From 1fee60766ed28d916ee139a3266544f4dd899e68 Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Thu, 4 Jan 2007 07:13:50 +0000
Subject: #86737: Security htaccess fix needs to be created with group
 permissions set.

---
 includes/file.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'includes')

diff --git a/includes/file.inc b/includes/file.inc
index b24076b1f..0b58edb4b 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -116,6 +116,7 @@ function file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
     $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
     if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
       fclose($fp);
+      chmod($directory .'/.htaccess', 0664);
     }
     else {
       $message = t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", array('%directory' => $directory, '!htaccess' => '<br />'. nl2br(check_plain($htaccess_lines))));
-- 
cgit v1.2.3