[Security] protect .user.ini files

[interfasys]

Just like .htaccess files, .user.ini files need to be protected so that they can't be read through the browser.
This needs to be added somewhere when PHP-FPM is turned on in CB.

#
# The following lines prevent ..user.ini files from being
# viewed by Web clients.
#
<Files ".user.ini">
    Require all denied
</Files>

 

[smtalk]

Thank you for the report, it will be included into the next release of CB 2.0

 

[interfasys]

Thanks! \o/