Hi Olivier, Thanks for your report,
Le 06/12/2011 07:37, Olivier Berger a écrit : > After rolling the different dialogs of the installation through /spip/ecrire, > I get the following warning […] > (htaccess not active : warning: the web server configuration doesn't take > .htaccess into consideration. […] > I believe some configuration should be defined in the provided apache config > or likes so that such warning doesn't occur. Well, I'm not sure it would be a good idea to accept .htaccess handling by default actually (wrt previous exploits using this “feature”), and the “AllowOverride None” of /usr/share/doc/spip/apache2.conf sounds like a better idea. Maybe should we add a comment in that template file, and maybe should we patch the SPIP installer not to show this warning. Some plugins (e.g. “Restricted Access”) rely on these .htaccess features, but I'm still reluctant to allow these by default: it should be an administrator choice to allow them (the needed feature, e.g. wrt “Restricted Access” can even be provided in the Apache configuration file, maybe should we add a note about it in the README or the Apache template file). Regards David
signature.asc
Description: OpenPGP digital signature
