[support] .htaccess in /tmp for Drupal 7?

M. Fioretti mfioretti at nexaima.net
Fri Dec 6 10:48:37 UTC 2013 

On Thu, Dec 05, 2013 23:41:25 PM +0100, augusto fagioli wrote:
> your /tmp should already have a .htaccess, created by drupal itself

hey, you're right, for some reason I was sure Drupal would not do that
itself. Instead it's there, see below. So, should I do something else to it?

Thanks,
Marco


[root at vm log]# more /tmp/.htaccess 
Deny from all

# Turn off all options we don't need.
Options None
Options +FollowSymLinks

# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
  # Override the handler again if we're run later in the evaluation list.
  SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files>

# If we know how to do it safely, disable the PHP engine entirely.
<IfModule mod_php5.c>
  php_flag engine off
</IfModule>
[root at vm log]# ls -l !$
ls -l /tmp/.htaccess
-r--r--r-- 1 apache apache 491 Dec  5 21:07 /tmp/.htaccess


> On Thursday, December 5, 2013, M. Fioretti wrote:
> 
>     Greetings,
> 
>     I'm almost finished (fingers crossed) to update a website I manage to
>     drupal 7.24
> 
>     Everything seems OK and I've already updated the .htaccess files in
>     sites/*/files/ as explained in
> 
>     https://drupal.org/SA-CORE-2013-003
> 
>     The only thing I'm not sure about is where that page says:
> 
>     Additionally, the .htaccess of the temporary files directory and
>     private files directory (if used) should include this command:
> 
>     Deny from all
> 
>     my temporary files directory as shown in
>     /admin/config/media/file-system is /tmp (private file system path is
>     empty). Should I put an ..htaccess in /tmp too???
> 
>     I believe not, but I'd rather have confirmation.
> 
>     Thanks!
>     Marco
> 
> 
>     --
>     [ Drupal support list | http://lists.drupal.org/ ]
> 

-- 

M. Fioretti http://mfioretti.com                   http://stop.zona-m.net

Your own civil rights and the quality of your life heavily depend on how
software is used *around* you

More information about the support mailing list