- Sep 03, 2022
-
-
Juraj Nemec authored
Issue #2779833 by iryston, amar.deokar, poker10: Fix Drupal 7 .htaccess to protect .orig and .save files from view
-
- May 27, 2021
-
-
Drew Webber authored
-
Drew Webber authored
Issue #2768921 by izmeez, mcdruid, Pere Orga, jfhovinne, alexpott, Fabianx, David_Rothstein, coltrane, dawehner, catch, david_garcia, xjm, pwolanin, greggles, larowlan, mlhess: Backport server configuration code from SA-CORE-2016-003 to Drupal 7
-
- Nov 05, 2019
-
-
Drew Webber authored
Issue #3047412 by mcdruid, Chi, beckydev, DKAN, alexpott, sammuell, rabbitlair, longwave, greggles, interX: Block web.config in .htaccess (and vice-versa)
-
- Jun 06, 2017
-
-
David Rothstein authored
Issue #1599774 by longwave, ben.bunk, Rob C, stefan.r, David_Rothstein, BTMash, kristofferwiklund, marcingy, mpdonadio, DuneBL, serundeputy, Letharion, quicksketch, alexpott, J-Lee, Morbus Iff: Drupal fails to boot with 503 error and .htaccess protections do not work on Apache 2.4 without mod_access_compat
-
- Jun 02, 2017
-
-
David Rothstein authored
Issue #2847325 by sammuell, John Morahan, mfb, sanduhrs, D34dMan, C_Logemann, xumepadismal, serg2, walterebert, David Grudl: Support RFC 5785 on Apache by whitelisting the .well-known directory
-
- Feb 01, 2016
-
-
David Rothstein authored
Issue #2392153 by mparker17, hussainweb, chris.smith, alexpott, dawehner: Disallow composer.json and composer.lock from being indexed
-
- Oct 03, 2015
-
-
David Rothstein authored
Issue #462950 by pwolanin, Pere Orga: Mitigate the security risks that come from IE, Chrome and other browsers trying to sniff the mime type
-
- Aug 05, 2013
-
-
David Rothstein authored
-
- Apr 10, 2013
-
-
Angie Byron authored
Issue #1962780 by David_Rothstein, petyovsky: Fixed 500 Internal server error on Apache 1.x servers after updating to Drupal 7.22.
-
- Mar 30, 2013
-
-
David Rothstein authored
-
- Dec 08, 2012
-
-
David Rothstein authored
Issue #1733476 by greggles, BMDan: Fixed Make default htaccess rules protocol sensitive to avoid man-in-the-middle-attacks if users don't fully customize the rule.
-
- May 21, 2012
-
-
Jennifer Hodgdon authored
-
- Sep 30, 2011
-
-
Angie Byron authored
Issue #76824 by geerlingguy, xjm, droplet, kbahey: Change notice for Drupal should not handle 404 for certain files.
-
- Sep 19, 2011
-
-
Dries Buytaert authored
- Patch #1116416 by Kars-T, Coornail: use 'Header set' instead of 'Header append' in .htaccess to avoid double encoding.
-
- Apr 24, 2011
-
-
Dries Buytaert authored
- Patch #1110810 by JohnAlbin, TR: CVS $ tag lurks in .htaccess file (and other dank corners of Drupal).
-
- Apr 16, 2011
-
-
Dries Buytaert authored
- Patch #919596 by boombatower: -MultiViews in .htaccess requires odd AllowOverride Options=All,MultiViews.
-
- Nov 23, 2010
-
-
Dries Buytaert authored
-
- Oct 11, 2010
-
-
Dries Buytaert authored
-
- May 05, 2010
-
-
Angie Byron authored
#348448 follow-up by mfb: Remove default E_STRICT error reporting. We're too far into the release cycle for changes like this. Let's pick it up again in Drupal 8! :)
-
- Apr 11, 2010
-
-
Dries Buytaert authored
- Patch #348448 by mfb, c960657, marvil07, cdale, jpmckinney: fixed PHP strict warnings when running tests and for PHP 5.3.
-
- Feb 07, 2010
-
-
Angie Byron authored
-
- Feb 02, 2010
-
-
Dries Buytaert authored
-
- Jan 29, 2010
-
-
Dries Buytaert authored
-
- Aug 16, 2009
-
-
Dries Buytaert authored
-
- Jun 21, 2009
-
-
Dries Buytaert authored
-
- Jun 09, 2009
-
-
Dries Buytaert authored
- Patch #352180 by Garret Albright, wrwrwr: better multi-site friendly 'www' addition/removal in .htaccess.
-
- May 16, 2009
-
-
Angie Byron authored
-
- Apr 22, 2009
-
-
Dries Buytaert authored
-
- Jan 09, 2009
-
-
Angie Byron authored
#289120 by jastern: Set magic_quotes_sybase = 0 to prevent default php.ini settings from double-quoting JavaScript in Drupal.
-
- Nov 28, 2008
-
-
Dries Buytaert authored
-
- Nov 22, 2008
-
-
Dries Buytaert authored
- Patch #308834 by c960657: move setting of magic_quotes_runtime out of settings.php because (i) we don't want a user to change it and (ii) it gets executed a bit earlier in the Drupal bootstrap.
-
- Sep 15, 2008
-
-
Dries Buytaert authored
- Patch #217170 by maartenvg, rbiffl: boolean PHP settings are best set with php_flag instead of php_value.
-
- Aug 30, 2008
-
-
Dries Buytaert authored
-
- Jul 05, 2008
-
-
Dries Buytaert authored
-
- Jun 28, 2008
-
-
Dries Buytaert authored
-
- Jun 26, 2008
-
-
Dries Buytaert authored
-
- Feb 21, 2008
-
-
Dries Buytaert authored
-
- Oct 05, 2007
-
-
Dries Buytaert authored
- Patch #150245 by webchick, bjaspan, ralf, Arancaytar et al: move the .schema files into .install files to prevent mistakes.
-
- Oct 02, 2007
-
-
Dries Buytaert authored
- Patch #144634 by chx: fixed critical bug that prevented language negotiation to work after/when drupal_goto() is called.
-