Take Control Module


Take Control is a set of modules for Drupal for managing various administrative tasks particularly related to the file system. It allows you to take control of the file-system folder by specifying custom permissions on it from Drupal.

Business Needs

All Drupal versions prior to 4.6.8 and 4.7.2 had a bug that allowed malicious users to execute arbitrary code on your Drupal website by uploading .php/.php.txt files to the server. In response to this, the solution that Drupal came out was to add a SetHandler directive to the .htaccess file of your sites’ files folder, and set an invalid non-existent Handler for all files in that folder. This effectively meant that Apache returned an error trying to parse any file in this folder, because this directive forces matching files to be parsed through the handler which does not exist. So, this ultimately prevents execution of any code through the sites files’ folder.

According to this issue, the bug in the Drupal code has been resolved. However, the advisory is to still keep this directive in .htaccess file, because some seemlingly innocent files (like .php.txt) get executed as PHP in many configurations.

Our Solution

Created module for Drupal community that allows you to take control of your Drupal installation in general, and the file-system folder in particular, both from within as well as from outside Drupal byspecifying custom permissions on it. Additionally, you can specify delete any directory/file owned by Drupal using this module.

Reference links:


Share this: