aboutsummaryrefslogtreecommitdiff
path: root/files
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2013-12-03 12:14:44 -0200
committerSilvio Rhatto <rhatto@riseup.net>2013-12-03 12:14:44 -0200
commit7c6e37bfafc3309cf4309d8cf46215211cab91bf (patch)
treeff0095a47278b40ca92612d80ce7298b3dea25cf /files
parentd9a2d732ce99fa4b554e2a40ca4a7b03793e4268 (diff)
downloadpuppet-drupal-7c6e37bfafc3309cf4309d8cf46215211cab91bf.tar.gz
puppet-drupal-7c6e37bfafc3309cf4309d8cf46215211cab91bf.tar.bz2
Fix for SA-CORE-2013-003
Diffstat (limited to 'files')
-rw-r--r--files/htaccess23
1 files changed, 23 insertions, 0 deletions
diff --git a/files/htaccess b/files/htaccess
new file mode 100644
index 0000000..d156a1e
--- /dev/null
+++ b/files/htaccess
@@ -0,0 +1,23 @@
+# Turn off all options we don't need.
+Options None
+Options +FollowSymLinks
+
+# Set the catch-all handler to prevent scripts from being executed.
+SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
+<Files *>
+ # Override the handler again if we're run later in the evaluation list.
+ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
+</Files>
+
+# If we know how to do it safely, disable the PHP engine entirely.
+<IfModule mod_php5.c>
+ php_flag engine off
+</IfModule>
+# PHP 4, Apache 1.
+<IfModule mod_php4.c>
+ php_flag engine off
+</IfModule>
+# PHP 4, Apache 2.
+<IfModule sapi_apache2.c>
+ php_flag engine off
+</IfModule>