[php-maint] Bug#670945: Bug#670945: Bug#670945: Bug#670945: About the media types text/x-php and text/x-php-source

Wed Aug 29 22:16:14 UTC 2012

Hey Ondřej.

On Wed, 2012-08-29 at 11:11 +0200, Ondřej Surý wrote:
> your text is very hard to read and parse.
Sorry O:-)

Below you find the texts as I would have written them.

1) Especially the README.Debian text is much more elaborate.
Why? What we try with the whole issue here is to prevent our users from
doing some really stupid things.
In order to teach them better it's IMHO important to give them examples
and motivation.

2) My motivation for some other changes was partially already described
in the hard to read/parse email ;-)
Some more:
a) I do not write about negotiation being disabled for "PHP files" but
rather for "PHP file extensions". Why?
We only disabled the negotiation with respect to MIME types not with
respect to langauge, content encoding, etc.
So things like (yes, the examples are stupid):
foo.php.en
foo.php.de
foo.php.ascii
foo.php.UTF8

would be still "negotiated" to "foo.php" (WITH the .php extension - this
is not a typo).

b) I largely overtook your explanation on the backgrounds how the
default config makes PHP files being interpreted (SetHandler and that
sections)

Open issues:
I) In:
    AddType application/x-php         php phtml php3
    AddType application/x-php-source  phps
Didn't you use other extensions as well, in the current PHP config
snippets? And shouldn't we add them here, too?

II) I've already added, mod_rewrite rules, which I'm quite sure to work
and to be safe; but I'm abroad giving some lectures at a research centre
and haven't had time yet to test really them.
Could some one do this please?
The intention is:
For any entered URL:
It should try allow to access that file without the trailing ".php" IF:
- There is not already such (non-directory) file (without .php) that
exists.
- There is not already such a directory of that name.
- If no file of such a name exists, the usual 404 should come.

The rules should work from directory and global/vhost server context.

All that would need to be verified.

III) I haven't done spell checking.

Hope that helps,
Chris.

*************
php5 (5.4.4-7) unstable; urgency=low

  * As a side effect of the MIME-Type changes in the mime-support
    package, the default Apache 2 configuration will no longer perform
    HTTP content negotiation on the PHP file extensions, which was very
    questionable anyway.
    If you really want to re-enable this support then please read
    /usr/share/doc/php5-common/README.Debian file for further
    instructions.

 -- Ondřej Surý <ondrej at debian.org>  Wed, 29 Aug 2012 09:18:41 +0200
*************

*************
PHP 5 and Apache 2 Multiviews (HTTP Content Negotiation)
----------------------------------------------------------------------

 Apache 2’s mod_negotiation needs files to have a MIME type (amongst
 others) associated with them in order to be considered for HTTP content
 negotiation.

 Per default, the Debian PHP packages use Apache 2 handlers (SetHandler
 directive) to enable PHP interpretation, while no MIME type is being
 associated with the common PHP file extensions.

 Thus, by default, the HTTP content negotiation is disabled for PHP file
 extensions.

 Some scenarios:
 1) You intended to use HTTP content negotiation in order to tidy up
    URLs:
    For example, you wanted the file “http://example.org/foo.php” being
    accessible as “http://example.org/foo”, too.

    In that case you really shouldn’t abuse mod_negotiation but use
    mod_rewrite.
    An example of rewrite-rules, which allow any file ending in “.php”
    to be accessed without this extension is:
    RewriteCond "%{REQUEST_FILENAME}" !-f
    RewriteCond "%{REQUEST_FILENAME}" !-d
    RewriteRule "^(.*)$" "$1.php" [last]
    Depending on your setup you may need to set other flags, too,
    especially “passthrough” or “qsappend”.

 2) You really wanted to use HTTP content negotiation on PHP files (be
    they interpreted or not).
    An example for this might be, when you have the files
    http://example.org/foo.php
    http://example.org/foo.js
    which both do the same job, but the former is executed as PHP on
    the server-side, while the later is executed as JavaScript on the
    client-side.
    This  scenario is really very rarely used (if at all)!

    If you really want it, just add MIME type definitions like the
    following to your Apache 2 configuration:
    AddType application/x-php         php phtml php3
    AddType application/x-php-source  phps
 *************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5502 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120830/6318be5f/attachment.bin>