drupal 7.24 SA-CORE-2013-003 .htaccess

當我們更新 drupal 到 7.24 版時,會出現兩個錯誤狀態提示如下:

狀態報告-drupal24-htaccess

這時候處理如下:

https://drupal.org/SA-CORE-2013-003

解決辦法:

將上述內碼覆蓋 網站/sites/default/files/.htaccess
(cd /var/www/html/網站/sites//default/files/.htaccess )
並將 .htaccess 複製到 系統 /tmp/.htaccess  (cd /tmp/.htaccess )

可以解決上面兩個問題。

.htaccess 內容如下:

For Drupal 7:

 

# Turn off all options we don't need.
Options None
Options +FollowSymLinks
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we’re run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files># If we know how to do it safely, disable the PHP engine entirely.
<IfModule mod_php5.c>
php_flag engine off
</IfModule>

Additionally, the .htaccess of the temporary files directory and private files directory (if used) should include this command:

Deny from all

 

 

參考文獻
http://www.imleon.cn/?p=193

http://rewriterdark.blogspot.tw/2013/11/drupal-sa-core-2013-003.html

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
  • MySpace
  • Plurk
  • RSS
  • Google Buzz
  • Live
本篇發表於 Drupal。將永久鏈結加入書籤。

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *