Private files "Not fully protected" error in status report is wrong in cases when the specified directory does not exist

Created on 15 March 2018, over 7 years ago

Updated 4 June 2024, about 1 year ago

Problem/Motivation

Private files "Not fully protected" is misleading when the directory does not exist. Steps to reproduce are in comment #5.

Proposed resolution

Add a specific error message when the directory does not exist.

Remaining tasks

User interface changes

API changes

Data model changes

Original Report

After creating a private files directory, and making it writable by the web server, and choosing "private local files" in the File system settings, I get this error in the status report...

Not fully protected
See https://www.drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the directory to help protect against arbitrary code execution.

I am using Drupal 8, but this error links to a document that is specific to Drupal 6 and 7. For the heck of it, I tried following the instructions for Drupal 7, but it didn't work.

Do I need an .htaccess in my private files directory, in Drupal 8? If so, what should I put in that .htaccess?

🐛 Bug report

Status

Closed: duplicate

Version

9.4

Component

File system →

Last updated about 2 hours ago

Maintained by
🇦🇺Australia @kim.pepper

Created by

🇺🇸United States arnoldbird

Live updates comments and jobs are added and updated live.

Bug Smash Initiative

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 1 year ago →
🇳🇱Netherlands zJoriz
Just dropping by to confirm #11 removed the warning message for me. Thanks.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024