Problem/Motivation
The commit from #140 of #1269780: Remove symlinks option from .htaccess made changes to the vendor/.htaccess and auto-generated .htaccess files (such as the one in sites/default/files). Drupal 8.0.0 is now explicitly setting Options -MultiViews in these .htaccess files, which is not allowed in some configurations without "AllowOverride MultiViews" in the VirtualHost. The commonly set "AllowOverride All" does not actually include MultiViews, which can cause further confusion.
Affected Apache configurations will be able to install Drupal but will return 500 Server Errors for any content inside the files directory, which includes CSS aggregation files and theme files such as the site logo.
However the problem is that multiviews is a possible security issue - see https://hackerone.com/reports/25382
Proposed resolution
- Remove Options -MultiViews from the offending .htaccess files, since neither directory it appears in uses Clean URLs or RewriteRules.
- Enable
Options -MultiViewsin the root .htaccess with a large comment about pitfalls - Comment on some systems needing to set a
Options +FollowSymLinksorOptions + SymLinksIfOwnerMatch
Remaining tasks
Confirm rationale in #5
Test patch in #5
Document fix for users who have already installed.
User interface changes
None
API changes
None
Data model changes
None
Original report by @w1nz0r
hi,
i've made a fresh install with php 5.6.13 and after successful installation there is no theme used for any sites. Even setting the seven theme as default or changing back to the bartik theme doesn't work. All i see is a unformatted list of all titles and links on white background.
Any ideas how to fix this?
regards
w1nz0r