[development] Drupal 4.6.7 and 4.7.1 released

Bèr Kessels ber at webschuur.com
Thu May 25 10:00:27 UTC 2006


Can I then opt for the following addition to that frontpage post?

... upgrade, it is a good idea to back up your site and database first.

The .htaccess containing the line <code>SetHandler 
This_is_a_Drupal_security_line_do_not_remove</code> is a security measure 
that disallows executing of any files in your files/ directory. If, for 
example, someone uploads a php file, this SetHandler rule will make sure it 
cannot be executed from the web.

No API or database changes have been made since ...




Op donderdag 25 mei 2006 11:11, schreef Dries Buytaert:
> On 25 May 2006, at 10:54, Bèr Kessels wrote:
> > Op donderdag 25 mei 2006 06:07, schreef Angela Byron:
> >> This includes two critical security fixes. Please see the
> >> announcement
> >> here: http://drupal.org/node/65351
> >>
> >> Note: I am only announcing because I'm the only one up at this
> >> hour. ;)
> >> Big thanks go to chx, Heine, and everyone else involved in helping
> >> out
> >> to solve this problem.
> >
> > I am rather confused by the .htaccess-in-your-files directory.
> > If someone can explain me:
> >  * The reason for this measure
> >  * The concept behind this SetHandler
> > I will write an update to clarify this for all others who do not
> > understand it
> > too.
>
> See also: http://drupal.org/node/65439.
>
> --
> Dries Buytaert  ::  http://www.buytaert.net/

-- 
| Bèr Kessels | webschuur.com | website development |
| Jabber & Google Talk: ber at jabber.webschuur.com
| http://bler.webschuur.com | http://www.webschuur.com |


CVS onder de knie krijgen:
 http://help.sympal.nl/cvs_onder_de_knie_krijgen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20060525/56e21da4/attachment-0001.pgp


More information about the development mailing list