diff --git a/classes/Tools.php b/classes/Tools.php index a6e4b3118..d722d9d68 100644 --- a/classes/Tools.php +++ b/classes/Tools.php @@ -1492,7 +1492,7 @@ class ToolsCore return Tools::getHttpHost(); } - public static function generateHtaccess($path = null, $rewrite_settings = null, $cache_control = null, $specific = '', $disable_multiviews = null, $medias = false) + public static function generateHtaccess($path = null, $rewrite_settings = null, $cache_control = null, $specific = '', $disable_multiviews = null, $medias = false, $disable_modsec = null) { if (defined('PS_INSTALLATION_IN_PROGRESS')) return true; @@ -1505,6 +1505,9 @@ class ToolsCore if (is_null($disable_multiviews)) $disable_multiviews = (int)Configuration::get('PS_HTACCESS_DISABLE_MULTIVIEWS'); + if ($disable_modsec === null) + $disable_modsec = (int)Configuration::get('PS_HTACCESS_DISABLE_MODSEC'); + // Check current content of .htaccess and save all code outside of prestashop comments $specific_before = $specific_after = ''; if (file_exists($path)) @@ -1567,6 +1570,9 @@ class ToolsCore if ($disable_multiviews) fwrite($write_fd, "\n# Disable Multiviews\nOptions -Multiviews\n\n"); + if ($disable_modsec) + fwrite($write_fd, "\nSecFilterEngine Off\nSecFilterScanPOST Off\n"); + fwrite($write_fd, "RewriteEngine on\n"); if (!$medias) diff --git a/controllers/admin/AdminMetaController.php b/controllers/admin/AdminMetaController.php index a20d6ebef..dfc09fa84 100644 --- a/controllers/admin/AdminMetaController.php +++ b/controllers/admin/AdminMetaController.php @@ -75,6 +75,7 @@ class AdminMetaControllerCore extends AdminController $url_description = ''; if ($this->checkConfiguration($this->ht_file)) + { $general_fields['PS_HTACCESS_DISABLE_MULTIVIEWS'] = array( 'title' => $this->l('Disable apache multiviews'), 'desc' => $this->l('Enable this option only if you have problems with URL rewriting.'), @@ -82,6 +83,15 @@ class AdminMetaControllerCore extends AdminController 'cast' => 'intval', 'type' => 'bool', ); + + $general_fields['PS_HTACCESS_DISABLE_MODSEC'] = array( + 'title' => $this->l('Disable apache mod security'), + 'desc' => $this->l('Some features could not work correctly with a specific configuration of apache mod security. We recommend to turn it off.'), + 'validation' => 'isBool', + 'cast' => 'intval', + 'type' => 'bool', + ); + } else { $url_description = $this->l('Before being able to use this tool, you need to:'); @@ -459,7 +469,7 @@ class AdminMetaControllerCore extends AdminController public function updateOptionPsRewritingSettings() { Configuration::updateValue('PS_REWRITING_SETTINGS', (int)Tools::getValue('PS_REWRITING_SETTINGS')); - Tools::generateHtaccess($this->ht_file, null, null, '', Tools::getValue('PS_HTACCESS_DISABLE_MULTIVIEWS')); + Tools::generateHtaccess($this->ht_file, null, null, '', Tools::getValue('PS_HTACCESS_DISABLE_MULTIVIEWS'), false, Tools::getValue('PS_HTACCESS_DISABLE_MODSEC')); Tools::enableCache(); Tools::clearCache($this->context->smarty);