Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess
Summary Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardles...