[support] .htaccess in /tmp for Drupal 7?
M. Fioretti
mfioretti at nexaima.net
Fri Dec 6 10:48:37 UTC 2013
On Thu, Dec 05, 2013 23:41:25 PM +0100, augusto fagioli wrote:
> your /tmp should already have a .htaccess, created by drupal itself
hey, you're right, for some reason I was sure Drupal would not do that
itself. Instead it's there, see below. So, should I do something else to it?
Thanks,
Marco
[root at vm log]# more /tmp/.htaccess
Deny from all
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files>
# If we know how to do it safely, disable the PHP engine entirely.
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
[root at vm log]# ls -l !$
ls -l /tmp/.htaccess
-r--r--r-- 1 apache apache 491 Dec 5 21:07 /tmp/.htaccess
> On Thursday, December 5, 2013, M. Fioretti wrote:
>
> Greetings,
>
> I'm almost finished (fingers crossed) to update a website I manage to
> drupal 7.24
>
> Everything seems OK and I've already updated the .htaccess files in
> sites/*/files/ as explained in
>
> https://drupal.org/SA-CORE-2013-003
>
> The only thing I'm not sure about is where that page says:
>
> Additionally, the .htaccess of the temporary files directory and
> private files directory (if used) should include this command:
>
> Deny from all
>
> my temporary files directory as shown in
> /admin/config/media/file-system is /tmp (private file system path is
> empty). Should I put an ..htaccess in /tmp too???
>
> I believe not, but I'd rather have confirmation.
>
> Thanks!
> Marco
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
--
M. Fioretti http://mfioretti.com http://stop.zona-m.net
Your own civil rights and the quality of your life heavily depend on how
software is used *around* you
More information about the support
mailing list