On Thu, Dec 05, 2013 23:41:25 PM +0100, augusto fagioli wrote:
your /tmp should already have a .htaccess, created by drupal itself
hey, you're right, for some reason I was sure Drupal would not do that itself. Instead it's there, see below. So, should I do something else to it? Thanks, Marco [root@vm log]# more /tmp/.htaccess Deny from all # Turn off all options we don't need. Options None Options +FollowSymLinks # Set the catch-all handler to prevent scripts from being executed. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 <Files *> # Override the handler again if we're run later in the evaluation list. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 </Files> # If we know how to do it safely, disable the PHP engine entirely. <IfModule mod_php5.c> php_flag engine off </IfModule> [root@vm log]# ls -l !$ ls -l /tmp/.htaccess -r--r--r-- 1 apache apache 491 Dec 5 21:07 /tmp/.htaccess
On Thursday, December 5, 2013, M. Fioretti wrote:
Greetings,
I'm almost finished (fingers crossed) to update a website I manage to drupal 7.24
Everything seems OK and I've already updated the .htaccess files in sites/*/files/ as explained in
https://drupal.org/SA-CORE-2013-003
The only thing I'm not sure about is where that page says:
Additionally, the .htaccess of the temporary files directory and private files directory (if used) should include this command:
Deny from all
my temporary files directory as shown in /admin/config/media/file-system is /tmp (private file system path is empty). Should I put an ..htaccess in /tmp too???
I believe not, but I'd rather have confirmation.
Thanks! Marco
-- [ Drupal support list | http://lists.drupal.org/ ]
-- M. Fioretti http://mfioretti.com http://stop.zona-m.net Your own civil rights and the quality of your life heavily depend on how software is used *around* you