Private files "Not fully protected" error in status report is wrong in cases when the specified directory does not exist

Created on 15 March 2018, almost 7 years ago
Updated 4 June 2024, 7 months ago

Problem/Motivation

Private files "Not fully protected" is misleading when the directory does not exist. Steps to reproduce are in comment #5.

Proposed resolution

Add a specific error message when the directory does not exist.

Remaining tasks

User interface changes

API changes

Data model changes

Original Report

After creating a private files directory, and making it writable by the web server, and choosing "private local files" in the File system settings, I get this error in the status report...

Not fully protected
See https://www.drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the directory to help protect against arbitrary code execution.

I am using Drupal 8, but this error links to a document that is specific to Drupal 6 and 7. For the heck of it, I tried following the instructions for Drupal 7, but it didn't work.

Do I need an .htaccess in my private files directory, in Drupal 8? If so, what should I put in that .htaccess?

πŸ› Bug report
Status

Closed: duplicate

Version

9.4

Component
File systemΒ  β†’

Last updated about 3 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States arnoldbird

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024