Status page should link to D8/9 information for public files

Created on 7 October 2019, about 5 years ago

Updated 17 February 2023, almost 2 years ago

Problem/Motivation

On /admin/reports/status page, if the "PUBLIC FILES DIRECTORY" settings are not proper it shows a message

Not fully protected
See https://www.drupal.org/SA-CORE-2013-003 → for information about the recommended .htaccess file which should be added to the directory to help protect against arbitrary code execution.

But when you go to the link https://www.drupal.org/SA-CORE-2013-003 → it feels like the whole page is targeted at Drupal 6 and 7. Either the documentation on the page needs to change or we should link it to relevant page.

Steps to reproduce

Set the private file path to say /tmp
$settings['file_private_path'] = '/tmp';
Navigate to /admin/reports/status

Proposed resolution

Use \Drupal\Component\FileSecurity\FileSecurity::htaccessLines() to show the user the recommend content.
Before

After

Remaining tasks

Review patch
Commit

User interface changes

/admin/reports/status has more clear message for private directory setup.

API changes

Data model changes

Release notes snippet

📌 Task

Status

Needs work

Version

10.1 ✨

Component

UI text →

Last updated 5 days ago

No maintainer

Created by

🇮🇳India gokulnk

Live updates comments and jobs are added and updated live.

Bug Smash Initiative

Usability
Makes Drupal easier to use. Preferred over UX, D7UX, etc.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
🇺🇸United States smustgrave
Not sure what happened to the screenshots but they're still needed

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024