Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
.htaccess only blocks .tpl theme files (as used by the Smarty engine) and not .tpl.php files (as used by phpTemplate). Since both template files can contain PHP code, but should never be run by themselves, bad things could happen if they were directly accessed. Here, we modify our FilesMatch to block both .tpl and .tpl.php.
Comment | File | Size | Author |
---|---|---|---|
_tplphp.patch | 748 bytes | Morbus Iff | |
Comments
Comment #1
moshe weitzman CreditAttribution: moshe weitzman commentedComment #2
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedapplied
Comment #3
(not verified) CreditAttribution: commented