diff -r 07239de796bb -r e756a8c72c3d cms/drupal/sites/default/files/.htaccess
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cms/drupal/sites/default/files/.htaccess	Fri Sep 08 12:04:06 2017 +0200
@@ -0,0 +1,15 @@
+# Turn off all options we don't need.
+Options None
+Options +SymLinksIfOwnerMatch
+
+# Set the catch-all handler to prevent scripts from being executed.
+SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
+<Files *>
+  # Override the handler again if we're run later in the evaluation list.
+  SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
+</Files>
+
+# If we know how to do it safely, disable the PHP engine entirely.
+<IfModule mod_php5.c>
+  php_flag engine off
+</IfModule>
\ No newline at end of file