From d389b128297df72b4868d377851a7d3ac54a25a4 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Mon, 28 Aug 2006 21:07:43 +0000
Subject: [PATCH] create safer .htaccess SC#302

---
 doc/install.html               | 2 +-
 lang/en_utf8/docs/install.html | 2 +-
 lang/en_utf8/help/install.html | 2 +-
 lib/db/mysql.php               | 2 +-
 lib/db/postgres7.php           | 2 +-
 lib/setuplib.php               | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/install.html b/doc/install.html
index 31d14d5b29..3df339df3d 100755
--- a/doc/install.html
+++ b/doc/install.html
@@ -114,7 +114,7 @@
      by creating a file in the data directory called .htaccess, containing this line:
   <blockquote>
      
-    <pre>deny from all</pre>
+    <pre>deny from all<br />AllowOverride None</pre>
   </blockquote>
   <p>To make sure that Moodle can save uploaded files in this directory, check that 
      the web server software (eg Apache) has permission to write 
diff --git a/lang/en_utf8/docs/install.html b/lang/en_utf8/docs/install.html
index 10592d62db..8d949e2870 100644
--- a/lang/en_utf8/docs/install.html
+++ b/lang/en_utf8/docs/install.html
@@ -254,7 +254,7 @@ php_value post_max_size 2M
     <p>The Moodle installer tries hard to create this directory for you but if it fails then you will have to create a directory for this purpose manually. </p>
     <p>For security, it's best that this directory is NOT accessible directly via the web. The easiest way to do this is to simply locate it OUTSIDE the web directory, but if you must have it in the web directory then  protect it by creating a file in the data directory called .htaccess, containing this line: </p>
     <blockquote>
-      <pre>deny from all</pre>
+      <pre>deny from all<br />AllowOverride None</pre>
     </blockquote>
     <p>To make sure that Moodle can save uploaded files in this directory, check that the web server software (eg Apache) has permission to read, write and execute in  this directory. </p>
     <p>On Unix machines, this means setting the owner of the directory to be something like &quot;nobody&quot; or &quot;apache&quot;, and then giving that user read, write and execute permissions.</p>
diff --git a/lang/en_utf8/help/install.html b/lang/en_utf8/help/install.html
index 3cef4dabd1..bf7e5049ca 100644
--- a/lang/en_utf8/help/install.html
+++ b/lang/en_utf8/help/install.html
@@ -234,7 +234,7 @@ php_value post_max_size 2M
     <p>The Moodle installer tries hard to create this directory for you but if it fails then you will have to create a directory for this purpose manually. </p>
     <p>For security, it's best that this directory is NOT accessible directly via the web. The easiest way to do this is to simply locate it OUTSIDE the web directory, but if you must have it in the web directory then  protect it by creating a file in the data directory called .htaccess, containing this line: </p>
     <blockquote>
-      <pre>deny from all</pre>
+      <pre>deny from all<br />AllowOverride None</pre>
     </blockquote>
     <p>To make sure that Moodle can save uploaded files in this directory, check that the web server software (eg Apache) has permission to read, write and execute in  this directory. </p>
     <p>On Unix machines, this means setting the owner of the directory to be something like &quot;nobody&quot; or &quot;apache&quot;, and then giving that user read, write and execute permissions.</p>
diff --git a/lib/db/mysql.php b/lib/db/mysql.php
index 7080146839..57a60c2fd8 100644
--- a/lib/db/mysql.php
+++ b/lib/db/mysql.php
@@ -1096,7 +1096,7 @@ function main_upgrade($oldversion=0) {
     if ($oldversion < 2005011000) {     // Create a .htaccess file in dataroot, just in case
         if (!file_exists($CFG->dataroot.'/.htaccess')) {
             if ($handle = fopen($CFG->dataroot.'/.htaccess', 'w')) {   // For safety
-                @fwrite($handle, "deny from all\r\n");
+                @fwrite($handle, "deny from all\r\nAllowOverride None\r\n");
                 @fclose($handle); 
                 notify("Created a default .htaccess file in $CFG->dataroot");
             }
diff --git a/lib/db/postgres7.php b/lib/db/postgres7.php
index 524b5b3567..b114d6b959 100644
--- a/lib/db/postgres7.php
+++ b/lib/db/postgres7.php
@@ -871,7 +871,7 @@ function main_upgrade($oldversion=0) {
     if ($oldversion < 2005011000) {     // Create a .htaccess file in dataroot, just in case
         if (!file_exists($CFG->dataroot.'/.htaccess')) {
             if ($handle = fopen($CFG->dataroot.'/.htaccess', 'w')) {   // For safety
-                @fwrite($handle, "deny from all\r\n");
+                @fwrite($handle, "deny from all\r\nAllowOverride None\r\n");
                 @fclose($handle); 
                 notify("Created a default .htaccess file in $CFG->dataroot");
             }
diff --git a/lib/setuplib.php b/lib/setuplib.php
index 63ddebb48a..cd73326b1f 100644
--- a/lib/setuplib.php
+++ b/lib/setuplib.php
@@ -60,7 +60,7 @@ function make_upload_directory($directory, $shownotices=true) {
     // Make sure a .htaccess file is here, JUST IN CASE the files area is in the open
     if (!file_exists($currdir.'/.htaccess')) {
         if ($handle = fopen($currdir.'/.htaccess', 'w')) {   // For safety
-            @fwrite($handle, "deny from all\r\n");
+            @fwrite($handle, "deny from all\r\nAllowOverride None\r\n");
             @fclose($handle);
         }
     }
-- 
2.39.5