From 6903475841d4687246d9206ae72ed192948f4db8 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 29 Oct 2012 22:03:18 +0100
Subject: [PATCH 1/2] Generate .htaccess when upgrading from old versions

When upgrading from old ownCloud versions like 2.x the .htaccess is not
generated - which exposes the data to the internet. This fix will
generate a .htaccess when upgrading. (And no one exists)
Fixes #127
---
 lib/base.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/base.php b/lib/base.php
index d7d5eef325..18118a93b6 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -221,6 +221,12 @@ class OC{
 			$installedVersion=OC_Config::getValue('version', '0.0.0');
 			$currentVersion=implode('.', OC_Util::getVersion());
 			if (version_compare($currentVersion, $installedVersion, '>')) {
+				// Check if the .htaccess is existing - this is needed for upgrades from really old ownCloud versions
+				if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
+					if(!OC_Util::ishtaccessworking()) {
+						OC_Setup::createHtaccess();
+					}
+				}		
 				OC_Log::write('core', 'starting upgrade from '.$installedVersion.' to '.$currentVersion, OC_Log::DEBUG);
 				$result=OC_DB::updateDbFromStructure(OC::$SERVERROOT.'/db_structure.xml');
 				if(!$result) {

From f6b6780072134998919a66ed4c99922c40d2a937 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 29 Oct 2012 22:44:49 +0100
Subject: [PATCH 2/2] Don't use OC_Setup as it will show up the installer

---
 lib/base.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/base.php b/lib/base.php
index 18118a93b6..5c3d3fb80c 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -224,7 +224,11 @@ class OC{
 				// Check if the .htaccess is existing - this is needed for upgrades from really old ownCloud versions
 				if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
 					if(!OC_Util::ishtaccessworking()) {
-						OC_Setup::createHtaccess();
+						if(!file_exists(OC::$SERVERROOT.'/data/.htaccess')) {
+							$content = "deny from all\n";
+							$content.= "IndexIgnore *";
+							file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data').'/.htaccess', $content);
+						}
 					}
 				}		
 				OC_Log::write('core', 'starting upgrade from '.$installedVersion.' to '.$currentVersion, OC_Log::DEBUG);