Properly filter public/cgi-bin

CHANGELOG

 CHANGELOG
 ---------
 
+2020-09-23
+  sympl-core
+    * Properly filter public/cgi-bin
+
 2020-09-09
   sympl-web
     * Fixes incorrect filename for log files (#296)

core/debian/changelog

+sympl-core (9.0.200923.0) stable; urgency=medium
+ 
+  * Properly filter public/cgi-bin
+
+ -- Paul Cammish <sympl@kelduum.net>  Wed, 23 Sep 2020 13:50:11 +0100
+ 
 sympl-core (9.200909.0) stable; urgency=medium
  
   * sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)

core/sbin/sympl-filesystem-security

@@ -68,8 +68,8 @@ function secure_domain_dir()
     # Enforce permissions for /srv/example.org/public, /php_sessions, /php_tmp
     #   but exclude changing any permissions inside public/cgi-bin
 
-    find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
-    find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
+    find "${domain}/public" ! -path "${domain}/public/cgi-bin/*" \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
+    find "${domain}/public" ! -path "${domain}/public/cgi-bin/*" \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
 
     if [ -d "${domain}/php_sessions" ]; then