diff --git a/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php b/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php
index 8f643c9..643cb19 100644
--- a/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php
+++ b/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php
@@ -58,17 +58,33 @@ if ($this->redirection) {
# Error handler for Drupal > 4.6.7
site_path; ?>/files">
- SetHandler This_is_a_Drupal_security_line_do_not_remove
+
+ SetHandler This_is_a_Drupal_security_line_do_not_remove
+
+ Options None
+ Options +FollowSymLinks
+
+ # If we know how to do it safely, disable the PHP engine entirely.
+
+ php_flag engine off
+
# Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those
site_path; ?>/private/" >
- SetHandler This_is_a_Drupal_security_line_do_not_remove
- Deny from all
- Options None
- Options +FollowSymLinks
+
+ SetHandler This_is_a_Drupal_security_line_do_not_remove
+
+ Deny from all
+ Options None
+ Options +FollowSymLinks
+
+ # If we know how to do it safely, disable the PHP engine entirely.
+
+ php_flag engine off
+
diff --git a/http/Provision/Config/Apache/vhost.tpl.php b/http/Provision/Config/Apache/vhost.tpl.php
index acb5418..5cacca4 100644
--- a/http/Provision/Config/Apache/vhost.tpl.php
+++ b/http/Provision/Config/Apache/vhost.tpl.php
@@ -55,17 +55,33 @@ if ($this->redirection || $ssl_redirection) {
# Error handler for Drupal > 4.6.7
site_path; ?>/files">
- SetHandler This_is_a_Drupal_security_line_do_not_remove
+
+ SetHandler This_is_a_Drupal_security_line_do_not_remove
+
+ Options None
+ Options +FollowSymLinks
+
+ # If we know how to do it safely, disable the PHP engine entirely.
+
+ php_flag engine off
+
# Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those
site_path; ?>/private/" >
- SetHandler This_is_a_Drupal_security_line_do_not_remove
- Deny from all
- Options None
- Options +FollowSymLinks
+
+ SetHandler This_is_a_Drupal_security_line_do_not_remove
+
+ Deny from all
+ Options None
+ Options +FollowSymLinks
+
+ # If we know how to do it safely, disable the PHP engine entirely.
+
+ php_flag engine off
+
diff --git a/platform/provision_drupal.drush.inc b/platform/provision_drupal.drush.inc
index 901ad5b..24a1ab5 100644
--- a/platform/provision_drupal.drush.inc
+++ b/platform/provision_drupal.drush.inc
@@ -274,6 +274,33 @@ function _provision_drupal_create_directories($url = NULL) {
}
/**
+ * Call the core file_create_htaccess() functions.
+ *
+ * Unlink the files first to avoid permission issues.
+ * If drupal already created the file then it's owned by e.g. www-data and aegir can not chmod those.
+ */
+function _provision_drupal_ensure_htaccess_update() {
+ if (drush_drupal_major_version() == 7) {
+ @unlink('public://.htaccess');
+ @unlink('private://.htaccess');
+ @unlink('temporary://.htaccess');
+
+ file_create_htaccess('public://', FALSE);
+ if (variable_get('file_private_path', FALSE)) {
+ file_create_htaccess('private://', TRUE);
+ }
+ file_create_htaccess('temporary://', TRUE);
+ }
+ elseif (drush_drupal_major_version() == 6) {
+ @unlink(file_directory_path() . '/.htaccess');
+ @unlink(file_directory_temp() . '/.htaccess');
+
+ file_create_htaccess(file_directory_path(), NULL);
+ file_create_htaccess(file_directory_temp(), NULL);
+ }
+}
+
+/**
* Runs an external script to reload all the various drupal caches
*/
function _provision_drupal_rebuild_caches() {
diff --git a/platform/verify.provision.inc b/platform/verify.provision.inc
index f3c3e59..c72c72c 100644
--- a/platform/verify.provision.inc
+++ b/platform/verify.provision.inc
@@ -85,6 +85,7 @@ function drush_provision_drupal_pre_provision_verify() {
// This is the actual drupal provisioning requirements.
_provision_drupal_create_directories();
_provision_drupal_maintain_aliases();
+ _provision_drupal_ensure_htaccess_update();
// Requires at least the database settings to complete.
_provision_drupal_create_settings_file();