Commit dc736e72 authored by catch's avatar catch

Issue #1269780 by hswong3i, damien_vancouver, Agileware, ricardoamaro,...

Issue #1269780 by hswong3i, damien_vancouver, Agileware, ricardoamaro, alexpott, axel.rutz, yannickoo: Remove symlinks option from .htaccess
parent 2358408c
......@@ -15,9 +15,6 @@
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Set the default handler.
DirectoryIndex index.php index.html index.htm
......
......@@ -79,8 +79,7 @@ public function save($name, $code) {
public static function htaccessLines($private = TRUE) {
$lines = <<<EOF
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
Options -Indexes -ExecCGI -Includes -MultiViews
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
......
......@@ -40,8 +40,7 @@ function testHtaccessSave() {
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
$this->assertFalse(strpos($content, "Require all denied") !== FALSE);
$this->assertFalse(strpos($content, "Deny from all") !== FALSE);
$this->assertTrue(strpos($content, "Options None") !== FALSE);
$this->assertTrue(strpos($content, "Options +FollowSymLinks") !== FALSE);
$this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
$this->assertFilePermissions($public . '/.htaccess', 0444);
......@@ -54,8 +53,7 @@ function testHtaccessSave() {
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
$this->assertTrue(strpos($content, "Require all denied") !== FALSE);
$this->assertTrue(strpos($content, "Deny from all") !== FALSE);
$this->assertTrue(strpos($content, "Options None") !== FALSE);
$this->assertTrue(strpos($content, "Options +FollowSymLinks") !== FALSE);
$this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
$this->assertFilePermissions($private . '/.htaccess', 0444);
......@@ -68,8 +66,7 @@ function testHtaccessSave() {
$this->assertTrue(strpos($content,"SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
$this->assertTrue(strpos($content, "Require all denied") !== FALSE);
$this->assertTrue(strpos($content,"Deny from all") !== FALSE);
$this->assertTrue(strpos($content,"Options None") !== FALSE);
$this->assertTrue(strpos($content,"Options +FollowSymLinks") !== FALSE);
$this->assertTrue(strpos($content,"Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
$this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
$this->assertFilePermissions($stream . '/.htaccess', 0444);
......
......@@ -8,8 +8,7 @@
Deny from all
</IfModule>
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
Options -Indexes -ExecCGI -Includes -MultiViews
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment