1) With suPHP, it generally isn't possible for a malicious script to
harm anything aside from what the user who's running the script can
access. You shouldn't need to worry about trusting it at that point.
2) WordPress is quirky. Maybe it's an issue with a custom theme, or how
it detects how to encode the content to the web browser based on the
Accept or UserAgent headers which are nonexistent when ran from the
command line.
Most likely if you try out a broken-ish WordPress install with mod_php
rather than suPHP it will act the same way.
On 6/24/2012 4:48 AM, Dan Mahoney, System Admin wrote:
On Sun, 24 Jun 2012, Joe Gillotti wrote:
WordPress can be annoying like that, and it usually isn't the fault
of suPHP.
Remove all WordPress files except the config file, extract everything
from http://wordpress.org/latest.tar.gz (except the config file),
then run WordPress's update wizard (iirc it's at
wp-admin/upgrade.php) to have it upgrade its mysql tables if necessary.
If that doesn't work, change the site theme to one of the default
ones in them mysql options table.
I guarantee you this is WordPress's fault, not suPHP's.
I'm sure it is, and your application level fix works. However, the
two questions remain:
1) How can I run this so I can actually truss it, if it were something
more obscure than WP?
2) Why is it that it works from the command line but not via suPHP?
Like, what would cause that?
-Dan
_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp
