From ddbb8cd67df0bd2b92f9b995e86504a3541e44dc Mon Sep 17 00:00:00 2001
From: Paul W. Frields <stickster@gmail.com>
Date: Fri, 4 Mar 2011 01:20:11 +0000
Subject: [PATCH] Add unmanaged files to Drupal.

The app settings PHP file has the password removed.
---
 modules/drupal6/files/drupal6-site.htaccess |  116 +++++++++++++
 modules/drupal6/files/drupal6.conf          |   17 ++
 modules/drupal6/files/files-htaccess        |    3 +
 modules/drupal6/files/settings.php          |  239 +++++++++++++++++++++++++++
 4 files changed, 375 insertions(+), 0 deletions(-)
 create mode 100644 modules/drupal6/files/drupal6-site.htaccess
 create mode 100644 modules/drupal6/files/drupal6.conf
 create mode 100644 modules/drupal6/files/files-htaccess
 create mode 100644 modules/drupal6/files/settings.php

diff --git a/modules/drupal6/files/drupal6-site.htaccess b/modules/drupal6/files/drupal6-site.htaccess
new file mode 100644
index 0000000..c5f9a2d
--- /dev/null
+++ b/modules/drupal6/files/drupal6-site.htaccess
@@ -0,0 +1,116 @@
+#
+# Apache/PHP/Drupal settings:
+#
+
+# Protect files and directories from prying eyes.
+<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
+  Order allow,deny
+</FilesMatch>
+
+# Don't show directory listings for URLs which map to a directory.
+Options -Indexes
+
+# Follow symbolic links in this directory.
+Options +FollowSymLinks
+
+# Make Drupal handle any 404 errors.
+ErrorDocument 404 /index.php
+
+# Force simple error message for requests for non-existent favicon.ico.
+<Files favicon.ico>
+  # There is no end quote below, for compatibility with Apache 1.3.
+  ErrorDocument 404 "The requested file favicon.ico was not found.
+</Files>
+
+# Set the default handler.
+DirectoryIndex index.php
+
+# Override PHP settings. More in sites/default/settings.php
+# but the following cannot be changed at runtime.
+
+# PHP 4, Apache 1.
+<IfModule mod_php4.c>
+  php_value magic_quotes_gpc                0
+  php_value register_globals                0
+  php_value session.auto_start              0
+  php_value mbstring.http_input             pass
+  php_value mbstring.http_output            pass
+  php_value mbstring.encoding_translation   0
+</IfModule>
+
+# PHP 4, Apache 2.
+<IfModule sapi_apache2.c>
+  php_value magic_quotes_gpc                0
+  php_value register_globals                0
+  php_value session.auto_start              0
+  php_value mbstring.http_input             pass
+  php_value mbstring.http_output            pass
+  php_value mbstring.encoding_translation   0
+</IfModule>
+
+# PHP 5, Apache 1 and 2.
+<IfModule mod_php5.c>
+  php_value magic_quotes_gpc                0
+  php_value register_globals                0
+  php_value session.auto_start              0
+  php_value mbstring.http_input             pass
+  php_value mbstring.http_output            pass
+  php_value mbstring.encoding_translation   0
+</IfModule>
+
+# Requires mod_expires to be enabled.
+<IfModule mod_expires.c>
+  # Enable expirations.
+  ExpiresActive On
+
+  # Cache all files for 2 weeks after access (A).
+  ExpiresDefault A1209600
+
+  <FilesMatch \.php$>
+    # Do not allow PHP scripts to be cached unless they explicitly send cache
+    # headers themselves. Otherwise all scripts would have to overwrite the
+    # headers set by mod_expires if they want another caching behavior. This may
+    # fail if an error occurs early in the bootstrap process, and it may cause
+    # problems if a non-Drupal PHP file is installed in a subdirectory.
+    ExpiresActive Off
+  </FilesMatch>
+</IfModule>
+
+# Various rewrite rules.
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+
+  # If your site can be accessed both with and without the 'www.' prefix, you
+  # can use one of the following settings to redirect users to your preferred
+  # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
+  #
+  # To redirect all users to access the site WITH the 'www.' prefix,
+  # (http://example.com/... will be redirected to http://www.example.com/...)
+  # adapt and uncomment the following:
+  # RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
+  # RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
+  #
+  # To redirect all users to access the site WITHOUT the 'www.' prefix,
+  # (http://www.example.com/... will be redirected to http://example.com/...)
+  # uncomment and adapt the following:
+  # RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
+  # RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
+
+  # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
+  # VirtualDocumentRoot and the rewrite rules are not working properly.
+  # For example if your site is at http://example.com/drupal uncomment and
+  # modify the following line:
+  RewriteBase /drupal
+  #
+  # If your site is running in a VirtualDocumentRoot at http://example.com/,
+  # uncomment the following line:
+  # RewriteBase /
+
+  # Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
+  RewriteCond %{REQUEST_FILENAME} !-f
+  RewriteCond %{REQUEST_FILENAME} !-d
+  RewriteCond %{REQUEST_URI} !=/favicon.ico
+  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
+</IfModule>
+
+# $Id: .htaccess,v 1.90.2.5 2010/02/02 07:25:22 dries Exp $
diff --git a/modules/drupal6/files/drupal6.conf b/modules/drupal6/files/drupal6.conf
new file mode 100644
index 0000000..0565f4f
--- /dev/null
+++ b/modules/drupal6/files/drupal6.conf
@@ -0,0 +1,17 @@
+#
+# Drupal is an open-source content-management platform.
+#
+
+Alias /drupal /usr/share/drupal6
+
+<Directory /usr/share/drupal6/>
+        Order Deny,Allow
+	#Comment the following line and uncomment the next for public use 
+        #Deny from all
+	Allow from all
+	#Uncomment the following line for setup
+        #Allow from 127.0.0.1
+	AllowOverride All
+	#Uncomment the next line if using with SSL/TLS
+	#php_flag session.cookie_secure on
+</Directory>
diff --git a/modules/drupal6/files/files-htaccess b/modules/drupal6/files/files-htaccess
new file mode 100644
index 0000000..189ef8d
--- /dev/null
+++ b/modules/drupal6/files/files-htaccess
@@ -0,0 +1,3 @@
+SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
+Options None
+Options +FollowSymLinks
\ No newline at end of file
diff --git a/modules/drupal6/files/settings.php b/modules/drupal6/files/settings.php
new file mode 100644
index 0000000..f0d8325
--- /dev/null
+++ b/modules/drupal6/files/settings.php
@@ -0,0 +1,239 @@
+<?php
+// $Id: default.settings.php,v 1.8.2.4 2009/09/14 12:59:18 goba Exp $
+
+/**
+ * @file
+ * Drupal site-specific configuration file.
+ *
+ * IMPORTANT NOTE:
+ * This file may have been set to read-only by the Drupal installation
+ * program. If you make changes to this file, be sure to protect it again
+ * after making your modifications. Failure to remove write permissions
+ * to this file is a security risk.
+ *
+ * The configuration file to be loaded is based upon the rules below.
+ *
+ * The configuration directory will be discovered by stripping the
+ * website's hostname from left to right and pathname from right to
+ * left. The first configuration file found will be used and any
+ * others will be ignored. If no other configuration file is found
+ * then the default configuration file at 'sites/default' will be used.
+ *
+ * For example, for a fictitious site installed at
+ * http://www.drupal.org/mysite/test/, the 'settings.php'
+ * is searched in the following directories:
+ *
+ *  1. sites/www.drupal.org.mysite.test
+ *  2. sites/drupal.org.mysite.test
+ *  3. sites/org.mysite.test
+ *
+ *  4. sites/www.drupal.org.mysite
+ *  5. sites/drupal.org.mysite
+ *  6. sites/org.mysite
+ *
+ *  7. sites/www.drupal.org
+ *  8. sites/drupal.org
+ *  9. sites/org
+ *
+ * 10. sites/default
+ *
+ * If you are installing on a non-standard port number, prefix the
+ * hostname with that number. For example,
+ * http://www.drupal.org:8080/mysite/test/ could be loaded from
+ * sites/8080.www.drupal.org.mysite.test/.
+ */
+
+/**
+ * Database settings:
+ *
+ * Note that the $db_url variable gets parsed using PHP's built-in
+ * URL parser (i.e. using the "parse_url()" function) so make sure
+ * not to confuse the parser. If your username, password
+ * or database name contain characters used to delineate
+ * $db_url parts, you can escape them via URI hex encodings:
+ *
+ *   : = %3a   / = %2f   @ = %40
+ *   + = %2b   ( = %28   ) = %29
+ *   ? = %3f   = = %3d   & = %26
+ *
+ * To specify multiple connections to be used in your site (i.e. for
+ * complex custom modules) you can also specify an associative array
+ * of $db_url variables with the 'default' element used until otherwise
+ * requested.
+ *
+ * You can optionally set prefixes for some or all database table names
+ * by using the $db_prefix setting. If a prefix is specified, the table
+ * name will be prepended with its value. Be sure to use valid database
+ * characters only, usually alphanumeric and underscore. If no prefixes
+ * are desired, leave it as an empty string ''.
+ *
+ * To have all database names prefixed, set $db_prefix as a string:
+ *
+ *   $db_prefix = 'main_';
+ *
+ * To provide prefixes for specific tables, set $db_prefix as an array.
+ * The array's keys are the table names and the values are the prefixes.
+ * The 'default' element holds the prefix for any tables not specified
+ * elsewhere in the array. Example:
+ *
+ *   $db_prefix = array(
+ *     'default'   => 'main_',
+ *     'users'     => 'shared_',
+ *     'sessions'  => 'shared_',
+ *     'role'      => 'shared_',
+ *     'authmap'   => 'shared_',
+ *   );
+ *
+ * Database URL format:
+ *   $db_url = 'mysql://username:password@localhost/databasename';
+ *   $db_url = 'mysqli://username:password@localhost/databasename';
+ *   $db_url = 'pgsql://username:password@localhost/databasename';
+ */
+$db_url = 'mysqli://drupaladmin:<PASSWORD>@localhost/drupal';
+$db_prefix = '';
+
+/**
+ * Access control for update.php script
+ *
+ * If you are updating your Drupal installation using the update.php script
+ * being not logged in as administrator, you will need to modify the access
+ * check statement below. Change the FALSE to a TRUE to disable the access
+ * check. After finishing the upgrade, be sure to open this file again
+ * and change the TRUE back to a FALSE!
+ */
+$update_free_access = FALSE;
+
+/**
+ * Base URL (optional).
+ *
+ * If you are experiencing issues with different site domains,
+ * uncomment the Base URL statement below (remove the leading hash sign)
+ * and fill in the absolute URL to your Drupal installation.
+ *
+ * You might also want to force users to use a given domain.
+ * See the .htaccess file for more information.
+ *
+ * Examples:
+ *   $base_url = 'http://www.example.com';
+ *   $base_url = 'http://www.example.com:8888';
+ *   $base_url = 'http://www.example.com/drupal';
+ *   $base_url = 'https://www.example.com:8888/drupal';
+ *
+ * It is not allowed to have a trailing slash; Drupal will add it
+ * for you.
+ */
+# $base_url = 'http://www.example.com';  // NO trailing slash!
+
+/**
+ * PHP settings:
+ *
+ * To see what PHP settings are possible, including whether they can
+ * be set at runtime (ie., when ini_set() occurs), read the PHP
+ * documentation at http://www.php.net/manual/en/ini.php#ini.list
+ * and take a look at the .htaccess file to see which non-runtime
+ * settings are used there. Settings defined here should not be
+ * duplicated there so as to avoid conflict issues.
+ */
+ini_set('arg_separator.output',     '&amp;');
+ini_set('magic_quotes_runtime',     0);
+ini_set('magic_quotes_sybase',      0);
+ini_set('session.cache_expire',     200000);
+ini_set('session.cache_limiter',    'none');
+ini_set('session.cookie_lifetime',  2000000);
+ini_set('session.gc_maxlifetime',   200000);
+ini_set('session.save_handler',     'user');
+ini_set('session.use_cookies',      1);
+ini_set('session.use_only_cookies', 1);
+ini_set('session.use_trans_sid',    0);
+ini_set('url_rewriter.tags',        '');
+
+/**
+ * If you encounter a situation where users post a large amount of text, and
+ * the result is stripped out upon viewing but can still be edited, Drupal's
+ * output filter may not have sufficient memory to process it. If you
+ * experience this issue, you may wish to uncomment the following two lines
+ * and increase the limits of these variables. For more information, see
+ * http://php.net/manual/en/pcre.configuration.php.
+ */
+# ini_set('pcre.backtrack_limit', 200000);
+# ini_set('pcre.recursion_limit', 200000);
+
+/**
+ * Drupal automatically generates a unique session cookie name for each site
+ * based on on its full domain name. If you have multiple domains pointing at
+ * the same Drupal site, you can either redirect them all to a single domain
+ * (see comment in .htaccess), or uncomment the line below and specify their
+ * shared base domain. Doing so assures that users remain logged in as they
+ * cross between your various domains.
+ */
+# $cookie_domain = 'example.com';
+
+/**
+ * Variable overrides:
+ *
+ * To override specific entries in the 'variable' table for this site,
+ * set them here. You usually don't need to use this feature. This is
+ * useful in a configuration file for a vhost or directory, rather than
+ * the default settings.php. Any configuration setting from the 'variable'
+ * table can be given a new value. Note that any values you provide in
+ * these variable overrides will not be modifiable from the Drupal
+ * administration interface.
+ *
+ * Remove the leading hash signs to enable.
+ */
+# $conf = array(
+#   'site_name' => 'My Drupal site',
+#   'theme_default' => 'minnelli',
+#   'anonymous' => 'Visitor',
+/**
+ * A custom theme can be set for the off-line page. This applies when the site
+ * is explicitly set to off-line mode through the administration page or when
+ * the database is inactive due to an error. It can be set through the
+ * 'maintenance_theme' key. The template file should also be copied into the
+ * theme. It is located inside 'modules/system/maintenance-page.tpl.php'.
+ * Note: This setting does not apply to installation and update pages.
+ */
+#   'maintenance_theme' => 'minnelli',
+/**
+ * reverse_proxy accepts a boolean value.
+ *
+ * Enable this setting to determine the correct IP address of the remote
+ * client by examining information stored in the X-Forwarded-For headers.
+ * X-Forwarded-For headers are a standard mechanism for identifying client
+ * systems connecting through a reverse proxy server, such as Squid or
+ * Pound. Reverse proxy servers are often used to enhance the performance
+ * of heavily visited sites and may also provide other site caching,
+ * security or encryption benefits. If this Drupal installation operates
+ * behind a reverse proxy, this setting should be enabled so that correct
+ * IP address information is captured in Drupal's session management,
+ * logging, statistics and access management systems; if you are unsure
+ * about this setting, do not have a reverse proxy, or Drupal operates in
+ * a shared hosting environment, this setting should be set to disabled.
+ */
+#   'reverse_proxy' => TRUE,
+/**
+ * reverse_proxy accepts an array of IP addresses.
+ *
+ * Each element of this array is the IP address of any of your reverse
+ * proxies. Filling this array Drupal will trust the information stored
+ * in the X-Forwarded-For headers only if Remote IP address is one of
+ * these, that is the request reaches the web server from one of your
+ * reverse proxies. Otherwise, the client could directly connect to
+ * your web server spoofing the X-Forwarded-For headers.
+ */
+#   'reverse_proxy_addresses' => array('a.b.c.d', ...),
+# );
+
+/**
+ * String overrides:
+ *
+ * To override specific strings on your site with or without enabling locale
+ * module, add an entry to this list. This functionality allows you to change
+ * a small number of your site's default English language interface strings.
+ *
+ * Remove the leading hash signs to enable.
+ */
+# $conf['locale_custom_strings_en'] = array(
+#   'forum'      => 'Discussion board',
+#   '@count min' => '@count minutes',
+# );
-- 
1.5.5.6