Over at #2466197: Staging directory should not have to be writeable. β requirements were updated so that the config staging directory isn't required to be writable, but file_ensure_htaccess() still expects it to be writable if the staging directory is configured:
// If a staging directory exists then it should contain a .htaccess file.
// @todo https://www.drupal.org/node/2696103 catch a more specific exception
// and simplify this code.
try {
$staging = config_get_config_directory(CONFIG_SYNC_DIRECTORY);
}
catch (\Exception $e) {
$staging = FALSE;
}
if ($staging) {
// Note that we log an error here if we can't write the .htaccess file. This
// can occur if the staging directory is read-only. If it is then it is the
// user's responsibility to create the .htaccess file.
file_save_htaccess($staging, TRUE);
}
This causes a flood of security errors in the log since this is called for every single file write operation within a request, sometimes multiple times per request: https://www.drupal.org/files/issues/2016-08-18%20at%201.42%20PM.png β
None
None
None
Postponed: needs info
11.0 π₯
Last updated
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
It has been 8 years since there was discussion here. Is this problem still relevant? I found that file_ensure_htaccess() is replaces by \Drupal\Core\File\HtaccessWriter::ensure
Since we need more information to move forward with this issue, I am setting the status to Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.
Thanks!