Commit 852d227b authored by gisle's avatar gisle
Browse files

Issue #1980936 by gisle: Added documentation about the use of .htaccess

parent e130614b
...@@ -78,14 +78,12 @@ accompanied by patches are more likely to make it into a release.</p> ...@@ -78,14 +78,12 @@ accompanied by patches are more likely to make it into a release.</p>
<p>The maintainer hopes that the community is willing to help out by <p>The maintainer hopes that the community is willing to help out by
answering &amp; closing support requests.</p> answering &amp; closing support requests.</p>
<h2 id="project-problems">Known problems</h2> <h2 id="access-control">Access control</h2>
<ul> <p>As noted in the introduction, the help texts are stored as plain files
<li>As noted in the introduction, the help texts are stored as plain files
and can, unless protected, be accessed by anyone who knows their URL. and can, unless protected, be accessed by anyone who knows their URL.
To protect them, place the following four lines in a file named To protect them, place the following four lines in a file named
<code>.htaccess</code> in all directories that contain files for <code>.htaccess</code> in project's <code>help</code> directory:</p>
the help texts:
<pre> <pre>
&lt;Files *&gt; &lt;Files *&gt;
...@@ -94,11 +92,15 @@ Deny from all ...@@ -94,11 +92,15 @@ Deny from all
&lt;/Files&gt; &lt;/Files&gt;
</pre> </pre>
See also issue : <p>It as the responsibility of the project author to make sure this type of protection is in place if the project's author has help files that merits protection from direct access.</p>
<a href="https://www.drupal.org/node/1980936">#1980936 Typing complete path to .html help files in module bypasses user permissions</a>.
<p>See also issue :
<a href="https://www.drupal.org/node/1980936">#1980936 Typing complete path to .html help files in module bypasses user permissions</a>.</p>
<!--
<h2 id="project-problems">Known problems</h2>
-->
</li>
</ul>
<h2 id="project-maintainers">Credits</h2> <h2 id="project-maintainers">Credits</h2>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment