[Pmwiki-users] What is the *patch file for?

Patrick R. Michaud pmichaud
Mon Dec 6 08:52:06 CST 2004

On Mon, Dec 06, 2004 at 10:18:39AM -0500, Neil Herber wrote:
> The GZipped tarball for pmwiki-2.0.beta6 expands as I would expect with one 
> exception: it contains a "local" folder with an .htaccess file. That file 
> contains only one line:
>         AddType text/plain .php
> which I assume is installing another MIME type on the web server.
> Why is this needed? There is already a".php" MIME type in the HTTPD "conf" 
> file.
> Why is the .htaccess file in the "local" folder? Isn't this folder supposed 
> to be for my local scripts?

Oooooops!  Yes, that file needs to be there, but it should have different
contents -- it should instead read:

    Order allow,deny
    Deny from all

The purpose of the file is to prevent browsers from executing the scripts
in local/ directly -- i.e., we don't want someone to be able to do
http://www.example.com/pmwiki/local/config.php, because they might be
able to take advantage of config.php to make it do things that it wouldn't
do when called from pmwiki.php.

We should also probably have a similar file in the cookbook/ directory,
but I'll leave that out for the time being.

And yes, local/ is reserved for the sites local scripts, but I make an
exception for this one file.  I think for new site admins it's 
important that PmWiki already have local/.htaccess file in place for 
the initial installation, so the admin doesn't get a nasty hacking 
surprise later on.

It'll be fixed in the next release.


More information about the pmwiki-users mailing list