Removed sig from global htaccess, create a new one in the config directory at...

Removed sig from global htaccess, create a new one in the config directory at install time which simply does a DenyFromAll, just like private files

Removed sig from global htaccess, create a new one in the config directory at...
757ce514 · Greg Dunlap · 70261af6 · 757ce514 · 757ce514 · 757ce514
Commit 757ce514 authored 13 years ago by Greg Dunlap
--- a/.htaccess
+++ b/.htaccess
@@ -3,7 +3,7 @@
 #
 # Protect files and directories from prying eyes.
-<FilesMatch "\.(sig|engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$">
+<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$">
  Order allow,deny
 </FilesMatch>

--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -467,6 +467,7 @@ function file_ensure_htaccess() {
    file_save_htaccess('private://', TRUE);
  }
  file_save_htaccess('temporary://', TRUE);
+  file_save_htaccess(config_get_config_directory(), TRUE);
 }
 /**

--- a/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -1011,6 +1011,11 @@ function install_settings_form_submit($form, &$form_state) {
  if (!file_prepare_directory($config_path, FILE_CREATE_DIRECTORY)) {
    // How best to handle errors here?
  };
+  // Write out a .htaccess file that will protect the config directory from
+  // prying eyes.
+  file_save_htaccess($config_path, TRUE);
  // Indicate that the settings file has been verified, and check the database
  // for the last completed task, now that we have a valid connection. This
  // last step is important since we want to trigger an error if the new