function system_get_private_htaccess

7.x system.module system_get_private_htaccess()

Returns back a string for an .htaccess file which doesn't allow Apache to serve any files from that directory. Used in the /files/cache_data directory and other directories as needed.

2 calls to system_get_private_htaccess()
system.module in modules/system/system.module
system_reload_and_cache_course_inventory in modules/system/system.module
Formerly part of the FlightPath class, this function will read in or reload the course inventory into a file, which then goes into the SESSION to make it faster to access.

File

modules/system/system.module, line 4269

Code

function system_get_private_htaccess() {
  $x = "
    # Deny all requests from Apache 2.4+.
    <IfModule mod_authz_core.c>
      Require all denied
    </IfModule>
    
    # Deny all requests from Apache 2.0-2.2.
    <IfModule !mod_authz_core.c>
      Deny from all
    </IfModule>
    
    # Turn off all options we don't need.
    Options None
    Options +FollowSymLinks
    
    # Set the catch-all handler to prevent scripts from being executed.
    # This is borrowed from Drupal SA-2006-006
    SetHandler FlightPath_Security_Do_Not_Remove_See_SA_2006_006
    <Files *>
      # Override the handler again if we're run later in the evaluation list.
      # This is borrowed from Drupal SA-2006-006
      SetHandler FlightPath_Security_Do_Not_Remove_See_SA_2006_006
    </Files>
    
    # If we know how to do it safely, disable the PHP engine entirely.
    <IfModule mod_php5.c>
      php_flag engine off
    </IfModule>  
  ";

  return trim($x);
}