Private files "Not fully protected" error in status report is wrong in cases when the specified directory does not exist

Created on 15 March 2018, over 7 years ago
Updated 4 June 2024, about 1 year ago

Problem/Motivation

Private files "Not fully protected" is misleading when the directory does not exist. Steps to reproduce are in comment #5.

Proposed resolution

Add a specific error message when the directory does not exist.

Remaining tasks

User interface changes

API changes

Data model changes

Original Report

After creating a private files directory, and making it writable by the web server, and choosing "private local files" in the File system settings, I get this error in the status report...

Not fully protected
See https://www.drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the directory to help protect against arbitrary code execution.

I am using Drupal 8, but this error links to a document that is specific to Drupal 6 and 7. For the heck of it, I tried following the instructions for Drupal 7, but it didn't work.

Do I need an .htaccess in my private files directory, in Drupal 8? If so, what should I put in that .htaccess?

πŸ› Bug report
Status

Closed: duplicate

Version

9.4

Component
File systemΒ  β†’

Last updated about 16 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States arnoldbird

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024