? drupal-protect-txt-files-79018-16.patch
? sites/default/files
? sites/default/settings.php
Index: .htaccess
===================================================================
RCS file: /cvs/drupal/drupal/.htaccess,v
retrieving revision 1.90
diff -u -p -r1.90 .htaccess
--- .htaccess	5 Oct 2007 14:43:23 -0000	1.90
+++ .htaccess	25 Jan 2008 03:09:50 -0000
@@ -3,7 +3,7 @@
 #
 
 # Protect files and directories from prying eyes.
-<FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
+<FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$|^(CHANGELOG|COPYRIGHT|INSTALL.*|LICENSE|MAINTAINERS|README|UPGRADE).txt$">
   Order allow,deny
 </FilesMatch>
 
Index: includes/file.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/file.inc,v
retrieving revision 1.118
diff -u -p -r1.118 file.inc
--- includes/file.inc	9 Jan 2008 10:39:48 -0000	1.118
+++ includes/file.inc	25 Jan 2008 03:09:51 -0000
@@ -125,7 +125,7 @@ function file_check_directory(&$director
   }
 
   if ((file_directory_path() == $directory || file_directory_temp() == $directory) && !is_file("$directory/.htaccess")) {
-    $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
+    $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks\n<FilesMatch \".+\">\n  Order deny,allow\n</FilesMatch>";
     if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
       fclose($fp);
       chmod($directory .'/.htaccess', 0664);