diff --git a/lib/util.php b/lib/util.php
index 7792f96d4459ef3400276aa0632b0f0475d35612..8a2d913109dd33ff35599266b0409e48afe03cbe 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -420,18 +420,57 @@ class OC_Util {
 		}
 	}
 	
-	/**
-	 * @brief Public function to sanitize HTML
-	 *
+	/**
+	 * @brief Public function to sanitize HTML
+	 *
 	 * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
 	 * 
 	 * @param string or array of strings
-	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
 	 */
-	public static function sanitizeHTML( &$value ){
-		if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
-		else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
+	public static function sanitizeHTML( &$value ){
+		if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
+		else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
 		return $value;
 	}
 
+
+        /**
+         * Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http
+         */
+        public static function ishtaccessworking() {
+
+		// testdata
+		$filename='/htaccesstest.txt';
+		$testcontent='testcontent';
+
+		// creating a test file
+                $testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename;
+                $fp = @fopen($testfile, 'w');
+                @fwrite($fp, $testcontent);
+                @fclose($fp);
+
+		// accessing the file via http
+                $url = OC_Helper::serverProtocol(). '://'  . OC_Helper::serverHost() . OC::$WEBROOT.'/data'.$filename;
+                $fp = @fopen($url, 'r');
+                $content=@fread($fp, 2048);
+                @fclose($fp);
+
+		// cleanup
+		@unlink($testfile);
+
+		// does it work ?
+		if($content==$testcontent) {
+			return(false);
+		}else{
+			return(true);
+
+		}
+
+        }
+
+
+
+
+
 }
diff --git a/settings/admin.php b/settings/admin.php
old mode 100644
new mode 100755
index a997bad4e3c8553987a73f0ec87ea4194d057dc5..8369ee64e062f6a506ce01fb25f97e1905fd1ec9
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -15,6 +15,7 @@ OC_App::setActiveNavigationEntry( "admin" );
 
 $tmpl = new OC_Template( 'settings', 'admin', 'user');
 $forms=OC_App::getForms('admin');
+$htaccessworking=OC_Util::ishtaccessworking();
 
 $entries=OC_Log_Owncloud::getEntries(3);
 function compareEntries($a,$b){
@@ -24,6 +25,7 @@ usort($entries, 'compareEntries');
 
 $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
 $tmpl->assign('entries',$entries);
+$tmpl->assign('htaccessworking',$htaccessworking);
 $tmpl->assign('forms',array());
 foreach($forms as $form){
 	$tmpl->append('forms',$form);
diff --git a/settings/css/settings.css b/settings/css/settings.css
index df1e3cfd3c2947bbf0f96d0a58213562d05c0c15..80e96df5e66d57b70e2ce820e1df46c47dc3111f 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -48,5 +48,8 @@ li.active { color:#000; }
 small.externalapp { color:#FFF; background-color:#BBB; font-weight:bold; font-size:6pt; padding:4px; border-radius: 4px;}
 span.version { margin-left:3em; color:#ddd; }
 
-/* LOF */
+/* LOG */
 #log { white-space:normal; }
+
+/* ADMIN */
+span.securitywarning {color:#C33; font-weight:bold; }
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
old mode 100644
new mode 100755
index 38c6042c82ae68fa5022b0c6d75d3a4a452a7241..a9f727d6764b4b8f1aacced60ce6c995d5646bbc
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -6,6 +6,21 @@
 $levels=array('Debug','Info','Warning','Error','Fatal');
 ?>
 
+<?php
+
+if(!$_['htaccessworking']) {
+?>
+<fieldset class="personalblock">
+	<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+
+	<span class="securitywarning">Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.</span>
+	
+</fieldset>	
+<?php	
+}
+?>
+
+
 <?php foreach($_['forms'] as $form){
 	echo $form;
 };?>