AccessFileName setting irgnored by s9y

Discussion corner for Developers of Serendipity.
Post Reply
emwede
Regular
Posts: 58
Joined: Thu Jun 22, 2006 10:38 am
Contact:
Contact emwede

AccessFileName setting irgnored by s9y

Post by emwede »

s9y oviously ignores the

Code: Select all

AccessFileName .xyz
setting in apache2-config and assumes it set to .htaccess constantly.

Background: for security or compatibility issues you may want to move away from files nameed .htaccess to files named whatever lets say .xyz.

as for compatibility issues there is an easy workaround by just linking

Code: Select all

ln -s .xyz .htaccess
you may nevertheless wish to prevent that link if you chose to use the AccessFileName Directive for security reasons.

As it should not be too hard to read the AccessFileName setting of the apache2.conf File from php, one might want to change the very code to use the setting made by the siteadmin instead of constantly writing to .htaccess (which is probably not used according to what was mentioned above. (e.g. in line 57 of /include/admin/configuration.inc.php)
Top
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:
Contact garvinhicking

Re: AccessFileName setting irgnored by s9y

Post by garvinhicking »

Hi!

Yes, there is no way for PHP-Scripts to detect that setting of Apache. It's an apache setting that PHP has no knowledge of.

You could configure the filename of .htaccess in s9y, but IMHO this makes things too complicated. I hardly know of setups where people really use different names for that file :)

So if you change it, you will need to patch code - I don't think a config setting for this would help most people, it would only confuse more people...?
As it should not be too hard to read the AccessFileName setting of the apache2.conf File from php
It would be hard. You would need to parse the whole file, parse out specific Virtual Hosts etc. Also, you don't know where the Apache config file lies exactly. And you would need to parse "Include" settings of that file because the directive could be in different files. Parsing this file is WAY too much work :)

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Top
emwede
Regular
Posts: 58
Joined: Thu Jun 22, 2006 10:38 am
Contact:
Contact emwede

Post by emwede »

Yeah garv,

I'm totaly with you.

A user accesible config-setting would be too much for this.

Though one could probably think of putting this into a config file only accessible to Installation Admins (same as)

Code: Select all

define('S9Y_CONFIG_USERTEMPLATE', S9Y_INCLUDE_PATH . 'include/tpl/config_personal.inc.php');
setting in serendipity_config.inc.php.

I realy was not aware and will have to convince myself oneday, that this is a "per virtual host" setting, as I knew AccessFileName only from apache2.conf as a Global per Server setting.

But actually even this file has root:root as owner an you're right, that on many (hardened) machines you will not have 755 settings on that to make it redable by the apache-chrooted-user.

Sorry for suggesting this.

regards
Michael
Top
Post Reply

Return to “Development”