Hi Marco,
I put a htaccess file with 'Deny from all' added to the last line, into /tmp as explained (Drupal 6) It was an empty directory. Then I ran the Status report. I see the Temporary files directory----not fully protected. So I'm wondering if I've placed 'Deny from all' on the wrong line in the htaccess file?
Nothing else appears strange.
Howard
On 6 December 2013 06:29, M. Fioretti mfioretti@nexaima.net wrote:
Greetings,
I'm almost finished (fingers crossed) to update a website I manage to drupal 7.24
Everything seems OK and I've already updated the .htaccess files in sites/*/files/ as explained in
https://drupal.org/SA-CORE-2013-003
The only thing I'm not sure about is where that page says:
Additionally, the .htaccess of the temporary files directory and private files directory (if used) should include this command:
Deny from all
my temporary files directory as shown in /admin/config/media/file-system is /tmp (private file system path is empty). Should I put an ..htaccess in /tmp too???
I believe not, but I'd rather have confirmation.
Thanks! Marco
-- [ Drupal support list | http://lists.drupal.org/ ]