function file_create_htaccess

7.x file_create_htaccess($directory, $private = TRUE)

Creates a .htaccess file in the given directory.


$directory: The directory.

$private: FALSE indicates that $directory should be an open and public directory. The default is TRUE which indicates a private and protected directory.

Related topics

2 calls to file_create_htaccess()
file_ensure_htaccess in drupal/includes/
Creates a .htaccess file in each Drupal files directory if it is missing.
system_check_directory in drupal/modules/system/system.module
Checks the existence of the directory specified in $form_element.


drupal/includes/, line 474
API for handling file uploads and server file management.


function file_create_htaccess($directory, $private = TRUE) {
  if (file_uri_scheme($directory)) {
    $directory = file_stream_wrapper_uri_normalize($directory);
  else {
    $directory = rtrim($directory, '/\\');
  $htaccess_path = $directory . '/.htaccess';

  if (file_exists($htaccess_path)) {
    // Short circuit if the .htaccess file already exists.

  if ($private) {
    // Private .htaccess file.
    $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nDeny from all\nOptions None\nOptions +FollowSymLinks";
  else {
    // Public .htaccess file.
    $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";

  // Write the .htaccess file.
  if (file_put_contents($htaccess_path, $htaccess_lines)) {
    drupal_chmod($htaccess_path, 0444);
  else {
    $variables = array(
      '%directory' => $directory,
      '!htaccess' => '<br />' . nl2br(check_plain($htaccess_lines)),
    watchdog('security', "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", $variables, WATCHDOG_ERROR);