From 6bb65fb12be30133a13bf807c6245002df6935b5 Mon Sep 17 00:00:00 2001
From: Daniel Rudolf <github.com@daniel-rudolf.de>
Date: Sat, 27 Jan 2018 21:03:45 +0100
Subject: [PATCH] Deny access to composer.phar in .htaccess

This file might be present if users strictly follow our install instructions
 and don't delete it on their own after successfully installing Pico.
---
 .htaccess | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.htaccess b/.htaccess
index b6ca1bd..b3e7685 100644
--- a/.htaccess
+++ b/.htaccess
@@ -5,7 +5,7 @@
 
     # Deny access to internal dirs and files by passing the URL to Pico
     RewriteRule ^(config|content|content-sample|lib|vendor)(/|$) index.php [L]
-    RewriteRule ^(CHANGELOG\.md|composer\.(json|lock))(/|$) index.php [L]
+    RewriteRule ^(CHANGELOG\.md|composer\.(json|lock|phar))(/|$) index.php [L]
     RewriteRule (^\.|/\.)(?!well-known(/|$)) index.php [L]
 
     # Enable URL rewriting