Feilmelding under statusrapport

Olee
Olees bilde
Avlogget
Ble med: 07.01.2012

Hei.

Jeg oppdarterte til drupal 6.29 og fikk 2 feilmelding under status:

Files directory: See http://drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the sites/default/files directory to help protect against arbitrary code execution.

Temporary files directory: See http://drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the /tmp directory to help protect against arbitrary code execution.

Er det noe jeg må lime inn under htaccess? På tynn is her.

Håper på hurtig svar.

Mvh Olee

Hjemmeside
Hjemmesides bilde
Avlogget
Bidragsyter
Ble med: 17.06.2008
Feilmelding under statusrapport

Hei, dette er ikke noe stress. Som det står på linken du viser til:

Code execution prevention (Files directory .htaccess for Apache - Drupal 6 and 7)

Drupal core attempts to add a "defense in depth" protection to prevent script execution by placing a .htaccess file into the files directories that stops execution of PHP scripts on the Apache web server. This protection is only necessary if there is a vulnerability on the site or on a server that allows users to upload malicious files. The configuration in the .htaccess file did not prevent code execution on certain Apache web server configurations. This release includes new configuration to prevent PHP execution on several additional common Apache configurations. If you are upgrading a site and the site is run by Apache you must fix the file manually, as described in the "Solution" section below.

This vulnerability is mitigated by the fact that it only relates to a defense in depth mechanism, and sites would only be vulnerable if they are hosted on a server which contains code that does not use protections similar to those found in Drupal's file API to manage uploads in a safe manner.

Løsningen er også gitt via linken, men hvis du har webhotell hos en av de store, så ville jeg ikke brydd meg om dette, da de har gode sikkerhetsrutiner allerede.

Dersom du hoster selv, så ville jeg fulgt løsningen gitt under solution. Det handler om å endre .htaccess-filene litt, ja. Hvis du har problemer med å følge hva du skal gjøre under solution, så si fra, så kan jeg gi deg en norsk veiledning.

Svar på forumemnet

(If you're a human, don't change the following field)
Your first name.
Innholdet i dette feltet blir holdt privat og vil ikke bli vist offentlig.