feat: add tag to indicate or detect datadirectory .htaccess

Versus the installroot/webroot .htaccess

Signed-off-by: Josh <[email protected]>

Author: joshtrichards

lib/private/Setup.php

@@ -579,7 +579,7 @@ public static function updateHtaccess(): bool {
 			return false;
 		}
 
-		// We're a static method; cannot use DI $this->config
+		// We're a static method; cannot use $this->config
 		$config = Server::get(SystemConfig::class);
 
 		try {
@@ -588,6 +588,10 @@ public static function updateHtaccess(): bool {
 			return false;
 		}
 
+		// TODO: Add a check to detect when the .htaccess file isn't the expected one 
+		// (e.g. when it's the datadirectory one due to a misconfiguration) so that we
+		// don't append to the wrong file (and enable a very problematic configuration).
+
 		// Read original content
 		$original = @file_get_contents($htaccessPath);
 		// extra check for good measure
@@ -698,6 +702,8 @@ public static function protectDataDirectory(): void {
 		// Content for the .htaccess file that locks down (most) Apache environments
 		$now = date('Y-m-d H:i:s');
 		$content = "# Generated by Nextcloud on $now\n";
+		$content .= "# Deployed in Nextcloud data directory\n";
+		$content .= "# Do not change this file\n\n";
 		$content .= "# Section for Apache 2.4 to 2.6\n";
 		$content .= "<IfModule mod_authz_core.c>\n";
 		$content .= "  Require all denied\n";