From b888d81a4f47597c4148c9769efdf61ce1ef6b52 Mon Sep 17 00:00:00 2001
From: anonymoususer72041
 <247563575+anonymoususer72041@users.noreply.github.com>
Date: Wed, 3 Jun 2026 12:47:23 +0200
Subject: [PATCH 1/2] Deny direct web access to temporary files

---
 .gitignore     |  1 +
 temp/.htaccess | 10 ++++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 temp/.htaccess

diff --git a/.gitignore b/.gitignore
index 21eec71e7..0d8cd20ed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ docker/persist/*
 vendor/*
 attachments/*
 temp/*
+!temp/.htaccess
 uploads/*
 # Ignore Mac DS_Store files
 .DS_Store
diff --git a/temp/.htaccess b/temp/.htaccess
new file mode 100644
index 000000000..b83c671bb
--- /dev/null
+++ b/temp/.htaccess
@@ -0,0 +1,10 @@
+Options -ExecCGI -Indexes
+
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
+<IfModule !mod_authz_core.c>
+    Order deny,allow
+    Deny from all
+</IfModule>

From ab2c959b671fe78afca9811d55e9323117cd387e Mon Sep 17 00:00:00 2001
From: anonymoususer72041
 <247563575+anonymoususer72041@users.noreply.github.com>
Date: Wed, 3 Jun 2026 12:47:42 +0200
Subject: [PATCH 2/2] Remove obsolete temp/empty placeholder

---
 temp/empty | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 temp/empty

diff --git a/temp/empty b/temp/empty
deleted file mode 100644
index e69de29bb..000000000