Files all viewable if Apache's AllowOverride is None

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Install as normal and have AllowOverride None in your site config for apache

What is the expected output? What do you see instead?
The upload/files folder is now viewable and is not blocked my the 
upload/.htaccess file.

What version of the product are you using? On what operating system?
r561 on Ubuntu Server, which has the default configuration for /var/www to be 
AllowOverride None.

Please provide any additional information below.
This could be fixed by providing an index.php file in upload/files and 
disallowing the upload of any file with that name to the system, which would 
not be a bad idea in itself.

If that is not an option, the installer should warn that AllowOverride is not 
working and that it should be remedied.

Original issue reported on code.google.com by [email protected] on 7 Dec 2014 at 10:18

[GoogleCodeExporter]

AllowOverride None disables the .htaccess files from being used throughout the 
website. Your Apache config is wrong.

Attached a -working- example.

Original comment by [email protected] on 13 Jan 2015 at 8:36

Attachments:

• httpd.conf.txt

[GoogleCodeExporter]

I am aware of this, but the installation does not warn against it, so there 
should be a fallback such as a blank index.html or index.php to prevent 
misconfigured servers ruining all file security

Original comment by [email protected] on 15 Jan 2015 at 6:10