[support] support Digest, Vol 133, Issue 28: SA-CORE-2013-003 after updating from 7.23 to 7.25

Chris McAndrew chris at csmcreative.com
Wed Jan 15 01:58:38 UTC 2014 

The files directory error is just a permissions problem. You need to first
make the private directory in ../private (outside of root). Then chmod that
to 777. For your drupal directories, checkout this article:
https://drupal.org/node/244924. This script rocks. Run it from your server
root, not drupal and follow the directions carefully. This will correct
everything within your drupal directory.
I swear by this. Since the private directory is outside of that, it won't
touch it which is why I do it manually - chmod 777 private. Refresh and
that error will go away.

Chris



* Chr**is McAndrew*
*Interactive Designer & Developer*
*Mobile*: 1-603-498-3864
*email*: <chris at csmcreative.com>chris at csmcreative.com<chris at csmcreative.com?subject=Question+via+email+contact+link>
*Web*: http://csmcreative.com
*Twitter*: @chris_mcandrew <https://twitter.com/chris_mcandrew>
*LinkedIn*: chrismcandrew
<http://linkedin.com/in/chrismcandrew><http://linkedin.com/in/chrismcandrew>


On Tue, Jan 14, 2014 at 1:52 AM, <support-request at drupal.org> wrote:

> Send support mailing list submissions to
>         support at drupal.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.drupal.org/mailman/listinfo/support
> or, via email, send a message with subject or body 'help' to
>         support-request at drupal.org
>
> You can reach the person managing the list at
>         support-owner at drupal.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of support digest..."
>
>
> Today's Topics:
>
>    1. Explicitly using drupal CSS classes in 'external' content
>       (Tim Johnson)
>    2. SA-CORE-2013-003 after updating from 7.23 to 7.25 (Afan)
>    3. Date views (Roger)
>    4. Re: SA-CORE-2013-003 after updating from 7.23 to 7.25
>       (Wong Hoi Sing Edison)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 13 Jan 2014 16:41:49 -0900
> From: Tim Johnson <tim at akwebsoft.com>
> Subject: [support] Explicitly using drupal CSS classes in 'external'
>         content
> To: Drupal Support ML <support at drupal.org>
> Message-ID: <20140114014149.GB2341 at mail.akwebsoft.com>
> Content-Type: text/plain; charset=us-ascii
>
> To define 'external' - I am working on a proof-of-concept for a
> client. I have written a drupal module which renders legacy CGI
> which uses my own python framework, which I have maintained for
> years.  The content is delivered into drupal via jQuery ajax.
>
> This is 'step 1' in migrating this very large legacy project into
> drupal.
>
> The content of the legacy framework is created via a MVC strategy
> using html templates which have hard-coded css classes.
>
> Is there a way to leverage drupal css classes rather than those
> which were 'hand-rolled' for the original?
>
> This is an inquiry rather than a request for help. I would welcome
> any comments [except for "are you crazy?" :) ] and pointers to
> similar discussions and documentations.
>
> IOWS : Is there a "css naming protocol" that is observed accross
> themes?
> --
> Tim
> tim at tee jay forty nine dot com or akwebsoft dot com
> http://www.akwebsoft.com, http://www.tj49.com
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 13 Jan 2014 23:29:30 -0600
> From: Afan <drupal at afan.net>
> Subject: [support] SA-CORE-2013-003 after updating from 7.23 to 7.25
> To: support at drupal.org
> Message-ID: <52D4CB3A.9080502 at afan.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi to all!
> After I updated my Drupal website from 7.23 to 7.25 I'm getting this
>
> Public files directory  Not fully protected
> Seehttp://drupal.org/SA-CORE-2013-003for information about the
> recommended .htaccess file which should be added to
> the/sites/default/files/directory to help protect against arbitrary code
> execution.
>
>
> Temporary files directory       Not fully protected
> Seehttp://drupal.org/SA-CORE-2013-003for information about the
> recommended .htaccess file which should be added to the//tmp/directory
> to help protect against arbitrary code execution.
>
>
> On the https://drupal.org/SA-CORE-2013-003 it said under Solution "...
> upgrade to Drupal core 7.24." In may case it would be downgrade, right?
>
> What should I do?
>
> Thanks for any help,
> Afan
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.drupal.org/pipermail/support/attachments/20140113/f22aa20d/attachment-0001.html
>
> ------------------------------
>
> Message: 3
> Date: Tue, 14 Jan 2014 17:47:07 +1100
> From: Roger <arelem at bigpond.com>
> Subject: [support] Date views
> To: Drupal Support Forum <support at drupal.org>
> Message-ID: <52D4DD6B.702 at bigpond.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> I hope someone can help me with Drupal 7 views.
>
> We have a scenario where events have a lot of repeating dates.
> For instance, one lot of events may occur every  Wednesday for a year
> in various venues or another every third Monday for the year in similar
> venues. There are 100+ events held across a 30+ venues in 5 states every
> week.
> We have many similarly named events and the calendar format is very
> cluttered.
>
> I am having trouble creating a view which displays each event with it's
> appropriate title,  venue and locality as a heading but shows only start
> time and limited from now +up to 7 days. Effectively categorising events
> to a venue/state.
>
> Event name, Venue Locality and State are taxonomy terms. States have
> many venues. Event name has many venues.
>
> No matter what I do the view shows redundant data - previous dates for
> past weeks and future dates for a month or so. And will not categorise
> event names to a venue or locality.
>
> It filters on
> term from field_event_venue: Field state
> title,
> field_event_date = now,
> Published,
> Venue.
>
> Sorted on Date - start date(asc)
>
> Taxonomy
> Locality is grouped to State
> Venue is grouped to  Locality and to State
>
> Most perplexed
> Help is greatly appreciated
> Roger
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 14 Jan 2014 14:52:39 +0800
> From: Wong Hoi Sing Edison <hswong3i at gmail.com>
> Subject: Re: [support] SA-CORE-2013-003 after updating from 7.23 to
>         7.25
> To: support at drupal.org
> Message-ID: <52D4DEB7.2000107 at gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> If you didn't take any custom changes to your public://.htaccess,
> private://.htaccess and temporary://.htaccess, just simply delete these
> 3 files and Drupal >= 7.24 will regenerate a correct file for you.
> Don't need to downgrade as 7.24.
>
> On Tuesday, January 14, 2014 01:29 PM, Afan wrote:
> > Hi to all!
> > After I updated my Drupal website from 7.23 to 7.25 I'm getting this
> >
> > Public files directory        Not fully protected
> > See http://drupal.org/SA-CORE-2013-003 for information about the
> > recommended .htaccess file which should be added to
> > the /sites/default/files/ directory to help protect against arbitrary
> > code execution.
> >
> >
> > Temporary files directory     Not fully protected
> > See http://drupal.org/SA-CORE-2013-003 for information about the
> > recommended .htaccess file which should be added to
> > the //tmp/ directory to help protect against arbitrary code execution.
> >
> >
> > On the https://drupal.org/SA-CORE-2013-003 it said under Solution "...
> > upgrade to Drupal core 7.24." In may case it would be downgrade, right?
> >
> > What should I do?
> >
> > Thanks for any help,
> > Afan
> >
> >
>
> --
>
> Edison Wong
> hswong3i at gmail.com <mailto:hswong3i at gmail.com>
> http://edin.no-ip.com/
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.drupal.org/pipermail/support/attachments/20140114/a98981ad/attachment.html
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 595 bytes
> Desc: OpenPGP digital signature
> Url :
> http://lists.drupal.org/pipermail/support/attachments/20140114/a98981ad/attachment.bin
>
> ------------------------------
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
> End of support Digest, Vol 133, Issue 28
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20140114/3c97d817/attachment.html

More information about the support mailing list