Following an audit, I've been tasked to remove extraneous files from the Twig 1.x vendor directory in one of our sites. Planning on removing /twig/twig/doc, /twig/twig/test and see if anything breaks.
What about /twig/twig/ext/twig/run-tests.php, or the entire "ext" directory?
Does anyone have prior experience weeding a default Twig 1.x installation for production environments? Any assistance or advice gratefully welcomed.
The correct action would be to update your site's layout so that these files are outside your web server's document root -- then you don't have to worry about what to delete and what to leave. You probably have something like this, where your web server's document root is pointing directly at /path/to/project:
/path/to/project
/lib
foo.php
bar.php
/twig
/twig
/doc
/test
index.php
This means anybody can directly request http://yourdomain.com/twig/twig/test/some_file.php
What you want is more like this:
/path/to/project
/public
index.php
/lib
foo.php
bar.php
/twig
/twig
/doc
/test
Then configure your web server so that its document root is /path/to/project/public. Then your application code can still include() things in /twig and /lib, but your web server won't directly serve them.
If your removing files from the vendor directory they'll come back the next time you do a composer install so this seems kind of pointless.
The files you mention (docs and test) are causing no harm other than taking up space as they are not directly called, but that's just a downside to any package management system. Like #Alex said as long as they are not publicly accessible there is no need to worry.
If you really want Twig without the extra files you could fork the project, move it into your own Git repo then reference that in your composer.json instead of the official one - but you will miss out on any updates from Twig.
We're running on Apache, so the easiest solution was to simply add a .htaccess file to the top vendor directory:
# Prevent non-local access to the vendor directory.
Order deny,allow
Deny from all
Directory structure:
/root
/vendor
.htaccess
/twig
...
/includes
...
Now the PHP scripts continue to have access, but external attempts to view anything inside the vendor directory return a 403 error.
Currently I am developing a small headless CMS. If anyone wants to use it he should just copy the root folder of my CMS and put it into his public_html folder. So for any requests to the CMS the URL looks like this:
example.com/my-cms-name/subfolder/...
To better organize third-party libraries I decided to use composer. But now I have the composer.json file and the vendor file in my CMS folder which is going to be in the public_html folder. So everything from composer will be available for everybody which is obviously not a good practice.
How can I overcome this problem? Should I do all composer things separately in a different folder? But then the user of my CMS has to include multiple folders into multiple directories which makes everything more complicated...
I agree to Half Crazed. Probably people will have to upload your CMS files via FTP anyway and set a root path. So you might as well divide your scripts in private and public ones. So a directory structure like this might be a good idea.
-config
-public_html (root path that people must point their domain to)
-css
-javascript
-images
-index.php
-.htaccess (optional)
-src (where your namespaced script should reside )
--MyApp
-vendor
-composer.json
-composer.lock
Update composer.json and add your own src, run update command. Then include the vendor autoload.php in your index.php and go the router/controller way.
I am trying to integrate some new Symfony3 apps into an existing web space. At my webroot /html, each app has it's own directory. Each of these apps could be anything- cakePHP, custom PHP, whatever. And each are accessed by a URL like localhost/appname. This structure is not flexible and I am not able to add anymore URL patterns to vhosts or anything like that.
Therefore, I have my Symfony3 install at /symfony which is a sibling directory of /html. Inside of /html I have a landing directory for my Symfony app: /html/symfonyapp.
In /html/symfonyapp/index.php I have one sole line of code:
require_once DIR.'/../../symfony/web/app.php';
In my Symfony set up, I have a bundle called SymfonyappBundle. I have a route configured in src/SymfonyappBundle/Resources/config/routing.yml to redirect calls to /symfonyapp to this particular Bundle.
The routing is not working. Calls to http://localhost/symfonyapp always end up going to the routing for "/" Why? I feel that it has nothing to do with my Symfony setup, but instead something to do with the request coming in through that /html/Symfonyapp/index.php file.
Any help is greatly appreciated!
Edit: I see it's helpful to list out the directory structure so here it is:
- /var/www/html <-- this is your (global) web root
|- cake-app
|- custom-php-app
|-symfonyapp
|—index.php (which contains only a require for app.php)
-/var/www/symfony <—symphony standard install here
|- app/
|- vendor/
|- src/
|- web/ <-- the web root for your symfony-app
|- .htaccess
|- app.php <-- the "boot"-script similar to index.php
I hope I got this right. Your directory structure looks something like this:
- /var/www/html <-- this is your (global) web root
|- cake-app
|- custom-php-app
|- symfony <-- the project root for you symfony-app
|- app/
|- vendor/
|- src/
|- web/ <-- the web root for your symfony-app
|- .htaccess
|- app.php <-- the "boot"-script similar to index.php
So basically you have a typical Symfony-application, but it sits inside a shared web root. So when accessing it you don't go to http://example.com/, but instead to http://example.com/symfony/web/
This might be the first problem you are having. Your application must be accessed from the web folder, not from the symfony-folder. Depending on for example some rewrite rules in /var/www/html/.htaccess you might not be able to look through files in the symfony-subfolder and there is no entry script, so it will not work. Dependening on your setup you might not even have permission to rewrite the url per .htaccess or in your server's config, this would complicate things a bit further. For now let's assume the .htaccess-file in web/ does work and it's just a matter of the wrong folder your url is pointing at.
There are multiple options you have if you want the url to be accessible at http://example.com/symfony/ (without the web/-part). Symfony's project structure is actually pretty flexible and you could get rid of the symfony/web/-folder and instead use symfony/ as your web root. There might be some gotchas for example with some install scripts that copy resources like css and js into your web-root. You could also run into issues when bundles point to the web-directory, e.g. for storing uploads. You probably have to make a few adjustments but a basic setup should be doable in no time by moving all files from web to the parent folder (including the .htaccess which might be hidden).
Another option might be to create a new .htaccess in symfony's project root that points to web/app.php instead of just app.php. You could take the existing file as a reference. I try to avoid using htaccess-files and don't have a setup right now were I could try it, but it might be worth a shot before moving lots of files around. Although you still might run into issues with assets where the path is not matched correctly.
edit: another option that's probably more work, but might be useful if you want to migrate away from the other existing web apps to just a Symfony app is, to move symfony to the same level as html/ and move all the stuff from web/ into html/. Now your server's web root is also symfony's web root (again you might have to fiddle around with assets expecting to be in a folder called web/). Now you just need to make sure that whenever Symfony does not find a route it will pass the request to your other apps. There are several things to look out for and it's a lot more work than the 2 approaches above, but in can be useful. There was a pretty good talk about it at last year's SymfonyCon in Berlin on how to do this if you are interested in this route:
https://github.com/SymfonyCon/2016-talks#modernizing-with-symfony
https://slidr.io/derrabus/modernizing-with-symfony
Unfortunately the video of the talk is not out yet.
The solution that I found was to add a custom Kernel for each web application. So for each folder I have under my webroot /var/www/html, I added a new Kernel in Symfony. Each Kernel has it's own routing and config files, which solved my routing issues! I followed this symfony doc to set up the kernels: http://symfony.com/doc/current/configuration/multiple_kernels.html
App1:
webroot: /var/www/html/app1/index.php has the typical app.php code in it which initializes App1 Kernel as such: $kernel = new App1Kernel('dev', true);
symfony details: in app/config I added one directory per Kernel , so this would be app/config/app1. I copied all config, routing, service files into this directory and reference the custom Bundle for the app.
App2:
webroot: /var/www/html/app2/index.php has the typical app.php code in it which initializes App1 Kernel as such: $kernel = new App2Kernel('dev', true);
symfony details: in app/config I added one directory per Kernel , so this would be app/config/app2. I copied all config, routing, service files into this directory and reference the custom Bundle for the app and changed any references to Bundles to the appropriate bundle.
I can not find reply to my question.
I am trying to understand how i should deploy symfony2 app on shared hosting.
I know i should rename my "web" catalog to "public_html", but i have many sites in this catalog.
My catalog's structure is like:
-public_html
-www.firstsite.com
-www.secondsite.com
...
-www.nextsite.com
-private_html
So where i should put my files? app,src,vendor under public_html, and files from web i should put directly to "public_html"? Or catalog web should be in public_html and other files under public_html?
So i will have:
-public_html
-...
-web
-private_html
-app
-src
-...
EDIT:
Now i have whole app in "public_html/example/"
It's work fine, but it is safe?
You should create a folder for your new website inside "public_html".
Let's say you have the domain "example.com".
You will have: public_html/example.com, public_html/example2.com, ..
Inside the folder example.com you will copy the folders: app, src, public.. (all Symfony's project main folders and files).
To answer to your question. "EDIT: Now i have whole app in "public_html/example/" It's work fine, but it is safe?". Yes, it's safe.
Just search on google for: "prevent directory traversal", if you want to make sure that it's secure.
Alternative solution could be installing/deploying Symfony in a folder outside "public_html", let's name it "symfony_app".
Then, your directory structure could look something like this:
-public_html
-www.firstsite.com
-www.secondsite.com
...
-symfony_app
And then, you should make a symlink of a Symfony "web" folder in the "public_html" folder.
For example:
ln -s /home/your_username/symfony_app/web /home/your_username/public_html/www.symfony-site.com
** folder named "www.symfony-site.com" must not exist in "public_html" before creating symlink!
Last step would be adding new subdomain in cPanel. There you should connect your new subdomain with "www.symfony-site.com" symlink inside "public_html".
I am creating a very large PHP MVC-based site that will have a large library of php classes, javascripts, and many css files (not to mention a large amount of files for the MVC).
For the first time ever, I am actually taking the time to plan out a clean and organized directory structure.
What directory structures do you typically use, and which will be easiest to manuever when there are thousands of files?
This is my setup. It's worked great for me for small - very large projects (including a social network).
These folders would all live within my main application folder:
config - contains custom PHP config files
css - contains the project's CSS files
helpers - contains 'helper' files (each file is a collection of functions)
images - contains the project's images
js - contains the project's Javascript files
lib - contains PHP classes specific to the project
modules - My MVC framework allows packaging site sections as modules
blog - An example module
controllers - contains the controllers for the module
models - contains the models for the module
views - contains the views for the module
views - contains views that should be globally accessible (page header, footer, etc)
All the directories could obviously contain sub-folders that would further organize your files. For example, the 'css' folder could have sub-folders named 'web' and 'mobile'. The 'images' folder could contain a 'user_uploaded' folder which could then contain`'profile'. And of course you can add folders as you see fit, in one project I have a folder called 'uploaders' which just contains stand-alone upload scripts.
I also use convenience methods which help construct the filenames of what I want to load. For example, my loadView() will look for the view file in the current module directory, or if you pass an optional $module argument, it will look specifically within that module's folder.
I hope this helps.
You should have one directory as web root, where only files you want exposed to the whole internet should reside.
project/
web/
index.php
css/
js/
images/
config/
lib/
web/ is the root shown to visitors
lib/ is here the library folder, and where autoload look for files.
You can add more subfolders to project/ like controller, modules, view, helper, etc. This depends on your framework.
EDIT:
If you use composer (which I recommend) and maybe npm with grunt and less your file structure would be the following:
project/
web/
js/
css/
images/
index.php
cli/
config/
config.php
node_modules/
src/
test/
vendor/
composer.json
composer.lock
packages.json
web/ has all your public files
cli/ scripts and programs to be run from command line NOT the web
config/ has all your config files (in git you ignore config.php and instead have config.dist.php without usernames, passwords, validation codes and table prefixes/suffixes and other "secrets")
node_modules/ has all your library files from npm (in git I suggest you put this in a submodule)
src has all your local PHP files in psr4 structure, set up to autoload in composer.json
test/ has all your unit tests for your src classes, set up in autload-dev in composer.json (remember to use composer install --no-dev on live, maybe add -o if you don't have too many classes)
vendor has all your library files from composer and the ONE AND ONLY autoload.php to be included in web/index.php and any cli scripts (in git I suggest you ignore this vendor folder)
Add other folders and files as required for your project.
For deployment use this structure:
/sites/project/ (project is your projectname)
current (alias to current release folder releases/v1.1.0)
previous (optional alias to previous release folder releases/v1.0.1)
releases/
v1.0.0/ (git checkout of tag v1.0.0)
v1.0.1/ (git checkout of tag v1.0.1)
v1.1.0/ (git checkout of tag v1.1.0)
shared/ (has all your shared files and folders to be aliased in all releases - maybe something like GlusterFS)
Make a deployment script. Something like this:
First take backup of db or to copy it to a new database, checkout git repo to new folder with release tag, get all git submodules, run composer install --no-dev, setup any aliases for shared folders and files like uploaded images and configuration files, generate js/css with grunt and less or equivalent, point current alias to the new folder with the tag, run update database script, restart nginx/apache/fpm-php services, run tests to check the website is up.
Have a script to go back to previous version (or a guide so you know what to do).
For core files which are included:
approot/inc/
For data access functions and classes are in:
approot/dao/
For javascripts:
approot/scripts/
For CSS:
approot/styles/
For images:
approot/img/
For static content (normally for user profile pictures or uploaded images):
approot/static/
For caches:
approot/caches/
For templates or View files:
approot/templates/
All pages file:
approot/
Structure from Samstyle PHP Framework
The answer I posted here was from 2009. Over the years more standards were published, including PSR-0 which covers the topic on folder structure. I also have a new (and I feel that it's better) folder structure with Packfire Framework.
In my experience, you can never plan for this. You can try to follow what frameworks do, but I find I never quite fit exactly into their mold.
I recommend to just keep a good rule of thumb for 20 files in a directory maximum. If you find you need more, just create a few sub directories and move common components in there.
This is mostly a matter of preference, a quick Google search would reveal many different project structures. But it would be really nice if there were an agreed upon standard. I think this initiative by the PHP Package Development Standards is a good candidate.
This is the directory structure they propose:
bin/: command-line executables
config/: configuration files
docs/: documentation files
public/: web server files
resources/: other resource files
src/: PHP source code
tests/: test code
EDIT:
This is also mentioned in the PHP The Right Way under the section Common Directory structure.
I use codeigniter for small and big projects.
It's MVC feature is moderately good.
codeIgniter\system\application\config : contain all kind of configuration files like DB,Payment gateway, ftp config, routes and ...
codeIgniter\system\application\models: contain all kinds of database classes, you should create sub folders according to your need, I used customers, mailData, paymentModel, report, web-service and ....
codeIgniter\system\application\views: contain all kinds of files that will work as output for clients, you should think of reuse these files if possible. Like the models you had to create sub folder like administration, reports, email, email_template .....
codeIgniter\system\application\controllers : this is the most important part. This will help to create SEO url, so you should be more careful about sub folders this time. You can create like administration, products, reports, orders..... and consider a good name for the functions of the controller class.
These were for the PHP/HTML file.
Now about the other files:
codeIgniter\images: for the images
codeIgniter\scripts: for the Java scripts and their framework
codeIgniter\styles: for the CSS
codeIgniter\uploads: for the uploaded files, if you don't want to put files in the DB
For the detail see codeIgniter framework in detail.
Here "codeIgniter\" is the approot
This is the structure i'm using currently,
public/
assets/ /* js, css, imgs, ... */
index.php
src/
config/ /* for config files */
helpers/ /* for functions */
libraries/ /* for free classes that are not MVC classes */
models/ /* for M in MVC */
views/ /* for V in MVC */
controllers/ /* for C in MVC */
vendor/ /* for vendors files */
uploads/ /* for uploaded images, docs, ... */
Have a look at symfony 1.4 or symfony 2 dir structure. Choose what's most intuitive to you.
I believe this depends on how large the project will become. This is what I used mostly:
project/
index.php
img/
css/
js/
views/
functions/
As long as all the project files are organised...
Even though the question is abit old, I still think it is wise to suggest the latest scaleable application structure which I have been working in my SOA based application and working absolutely fine.
myApplication/
app/
config/
+ this can include custom MVC structure
cli/
docker/
lib/ - most commonly reusable components
logs/
public/ - should contain all publicly exposable web contains
sql/ - db migration stuffs
tests/ - compulsory test
tools/ - application addon tools like any kinds of rulset etc
vendor/