Re: [php-maint] Bug#670945: Bug#670945: Bug#670945: About the media types text/x-php and text/x-php-source
On Thu, 2012-08-30 at 00:16 +0200, Christoph Anton Mitterer wrote: RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ $1.php [last] Tried them out in the meantime. Seem to work as expected. Cheers, CHris. smime.p7s Description: S/MIME cryptographic signature
Re: [php-maint] Bug#670945: Bug#670945: Bug#670945: About the media types text/x-php and text/x-php-source
Chris, your text is very hard to read and parse. Could you assemble your comments into consistent paragraphs of suggested texts? (E.g. the final versions of the text you suggest we use. Or send a patch.) O. On Wed, Aug 29, 2012 at 10:32 AM, Christoph Anton Mitterer cales...@scientia.net wrote: On Wed, 2012-08-29 at 09:28 +0200, Ondřej Surý wrote: With much cooler head and weekend after me and after carefull consideration of Chris's comments I have decided to go with: Good =) Some comments to your text :) php5 (5.4.4-7) unstable; urgency=low * As a side effect of MIME-Type changes in the mime-support package, the default Apache 2 configuration doesn't support MultiViews negotiation, That reads like as if mod_negotiation itself was disabled per default in Apache (Stefan, if you kept on reading: I'd absolutely support this ;-) )... is this the case, OR do we just have the effect that is does (as it should) no longer work for the files whose php files were removed? PHP 5 and Apache 2 Multiviews -- Apache 2 mod_negotiation's MultiViews needs php scripts to have a MIME-Type to make the negotiation work. We are using Apache 2 handlers (SetHandler directive) to enable PHP processing, so by default the MultiViews support is disabled in Debian packages. Again, that reads a bit, as if negotiation was generally not available. Perhaps if we write: so by default the MultiViews support for PHP files is disabled in Debian packages. You can explicitly add extra MIME-Types (different from magic application/x-httpd-* types) which will not cause any special PHP processing, [Optionally (but I don't insist), one could add something like the following here:] (unless another way than Debian's default way of enabling PHP is used) [just as a warning...] but just enable MultiViews negotiation support. Add these two lines to you Apache 2 config to enable MultiViews: AddType application/x-php php phtml php3 AddType application/x-php-source phps Correct :) And actually... if it's really HTTP Negotiation that is desired (and not tiding URLs from /foo.php to /foo) we MUST NOT use prevent the file.php.foo issue, because we need to allow things like: foo.php.en (e.g. returning English content) foo.php.de (e.g. returning German content) Also most likely what you really want would be better accomplished by mod_rewrite rules where you can explicitly specify what gets rewritten to what (e.g. http://localhost/file gets rewritten to file.php, but not to file.html or file.js). I, personally, would rather turn up that like this: If what you actually want, is to enable tidy URLs (e.g. http://example.org/foo can be used instead of http://example.org/foo.php) HTTP Content Negotiation is not what should be used anyway. That would be better accomplished by URL rewriting (via mod_rewrite) rules where one can explicitly specify what gets rewritten as what. (e.g. http://localhost/file gets rewritten to file.php, but not to file.html or file.js). That example contradicts IMHO a bit the intention that we suppose the user to have: We expect that he wants to get a file /foo.php be accessible via /foo, right? So the user most likely doesn't have files /foo.html or /foo.js in addition (which would then of course be negotiated, too - likely with ambiguous results). Because auf this, a URL /foo should not get rewritten, because negotiation only happens (IIRC) when the target file exists. I would like to add text here with instructions how to enable mod_rewrite handling. I'll try to write you some mod_rewrite rules later; I'm just on the train right now and I'll have to give lectures tomorrow, so not sure when I find time. Hope that helps, Chris. ___ pkg-php-maint mailing list pkg-php-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG_JFRrLuZ=+ak++=b=GPfcCm4vXjS=SA=yoa0jk3t6...@mail.gmail.com
Re: [php-maint] Bug#670945: Bug#670945: Bug#670945: About the media types text/x-php and text/x-php-source
Hey Ondřej. On Wed, 2012-08-29 at 11:11 +0200, Ondřej Surý wrote: your text is very hard to read and parse. Sorry O:-) Below you find the texts as I would have written them. 1) Especially the README.Debian text is much more elaborate. Why? What we try with the whole issue here is to prevent our users from doing some really stupid things. In order to teach them better it's IMHO important to give them examples and motivation. 2) My motivation for some other changes was partially already described in the hard to read/parse email ;-) Some more: a) I do not write about negotiation being disabled for PHP files but rather for PHP file extensions. Why? We only disabled the negotiation with respect to MIME types not with respect to langauge, content encoding, etc. So things like (yes, the examples are stupid): foo.php.en foo.php.de foo.php.ascii foo.php.UTF8 would be still negotiated to foo.php (WITH the .php extension - this is not a typo). b) I largely overtook your explanation on the backgrounds how the default config makes PHP files being interpreted (SetHandler and that sections) Open issues: I) In: AddType application/x-php php phtml php3 AddType application/x-php-source phps Didn't you use other extensions as well, in the current PHP config snippets? And shouldn't we add them here, too? II) I've already added, mod_rewrite rules, which I'm quite sure to work and to be safe; but I'm abroad giving some lectures at a research centre and haven't had time yet to test really them. Could some one do this please? The intention is: For any entered URL: It should try allow to access that file without the trailing .php IF: - There is not already such (non-directory) file (without .php) that exists. - There is not already such a directory of that name. - If no file of such a name exists, the usual 404 should come. The rules should work from directory and global/vhost server context. All that would need to be verified. III) I haven't done spell checking. Hope that helps, Chris. * php5 (5.4.4-7) unstable; urgency=low * As a side effect of the MIME-Type changes in the mime-support package, the default Apache 2 configuration will no longer perform HTTP content negotiation on the PHP file extensions, which was very questionable anyway. If you really want to re-enable this support then please read /usr/share/doc/php5-common/README.Debian file for further instructions. -- Ondřej Surý ond...@debian.org Wed, 29 Aug 2012 09:18:41 +0200 * * PHP 5 and Apache 2 Multiviews (HTTP Content Negotiation) -- Apache 2’s mod_negotiation needs files to have a MIME type (amongst others) associated with them in order to be considered for HTTP content negotiation. Per default, the Debian PHP packages use Apache 2 handlers (SetHandler directive) to enable PHP interpretation, while no MIME type is being associated with the common PHP file extensions. Thus, by default, the HTTP content negotiation is disabled for PHP file extensions. Some scenarios: 1) You intended to use HTTP content negotiation in order to tidy up URLs: For example, you wanted the file “http://example.org/foo.php” being accessible as “http://example.org/foo”, too. In that case you really shouldn’t abuse mod_negotiation but use mod_rewrite. An example of rewrite-rules, which allow any file ending in “.php” to be accessed without this extension is: RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ $1.php [last] Depending on your setup you may need to set other flags, too, especially “passthrough” or “qsappend”. 2) You really wanted to use HTTP content negotiation on PHP files (be they interpreted or not). An example for this might be, when you have the files http://example.org/foo.php http://example.org/foo.js which both do the same job, but the former is executed as PHP on the server-side, while the later is executed as JavaScript on the client-side. This scenario is really very rarely used (if at all)! If you really want it, just add MIME type definitions like the following to your Apache 2 configuration: AddType application/x-php php phtml php3 AddType application/x-php-source phps * smime.p7s Description: S/MIME cryptographic signature