Description:

refs #17577

This is not a full solution yet for this issue but it may improve things for the next patch release by detecting redirects a bit better for the config file.

Added FAQ with more information: https://matomo.org/faq/troubleshooting/how-do-i-fix-the-error-private-directories-are-accessible/ as users currently wouldn't know what to do. It's far from perfect but we can tweak it over time and provides more information for now.

Also now blocking .git directory automatically if it exists. Would be otherwise complicated to explain how to do it. Not sure why we didn't do it earlier.

Also added new command core:create-security-files to create these files automatically if Matomo does not have the permissions to do it automatically (see the FAQ). Initially, I had added the creation of these files to the diagnostics:run command (or when you open system report) but this would have caused issues as they would have potentially never noticed that they need to create these files after every update etc (because the security files would be created when viewing the system report but it would not show there was a problem between updating Matomo and viewing the report :-) ). Using this command it makes it easier for users to tell them in the guide how they can fix the issue.

I will leave a comment about this in the issue what needs further tweaking.

replaces #17604

Review

• Functional review done
• Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
• Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
• Security review done see checklist
• Code review done
• Tests were added if useful/possible
• Reviewed for breaking changes
• Developer changelog updated if needed
• Documentation added if needed
• Existing documentation updated if needed