Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000474 [Piwigo] security minor always 2006.07.17 17:59 2006.08.01 00:11
Reporter rub View Status public  
Assigned To rub
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 1.6.1 Product Version 1.6.0
  Target Version Product Build
Summary 0000474: Files index.htm
Description There are a lot of files index.htm missing on directories.

pwg/tools
pwg/template-extension
pwg/template-extension/yoga
...
Steps To Reproduce
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships

-  Notes
(0001242)
rub (developer)
2006.07.18 11:09

Open topic on forum http://forum.phpwebgallery.net/viewtopic.php?pid=41080#p41080 [^]
in order to use index.htm or index.html or index.php
(0001243)
rub (developer)
2006.07.18 23:39

Resolved (Step 1):
  o Rename index.htm into index.php
  o Add index.php on all sub-directories
  o Use an uniform source code of index.php (like /include/index.php)

(/index.php is of course not changed)

See [Subversion] r1481 & [Subversion] r1482

Step 2: Delivery a ..htaccess file
(0001299)
rub (developer)
2006.07.25 23:37

Delete old files index.htm

[Subversion] r1497 & [Subversion] r1498
(0001314)
rub (developer)
2006.07.26 23:21

Resolved (Step 2):
  * admin
      - .htaccess = deny from all
  * doc
      - no .htaccess
  * galleries
      - .htaccess = Options -Indexes
  * include
      - .htaccess = deny from all
      => move 2 .js in template-common
  * install
      - .htaccess = deny from all
  * language
      - .htaccess = deny from all
  * template
      - .htaccess = Options -Indexes
  * template-common
      - .htaccess = Options -Indexes
  * template-extension
      - .htaccess = Options -Indexes
  * tools
      - no .htaccess


Resolved on [Subversion] r1505
(0001324)
rvelices (developer)
2006.07.28 01:21

I think you should get rid of all .htaccess files
On one of my configs I get Internal Server Error because in the Apache config file I don't have the AllowOverride Options directive for a whole directory.

There might be some ISPs out there that disable it.
(0001328)
rub (developer)
2006.07.28 14:00

>I think you should get rid of all .htaccess files
>On one of my configs I get Internal Server Error because in the Apache config file I don't have the AllowOverride Options directive for >a whole directory.
There are error on logs or it's only the option wicth are not available?

>There might be some ISPs out there that disable it.
Yes, I know.


This complemantary solution will be removed, if there are error.
If this don't run, it's not a problem.

And a .htaccess file on each directory?
(0001329)
rvelices (developer)
2006.07.28 14:36

Internal server error is a 5xx error generated by Apache. Because in my httpd.conf file I said Options are not allowd in the .htaccess, apache genereate this error if they are found.
The result is any access to a file in template directory for exemple, fails with Internal server error (so no theme at all).
(0001331)
rub (developer)
2006.07.28 20:35

Ok, on next commit, I remove file .htaccess
I will describe this on wiki or delivery with a MOD.
(0001342)
rub (developer)
2006.08.01 00:11

Done in [Subversion] r1519 (remove .htaccess)

- Issue History
Date Modified Username Field Change
2006.07.17 17:59 rub New Issue
2006.07.17 17:59 rub browser => any
2006.07.17 17:59 rub Web server => Apache 1.3.x
2006.07.18 10:46 rub Status new => assigned
2006.07.18 10:46 rub Assigned To => rub
2006.07.18 11:09 rub Note Added: 0001242
2006.07.18 23:39 rub Status assigned => resolved
2006.07.18 23:39 rub Fixed in Version => 1.6.1
2006.07.18 23:39 rub Resolution open => not fixable
2006.07.18 23:39 rub Note Added: 0001243
2006.07.25 23:36 rub Status resolved => feedback
2006.07.25 23:36 rub Resolution not fixable => reopened
2006.07.25 23:37 rub Status feedback => resolved
2006.07.25 23:37 rub Resolution reopened => fixed
2006.07.25 23:37 rub Note Added: 0001299
2006.07.26 06:46 rub Status resolved => feedback
2006.07.26 06:46 rub Resolution fixed => reopened
2006.07.26 23:21 rub Note Added: 0001314
2006.07.26 23:21 rub Status feedback => resolved
2006.07.26 23:21 rub Resolution reopened => fixed
2006.07.28 01:21 rvelices Status resolved => feedback
2006.07.28 01:21 rvelices Resolution fixed => reopened
2006.07.28 01:21 rvelices Note Added: 0001324
2006.07.28 14:00 rub Note Added: 0001328
2006.07.28 14:36 rvelices Note Added: 0001329
2006.07.28 20:35 rub Note Added: 0001331
2006.08.01 00:11 rub Status feedback => closed
2006.08.01 00:11 rub Note Added: 0001342
2006.08.01 00:11 rub Resolution reopened => fixed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker