Also note that the announcement is not too clear about Drupal 4.7.1 needing a database update but 4.6.7 not. Gabor Bèr Kessels wrote:
Can I then opt for the following addition to that frontpage post?
... upgrade, it is a good idea to back up your site and database first.
The .htaccess containing the line <code>SetHandler This_is_a_Drupal_security_line_do_not_remove</code> is a security measure that disallows executing of any files in your files/ directory. If, for example, someone uploads a php file, this SetHandler rule will make sure it cannot be executed from the web.
No API or database changes have been made since ...
Op donderdag 25 mei 2006 11:11, schreef Dries Buytaert:
On 25 May 2006, at 10:54, Bèr Kessels wrote:
Op donderdag 25 mei 2006 06:07, schreef Angela Byron:
This includes two critical security fixes. Please see the announcement here: http://drupal.org/node/65351
Note: I am only announcing because I'm the only one up at this hour. ;) Big thanks go to chx, Heine, and everyone else involved in helping out to solve this problem.
I am rather confused by the .htaccess-in-your-files directory. If someone can explain me: * The reason for this measure * The concept behind this SetHandler I will write an update to clarify this for all others who do not understand it too.
See also: http://drupal.org/node/65439.
-- Dries Buytaert :: http://www.buytaert.net/