The provided patch adds some more files and directories which will be protected by the default Drupal .htaccess file.

First, lots of files and directories used by Subversion (svn), as I keep all my Drupal installations under version control (and Drupal might switch to svn later, too). The database/ directory and *.mysql and *.pgsql, because nobody needs to access those from the web. I removed the update/ directory from the list, there's no such directory in CVS or 4.6., so I guess it's obsolete.

Comments

praseodym’s picture

For me .htaccess directory blocking is broken. directory/ is blocked, while directory/file.txt is not. It's clearly ineffective.

Morbus Iff’s picture

Status: Needs review » Active

No patch attached.

Morbus Iff’s picture

Assigned: Unassigned » Morbus Iff
Status: Active » Closed (duplicate)

-1. When and if Drupal ever uses svn, it'll add this stuff in - until then, it shouldn't cater to your environment. As for database/, it's as innocent as someone requesting CHANGELOG.txt, and has no reason for being blocked. The only thing worthwhile from this patch is the removal of updates - because that's already covered with the .inc. Note: this has nothing to do with directories, only [Files].

Marking as duplicate, see final patch/revisions at http://drupal.org/node/29344.

Uwe Hermann’s picture

Title: Protect more files in .htaccess. » Protect svn files in .htaccess as soon as Drupal uses svn.
Status: Closed (duplicate) » Postponed

OK, you're probably right. Marking as postponed.

Wesley Tanaka’s picture

Version: x.y.z » 6.x-dev

subscribing

Gábor Hojtsy’s picture

Version: 6.x-dev » 7.x-dev
Assigned: Morbus Iff » Unassigned
Status: Postponed » Needs review

Agreed that SVN directories and files should be blocked. (Possibly even backport to Drupal 6.x).

Morbus Iff’s picture

FileSize
745 bytes

New patch against HEAD. Note that the original patch included mostly directories - Apache's FilesMatch (or Files) have never worked against directories. From the original patch, only .svn-base, entries, and format are valid. Also included in this patch is "all-wcprops".

Morbus Iff’s picture

FileSize
745 bytes

Correcting typo.

lilou’s picture

FileSize
771 bytes

Reroll

Damien Tournoud’s picture

Title: Protect svn files in .htaccess as soon as Drupal uses svn. » Protect svn files in .htaccess
Status: Needs review » Reviewed & tested by the community

A lot of us already use SVN to manage Drupal sites. I'm for this to go in right now.

Dries’s picture

Status: Reviewed & tested by the community » Fixed

Committed to CVS HEAD. Thanks.

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

jvandyk’s picture

Version: 7.x-dev » 6.x-dev
Status: Closed (fixed) » Reviewed & tested by the community
FileSize
734 bytes

Patch for Drupal 6.

Gábor Hojtsy’s picture

Gábor Hojtsy’s picture

Version: 6.x-dev » 5.x-dev

Thanks, committed to Drupal 6 given no further pressing needs coming up from that thread. Moving to 5.x.

drumm’s picture

Status: Reviewed & tested by the community » Fixed

Committed to 5.x.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.