Affects Version/s: 3.8.3, 3.9
Fix Version/s: None
Affected Branches:MOODLE_38_STABLE, MOODLE_39_STABLE
lib/setuplib.php ( function protect_directory () )
and lib/installlib.php ( function install_init_dataroot() )
Moodle creates .htaccess if needed, but with Apache 2.2 directives.
Lines are :
fwrite($handle, "deny from all\r\nAllowOverride None\r\nNote: this file is broken intentionally, we do not want anybody to undo it in subdirectory!\r\n");
Today, most of Apache servers are in version 2.4, and "Require all denied" replace "deny from all"
Line should be
fwrite($handle, "Require all denied\r\nAllowOverride None\r\nNote: this file is broken intentionally, we do not want anybody to undo it in subdirectory!\r\n");
The site works in both cases, but Apache logs are filled with warnings like "AH01630: client denied by server configuration:"
Another solution is to add a new parameter in config.php to setup the web server type and version. And creates .htaccess files according to this parameter.
Thanks a lot