Issue #670454 by pwolanin, cburschka, effulgentsia: Fixed Support HTTP Authorization in CGI environment.

Issue #1907704 by ultimateboy, totten, acrollet, greggles: Restrict temporary files created by text editors.

Issue #1733476 by greggles, BMDan: Fixed Make default htaccess rules protocol sensitive to avoid man-in-the-middle-attacks if users don't fully customize the rule.

Removed sig from global htaccess, create a new one in the config directory at install time which simply does a DenyFromAll, just like private files

Nate Lampton authored 13 years ago and catch committed 13 years ago

Issue #22336 by quicksketch, scor, boombatower, and rfay. Move all core Drupal files under a core subdirectory.

- Patch #1116416 by Kars-T, Coornail: use 'Header set' instead of 'Header append' in .htaccess to avoid double encoding.

- Patch #76824 by geerlingguy, xjm, droplet, kbahey: Drupal should not handle 404 for certain files. Oh yeah.

- Patch #1110810 by JohnAlbin, TR: CVS $ tag lurks in .htaccess file (and other dank corners of Drupal).

- Patch #919596 by mathroc, AnalogFile, dmitrig01, boombatower: -MultiViews in .htaccess requires odd AllowOverride Options=All,MultiViews.

#348448 follow-up by mfb: Remove default E_STRICT error reporting. We're too far into the release cycle for changes like this. Let's pick it up again in Drupal 8! :)

- Patch #348448 by mfb, c960657, marvil07, cdale, jpmckinney: fixed PHP strict warnings when running tests and for PHP 5.3.

- Patch #352180 by Garret Albright, wrwrwr: better multi-site friendly 'www' addition/removal in .htaccess.

#289120 by jastern: Set magic_quotes_sybase = 0 to prevent default php.ini settings from double-quoting JavaScript in Drupal.

- Patch #308834 by c960657: move setting of magic_quotes_runtime out of settings.php because (i) we don't want a user to change it and (ii) it gets executed a bit earlier in the Drupal bootstrap.

- Patch #217170 by maartenvg, rbiffl: boolean PHP settings are best set with php_flag instead of php_value.