diff options
| author | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-05-25 01:33:53 +0000 |
|---|---|---|
| committer | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-05-25 01:33:53 +0000 |
| commit | be6b7b0f1dcbb861115a385b07f8c814a2b40a1a (patch) | |
| tree | 9a138b2264dfbfc26e38411b025629574cca5128 /includes | |
| parent | 369c776c4c7a4187a075fafd429e515ba6325e97 (diff) | |
| download | brdo-be6b7b0f1dcbb861115a385b07f8c814a2b40a1a.tar.gz brdo-be6b7b0f1dcbb861115a385b07f8c814a2b40a1a.tar.bz2 | |
prevent execution of scripts from files directory
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/file.inc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/includes/file.inc b/includes/file.inc index 51012e45f..802df5656 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -112,6 +112,18 @@ function file_check_directory(&$directory, $mode = 0, $form_item = NULL) { } } + if ((file_directory_path() == $directory || file_directory_temp() == $directory) && !is_file("$directory/.htaccess")) { + if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, 'SetHandler This_is_a_Drupal_security_line_do_not_remove')) { + fclose($fp); + } + else { + $message = t("Security warning: Couldn't write .htaccess. Please create a .htaccess file in your %directory directory which contains the following line: <code>SetHandler This_is_a_Drupal_security_line_do_not_remove</code>", array('%directory' => $directory)); + form_set_error($form_item, $message); + watchdog('file system', $message, WATCHDOG_ERROR); + } + } + + return true; } |