From 94fae0f7a5cc1667c1568de775860f7e4f4f403f Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 23 Jul 2018 16:46:14 +0200
Subject: Whitelist the inclusion of `.phtml` files

This is the extension used by PhpMyAdmin
---
 config/default.rules | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/default.rules b/config/default.rules
index 6cc67e6..2567f08 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -17,10 +17,10 @@ sp.disable_function.function("mail").param("additional_parameters").value_r("\\-
 sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
 
 ##Prevent various `include`-related vulnerabilities
-sp.disable_function.function("require_once").value_r("\.(php|inc)$").allow();
-sp.disable_function.function("include_once").value_r("\.(php|inc)$").allow();
-sp.disable_function.function("require").value_r("\.(php|inc)$").allow();
-sp.disable_function.function("include").value_r("\.(php|inc)$").allow();
+sp.disable_function.function("require_once").value_r("\.(inc|phtml|php)$").allow();
+sp.disable_function.function("include_once").value_r("\.(inc|phtml|php)$").allow();
+sp.disable_function.function("require").value_r("\.(inc|phtml|php)$").allow();
+sp.disable_function.function("include").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("require_once").drop()
 sp.disable_function.function("include_once").drop()
 sp.disable_function.function("require").drop()
-- 
cgit v1.3