Remediate other vulns

.htaccess

@@ -1 +1,2 @@
 RedirectMatch 404 /\.git
+

inc/header.inc.php

@@ -82,6 +82,7 @@
     $timenow = $timeplus->format('Y-m-d H:i:s');
       header("X-Frame-Options: SAMEORIGIN");
       header("X-Content-Type-Options: nosniff");
+      header("Content-Security-Policy: default-src 'self'; script-src 'self'");
       //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
       if (!empty($_GET['a'])) {
         echo '<pre>' . print_r($_POST, true) . '</pre>';

src/index.php

@@ -15,4 +15,13 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
+    ini_set('session.gc_maxlifetime', 24*60*60);                                // MIN SESSION
+    ini_set('session.gc_probability', 1);                                       // GC RATES
+    ini_set('session.gc_divisor', 100);                                         // TIMES
+    ini_set('session.use_cookies', '1');
+    ini_set('session.use_only_cookies', '1');
+    ini_set('session.cookie_secure', '0');
+    ini_set('session.cookie_httponly', '0');
+    ini_set('session.cookie_samesite', 'Lax');
 
+    

webfonts/index.php

@@ -15,4 +15,13 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
+    ini_set('session.gc_maxlifetime', 24*60*60);                                // MIN SESSION
+    ini_set('session.gc_probability', 1);                                       // GC RATES
+    ini_set('session.gc_divisor', 100);                                         // TIMES
+    ini_set('session.use_cookies', '1');
+    ini_set('session.use_only_cookies', '1');
+    ini_set('session.cookie_secure', '0');
+    ini_set('session.cookie_httponly', '0');
+    ini_set('session.cookie_samesite', 'Lax');
 
+