.
-		Header append Content-Encoding gzip
+		Header set Content-Encoding gzip
 
 		# Force proxies to cache gzipped &
 		# non-gzipped css/js files separately.