Excess space or tab symbols at .htaccess ("files" folder) provide false negative

Created on 1 March 2015, over 10 years ago

Updated 22 January 2023, over 2 years ago

Problem/Motivation

The problem is that adding whitespace to sites/default/files/.htaccess would provide negative results for the executable PHP check.

Steps to reproduce the bug:

Modify sites/default/files/.htaccess by adding whitespace to any line other than the first and the last
Go to Reports/Security Review
Click Run
4th test result will be "PHP files in the Drupal files directory can be executed."

Proposed resolution

Make the comparison between the actual and the target content work without checking any leading or trailing whitespace in any line by trimming all the lines before checking.

Remaining tasks

Review
Commit to 7.x-1.x

User interface changes

none

API changes

none

Original report by [info999]

htaccess1.txt = Acceptable .htaccess ("files" folder) by Security Review
htaccess2.txt = UnAcceptable .htaccess ("files" folder) by Security Review

But there are only few extra space symbols at 8 and 9 lines in htaccess2.txt

htaccess2.txt should be acceptable by Security Review as well as htaccess1.txt

Dev version 7.x-1.2+1-dev has same problem.

🐛 Bug report

Status

Fixed

Version

1.2

Component

Code

Created by

🇷🇺Russia Dimetry

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 2 years ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024