#86737: Security htaccess fix needs to be created with group permissions set.

1fee6076 · Steven Wittens · 2c449c8e · 1fee6076
Commit 1fee6076 authored Jan 04, 2007 by Steven Wittens
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -116,6 +116,7 @@ function file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
    $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
    if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
      fclose($fp);
+      chmod($directory .'/.htaccess', 0664);
    }
    else {
      $message = t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", array('%directory' => $directory, '!htaccess' => '<br />'. nl2br(check_plain($htaccess_lines))));