Skip to content
Snippets Groups Projects
Commit dc736e72 authored by catch's avatar catch
Browse files

Issue #1269780 by hswong3i, damien_vancouver, Agileware, ricardoamaro,... 

Issue #1269780 by hswong3i, damien_vancouver, Agileware, ricardoamaro, alexpott, axel.rutz, yannickoo: Remove symlinks option from .htaccess
parent 2358408c
No related branches found
No related tags found
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
Hide whitespace changes
Inline Side-by-side
.htaccess
+ 0
3
View file @ dc736e72
......@@ -15,9 +15,6 @@
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Set the default handler.
DirectoryIndex index.php index.html index.htm
......
core/lib/Drupal/Component/PhpStorage/FileStorage.php
+ 1
2
View file @ dc736e72
......@@ -79,8 +79,7 @@ public function save($name, $code) {
public static function htaccessLines($private = TRUE) {
$lines = <<<EOF
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
Options -Indexes -ExecCGI -Includes -MultiViews
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
......
core/modules/system/src/Tests/File/HtaccessUnitTest.php
+ 3
6
View file @ dc736e72
......@@ -40,8 +40,7 @@ function testHtaccessSave() {
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
$this->assertFalse(strpos($content, "Require all denied") !== FALSE);
$this->assertFalse(strpos($content, "Deny from all") !== FALSE);
$this->assertTrue(strpos($content, "Options None") !== FALSE);
$this->assertTrue(strpos($content, "Options +FollowSymLinks") !== FALSE);
$this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
$this->assertFilePermissions($public . '/.htaccess', 0444);
......@@ -54,8 +53,7 @@ function testHtaccessSave() {
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
$this->assertTrue(strpos($content, "Require all denied") !== FALSE);
$this->assertTrue(strpos($content, "Deny from all") !== FALSE);
$this->assertTrue(strpos($content, "Options None") !== FALSE);
$this->assertTrue(strpos($content, "Options +FollowSymLinks") !== FALSE);
$this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
$this->assertFilePermissions($private . '/.htaccess', 0444);
......@@ -68,8 +66,7 @@ function testHtaccessSave() {
$this->assertTrue(strpos($content,"SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
$this->assertTrue(strpos($content, "Require all denied") !== FALSE);
$this->assertTrue(strpos($content,"Deny from all") !== FALSE);
$this->assertTrue(strpos($content,"Options None") !== FALSE);
$this->assertTrue(strpos($content,"Options +FollowSymLinks") !== FALSE);
$this->assertTrue(strpos($content,"Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
$this->assertFilePermissions($stream . '/.htaccess', 0444);
......
vendor/.htaccess
+ 1
2
View file @ dc736e72
......@@ -8,8 +8,7 @@
Deny from all
</IfModule>
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
Options -Indexes -ExecCGI -Includes -MultiViews
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment