From b9f4dee1004c9ce285d4c9058bcad4fdb538ccd8 Mon Sep 17 00:00:00 2001
From: bkraul <bkraul@belmankraul.com>
Date: Thu, 31 Oct 2019 11:47:52 -0500
Subject: [PATCH] Patched CVE-2019-11043

---
 nginx.conf | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nginx.conf b/nginx.conf
index 8574a70..3323d79 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -55,7 +55,8 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
-	add_header Referrer-Policy no-referrer always;
+	    add_header Referrer-Policy no-referrer always;
+        add_header X-Frame-Options "SAMEORIGIN";
 
         root /var/www/html;
 
@@ -95,7 +96,7 @@ http {
         #pagespeed off;
 
         location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php;
         }
 
         location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
@@ -108,6 +109,7 @@ http {
         location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
             fastcgi_split_path_info ^(.+\.php)(/.*)$;
             include fastcgi_params;
+            try_files $fastcgi_script_name =404;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             fastcgi_param PATH_INFO $fastcgi_path_info;
             # fastcgi_param HTTPS on;