Drupal Notes about of Temporary Files Directory
来源:互联网 发布:梦入神机 知乎 编辑:程序博客网 时间:2024/06/05 05:53
临时目录提示未完全保护,需要在Tmp目录中增加.htaccess。
Versions affected
- Drupal core 6.x versions prior to 6.29.
- Drupal core 7.x versions prior to 7.24.
Solution
Install the latest version:
- If you use Drupal 6.x, upgrade to Drupal core 6.29.
- If you use Drupal 7.x, upgrade to Drupal core 7.24.
Also see the Drupal core project page.
Warning: Fixing the code execution prevention may require server configuration; please read:
To fix the code execution prevention vulnerability on existing Apache installations also requires changes to your site's .htaccess files in the files directories. Until you do this, your site's status report page at admin/reports/status will display error messages about the problem. Please note that if you are using a different web server such as Nginx the .htaccess files have no effect and you need to configure PHP execution protection yourself in the respective server configuration files.
To fix this issue, you must edit or replace the old .htaccess files manually. Copies of the .htaccess files are found in the site's files directory and temporary files directory, and (for Drupal 7 only) the separate private files directory if your site is configured to use one. To find the location of these directories, consult the error messages at admin/reports/status, or visit the file system configuration page at admin/settings/file-system (Drupal 6) or admin/config/media/file-system (Drupal 7). Note that you should only make changes to the .htaccess files that are found in the directories specified on that page. Do not change the top-level .htaccess file (at the root of your Drupal installation).
Go onto your server, navigate to each directory, and replace or create the .htaccess file in this directory with the contents described below. Alternatively, you can remove the .htaccess file from each directory using SFTP or SSH and then visit the file system configuration page (admin/settings/file-system in Drupal 6 or admin/config/media/file-system in Drupal 7) and click the save button to have Drupal create the file automatically.
The recommended .htaccess file contents are as follows.
For Drupal 6:
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files>
# If we know how to do it safely, disable the PHP engine entirely.
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
# PHP 4, Apache 1.
<IfModule mod_php4.c>
php_flag engine off
</IfModule>
# PHP 4, Apache 2.
<IfModule sapi_apache2.c>
php_flag engine off
</IfModule>
For Drupal 7:
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files>
# If we know how to do it safely, disable the PHP engine entirely.
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
Additionally, the .htaccess of the temporary files directory and private files directory (if used) should include this command:
Deny from all
- Drupal Notes about of Temporary Files Directory
- A couple of notes about Z
- Number of files in each directory
- Drupal升级运行更新后出现public files directory的解决办法。
- LINK - About Cache Control of Azure Blob Files
- Display a Directory Tree of all Subdirectories and Files
- Temporary ASP.Net Files探究
- Temporary Internet Files文件夹巨大
- Notes about JBI..
- iOS notes about url
- notes about C++
- Some Notes About Modules
- Notes about VectorDrawable
- notes about HTTP
- temporary of type `int'
- What is the location of the directory of C header files that match your running kernel?
- What is the location of the directory of C header files that match your running kernel?
- What is the location of the directory of C header files that match
- VS2010 线程显示时间调试通过
- buffer busy waits
- 一个老板骂人的10句话!赤裸裸,但有道理!
- 算法--写一个函数检查字符是否是整数,如果是返回其整数值
- Url中传中文名特殊字符处理
- Drupal Notes about of Temporary Files Directory
- 判断一个文件是否是符号链接
- paip . 解决spring No unique bean of type [com.mijie.homi.search.service.index.MoodUserIndexService]
- GestureDetector.OnGestureListener 详解
- 有关Filter(过滤器)实现禁用缓存和使用缓存操作的实现
- 记住2014年1月1日
- 正则表达式学习与总结
- Hibernate缓存机制
- 二叉树遍历的各种算法