[Pmwiki-users] What is the *patch file for?
Patrick R. Michaud
pmichaud
Mon Dec 6 08:52:06 CST 2004
On Mon, Dec 06, 2004 at 10:18:39AM -0500, Neil Herber wrote:
>
> The GZipped tarball for pmwiki-2.0.beta6 expands as I would expect with one
> exception: it contains a "local" folder with an .htaccess file. That file
> contains only one line:
> AddType text/plain .php
> which I assume is installing another MIME type on the web server.
>
> Why is this needed? There is already a".php" MIME type in the HTTPD "conf"
> file.
> Why is the .htaccess file in the "local" folder? Isn't this folder supposed
> to be for my local scripts?
Oooooops! Yes, that file needs to be there, but it should have different
contents -- it should instead read:
Order allow,deny
Deny from all
The purpose of the file is to prevent browsers from executing the scripts
in local/ directly -- i.e., we don't want someone to be able to do
http://www.example.com/pmwiki/local/config.php, because they might be
able to take advantage of config.php to make it do things that it wouldn't
do when called from pmwiki.php.
We should also probably have a similar file in the cookbook/ directory,
but I'll leave that out for the time being.
And yes, local/ is reserved for the sites local scripts, but I make an
exception for this one file. I think for new site admins it's
important that PmWiki already have local/.htaccess file in place for
the initial installation, so the admin doesn't get a nasty hacking
surprise later on.
It'll be fixed in the next release.
Pm
More information about the pmwiki-users
mailing list