Hi all,

I'm having an issue with security update, in particular with Drupal Core 7.24, in order to do this I've seen that I need to make some changes on the .htaccess in some subfolders, the post with the details for the correct installation on:

says that I need to make some changes in the .htaccess specified in the status report of drupal.

Looking the status report of Drupal I'm noticing that there's no directory specified for any .htaccess files, there are just fileds and forms reports.

Just to be clear, I've not done the security update yet because I don't know if I need to update the files before or after the security update.

Then the question is, do I need to make the update before changing the .htaccess files?

Thanks for reading and helping me in advance.

Comments

John_B’s picture

There are several blog posts explaining more clearly how to do this, for example from ostraining,com, you can Google for them.

AFAIK it does not really matter whether you do updates first or not, I think most people ran the other updates first. I did. The location of the temporary and files folders can be set differently for each site, as explained in the blogs etc. on the topic, so the precise path will of course vary for where to put the .htaccess files.

As always, remember to test all updates on a dev copy of the site, and if you prefer to live dangerously and work live, at least be sure you have a backup and plan for how to restore it if things go wrong.

Digit Professionals specialising in Drupal, WordPress & CiviCRM support for publishers in non-profit and related sectors

dersuchende’s picture

Then, at the end of the day do you suggest to me to run the update before?
Just because I don't know when Drupal will notice me which .htaccess I need to change :)

John_B’s picture

Yes I suggest running the update before adding or changing the relevant .htaccess files.

However, if you do it the other way I think it does not really and and it does not really mater whether Drupal provides a message since the instructions about which .htaccess to change are already set out in the security advisory (and in clearer form in some blog posts) so you are not reliant on messages which Drupal puts up in order to complete the update.

Digit Professionals specialising in Drupal, WordPress & CiviCRM support for publishers in non-profit and related sectors

dersuchende’s picture

So yes, you're right, because in order to go the report can't detect errors that are not already running. For the .htaccess I'm pretty sure that I need to change only the files that drupal will suggest to me in the report because the configuration may change from one website to another one and as well modules and so on. I will let you know if it will go successful.
Thanks for the help!