Problem/Motivation
On /admin/reports/status page, if the "PUBLIC FILES DIRECTORY" settings are not proper it shows a message
Not fully protected
See https://www.drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the directory to help protect against arbitrary code execution.
But when you go to the link https://www.drupal.org/SA-CORE-2013-003 it feels like the whole page is targeted at Drupal 6 and 7. Either the documentation on the page needs to change or we should link it to relevant page.
Steps to reproduce
Set the private file path to say /tmp$settings['file_private_path'] = '/tmp';
Navigate to /admin/reports/status
Proposed resolution
Use the link that is used in settings.php
* See https://www.drupal.org/documentation/modules/file for more information
* about securing private files.Before
After