[dokuwiki] Re: Security without .htaccess

  • From: Jan Decaluwe <jan@xxxxxxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Wed, 11 May 2005 19:00:06 +0200

Andreas Gohr wrote:

Hi!


Maybe we should use the .php extension for all config files? Even

if>>they aren't PHP sourcefiles? This way their contents could be

protected by a line like this on top:

# <?php exit()?>


Good news: I have the patch, along the lines discussed earlier. Bad news: it doesn't work :-)

It turns out that lines starting with '#' are *also*
comments in php (Grr!). So the php code has to be
uncommented - and we have to be careful with the
parsing of the files.


I don't understand. The comment is outside the PHP block so it should be ignored by PHP!?

Ok, so it isn't as logical as I thought (still have to learn a lot about the php interpreter.) Some more experiments reveal that it indeed works *unless* the '#' is the very first character of the file. Also, it does work without problems with the other type of comments (// and /*..*./).

New hypothesis: this is related to the special treatment
of the initial '#' in unix shell scripts. It may
be interesting to know whether this is related
to my (=yahoo's) setup, or if it is a general issue.

In any case, it looks like a possible fix is just to
add another line on top. If the problem is general,
we should also make it very clear to users that
they shouldn't delete that line.

Regards,

Jan

--
Jan Decaluwe - Resources bvba - http://jandecaluwe.com
Losbergenlaan 16, B-3010 Leuven, Belgium
    Using Python as a hardware description language:
    http://jandecaluwe.com/Tools/MyHDL/Overview.html
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: