The default file layout of MediaWiki seems quite insecure and good apps expose a single directory (and not the entire hierarchy) to http requests. I've tried to follow instructions found on: https://www.mediawiki.org/wiki/Manual:Security#Alternate_file_layout
And created a /web directory under the base installation directory /wiki and in it created two new files /wiki/web/index.php that looks like
<?php
chdir('../');
require_once 'index.php';
A similar /weiki/web/load.php was created. I've also added a soft link to the resources directory so /wiki/web/resource is actually /wiki/resources
The first request on the wiki (after restarting the server and setting the document root to /wiki/web instead of /wiki) does respond and shows the page well. However, subsequent responses produce a blank page with code 200 (success). Nothing comes up in the PHP error log either. As this happens after subsequent restarts I suspect some caching mechanism isn't working properly.
Any ideas on how to find the cause of the problem?
That chdir('../'); doesn't sound right. You should use an absolute path as demonstrated in the manual you linked, apparently in your case chdir('/wiki/web/');
However, before going through such adventures, I hope you protected the actually sensitive paths like configuration files, uploads and cache... (See the manuals for the setup of those.)
Related
I've got a legacy PHP project to fix a thing or two. I've downloaded it via FileZilla and served it on my local machine with a local copy of the database. The project is exactly the same with the live one, yet the live one can open the url/contact.html but on my machine it says no such file is found. All other pages go for url/categories/ or url/products/ so I've tried altering the url but no use.
All the other pages within the site are simple: one .php controller one .php model and one .tpl smarty template view. Requiring no .html at all. But this one is somehow different. The .htaccess file is exactly the same as the live version. I've tried adding a rewrite rule to direct every .html to .php but didn't work. I'm lost and out of options, please help? It doesn't even have to be an answer,"Try looking into that" would work too.
I'm working via XAMPP on windows, and I've configured the https:// to http:// on my project but that's all. Even hidden files are checked and confirmed.
have checked that contact.html is a static file (like a real existing html file?)
is there some kind of "routing" within the PHP of the project? If there is route urls might be really anyware.. in the mysql database, redis, a json file and whatnot.. have seen them all.
try to debug where and how it works on the "production" server by using some logging to a file edit the file through filezilla and log to a 'mylog.log' file until you find out what is going on.. or if the site is not used all the time by clients - you can just try to echo stuff to figure out how this exact /contact.html works
I am working on a already existing intranet. I have build an application and would like to take care of the 404 errors.
The problem I have is that this error management should only have effects on the pages located below the folder I'm working on.
Explications:
My file explorer looks like this:
root
aFolder
anotherFolder
RootOfMyApplication
myPages
I want to redirect all 404 errors below RootOfMyApplication to a specific page using PHP.
For example, browsing to "..../anotherFolder/RootOfMyApplication/notExist.php " should redirect me to my custom page, but browsing to "..../anotherFolder/notExist.php " should'nt.
If possible, I would like to make it so that directory browsing follow the same rule: if the url links to a folder and is below RootOfMyApplication, I redirect to the page.
The problem comes from the fact that I don't manage the root directory, and if possible want to have no impact on navigation outside my folder.
EDIT
What I want to do is the same as a .htaccess file: when an error is thrown, I want to take care of it myself, with PHP. My question is : "Can I do it, and if yes, how do I do it?". I don't want to use configuration files.
"It's not possible" will be accepted as an answer if there is a good explanation.
The Error Handling of files which are not found is a job of the Webserver (in your case Apache).
PHP can't help you because you always have to request one file which is then executed by PHP.
If you are going to request a file which doesn't exist, it can't be executed and the Webserver has do deal with the error. (PHP won't be started.)
But maybe there is a workaround:
If you use URL-Rewriting on your server/ application, there could be a way, but we would need some more Information/ code.
Can't you create an .htaccess in your root directory and change the error documents for your folder?
Talk to the admin and tell him he should change the error documents for your folder in httpd.conf.
(2./ 3. Maybe not an allowed solution for you, because you don't want do use configurations files.)
First time asking a question here but I'm really stuck.
Basically I'm trying to install a Silverstripe 3.1 cms on a subdomain as a development site, on my main domain I already have a Silverstripe 2.4 site running.
The first thing that comes up is this error, "development" is the subdomain folder.
Warning: require_once(framework/dev/install/DatabaseConfigurationHelper.php): failed to open stream: No such file or directory in /home/usr/public_html/subdomain/framework/dev/install/install.php5 on line 39
I check if the file is there and it is, then I check if the filepath is wrong because the file that is calling require_once has a full path from home/ but that can't be it because I've been able to install Silverstripe on my localhost.
I google redirecting (I've had no experience with it before) and find stuff on htaccess related to Silverstripe but none were problems that I was having, i.e. there are .htaccess files in main directory and subdomain. Not too sure if they're conflicting but I have tried RewriteEngine Off on my subdomain. I mostly leave the default Silverstripe .htaccess files as they are.
Even declaring different suPHP_ConfigPath's i.e.
main website: home/usr/public_html/
subdomain: home/usr/public_html/subdomain
At this point I look back at the error and try hacking the require_once filepath, changing it to
$_SERVER["DOCUMENT_ROOT"] . '/framework/dev/install/DatabaseConfigurationHelper.php
It mostly works but the requirements check page is void of css and any fails to GET any images
I am able to check all the requirements though passing everything but the File Permissions check:
"Does the webserver know where files are stored?" failed. Showing me the filepath it tried being the absolute path of a file prepended with the path to the subdomain. Looking at the code my hack was never intended to work.
Did I miss something? I'm not very knowledgeable with servers but I've done everything I can think of, is there anything I can do?
Hey thanks for your suggestion but I think it was meant for addon domains? I only wanted a subdomain for testing purposes.
What I ended up doing was to avoid installing Silverstripe on the server and instead install it on my laptop and then upload that to the server. It worked fine after copying the appropriate database and fixing Silverstripe's BaseURL to '/'
My PIP PHP framework was doing fine, then I messed something up: I don't know what it is. Basically for every controller except my default, I get a 404 not found error. If I change the default to a different page, the new page will work fine, but no others will. I can't seem to find any information in the logs.
I'm wondering if there is a good way to trace the route apache is using to find the new page. Or if there are any logs I can check. My local log.txt within the framework shows nothing. Apache log shows nothing. PHP log shows nothing.
I thought it may have something to do with the base_url, but no matter how I change it, my controllers are still not found.
$config['base_url'] = ''; // Base URL including trailing slash (e.g. http://localhost/)
Is there any way to see the absolute path that apache/ my browser is trying to take when I load localhost/controller? Something that would show me file://Applications/MAMP/htdocs/path/to/controller, even if the page doesn't load? Is there somewhere in the config/sys file that I can show that info?
Not sure why it was downgraded. I thought I gave all the information I had about the problem and just looking for how to troubleshoot a 404 not found when my default_controller loads.
Weird! I downloaded a new copy of PIP, copied all the files from my old copy to my new copy, and then now it works. It must have been some directory thing with Apache.
if you have apache running, set the base url to
$config['base_url'] = 'http://localhost/';
// remember the forward slash at the end.
if that still does not do it, go to your MVC framework folder, and replace the index.php and the system folder and all its content, you can take a back up if you want of this folder before you do so,
The there are two files that will mess with the routing
index.php
pip.php
so if your config base url is set as the example above and the controllers are still not found it is one of these two files that have been modified.
// note, you might also want to check the .htaccess file for mod_rewrite which needs to be enabled.
I am loading some content via ajax.. the content has a require_once in it that seems to be causing it to hang for at least one second before it loads, which is really distracting on the page. I haven't had these delays before, the only thing I've changed recently is setting a php_include_path (C:/wamp/www/project) in an htaccess file.. when I take it out it loads immediately (though it also doesn't find the file).
It's only that directory in the include path, though, so it seems strange it would slow things down that much (right?). Is that abnormal? Where could I look for what's causing the delay.
I have a symlink to mirror my files and folders to dropbox (so that my dropbox folder is where they are technically), but I copied the files directly into C:/wamp/www and the slowness persisted.
My suggestion would be to define the php include path in your PHP, rather than in your .htaccess to see if that speeds it up.
For example, define it as a constant
define('PHP_INCLUDE_PATH', 'C:/wamp/www');