diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2007-01-04 07:13:50 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2007-01-04 07:13:50 +0000 |
| commit | 1fee60766ed28d916ee139a3266544f4dd899e68 (patch) | |
| tree | d736a94c28717c9291b6829f7708b741737cc12e /includes/file.inc | |
| parent | 2c449c8eb2de495aae86d007afa786506165a6ff (diff) | |
| download | brdo-1fee60766ed28d916ee139a3266544f4dd899e68.tar.gz brdo-1fee60766ed28d916ee139a3266544f4dd899e68.tar.bz2 | |
#86737: Security htaccess fix needs to be created with group permissions set.
Diffstat (limited to 'includes/file.inc')
| -rw-r--r-- | includes/file.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/includes/file.inc b/includes/file.inc index b24076b1f..0b58edb4b 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -116,6 +116,7 @@ function file_check_directory(&$directory, $mode = 0, $form_item = NULL) { $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks"; if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) { fclose($fp); + chmod($directory .'/.htaccess', 0664); } else { $message = t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", array('%directory' => $directory, '!htaccess' => '<br />'. nl2br(check_plain($htaccess_lines)))); |