Last modified: 2013-03-13 14:06:10 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T48003, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 46003 - Relax restrictions on .htaccess


Summary:	Relax restrictions on .htaccess

Status:	RESOLVED FIXED

Product:	Wikimedia Labs
Classification:	Unclassified
Component:	tools (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized enhancement
Target Milestone:	---
Assigned To:	Marc A. Pelletier

URL:
Whiteboard:
Keywords:	ops

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-03-11 21:24 UTC by Tim Landscheidt
Modified:	2013-03-13 14:06 UTC (History)
CC List:	1 user (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tim Landscheidt 2013-03-11 21:24:27 UTC

At the moment, the Apache configuration denies by "AllowOverride None" all local customizations with .htaccess.  This should be relaxed.

My use case is setting environment variables with "SetEnv" directives for CGI scripts; this needs assessment whether suphp can be rooted with that.

Comment 1 Marc A. Pelletier 2013-03-11 21:38:23 UTC

Pending code review of the module startup code.  In principle, there should be no insurmountable problems.

Comment 2 Marc A. Pelletier 2013-03-13 14:06:10 UTC

After review of the code, restrictions have been relaxed to:

AllowOverride AuthConfig FileInfo Options=IncludesNOEXEC

This still provides opportunity for foot-shooting with ill-considered SetEnv, but you get to shoot your own foot only.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links