[php-maint] Bug#670945: Bug#670945: Bug#670945: Bug#670945: About the media types text/x-php and text/x-php-source
Christoph Anton Mitterer
calestyo at scientia.net
Wed Aug 29 22:16:14 UTC 2012
Hey Ondřej.
On Wed, 2012-08-29 at 11:11 +0200, Ondřej Surý wrote:
> your text is very hard to read and parse.
Sorry O:-)
Below you find the texts as I would have written them.
1) Especially the README.Debian text is much more elaborate.
Why? What we try with the whole issue here is to prevent our users from
doing some really stupid things.
In order to teach them better it's IMHO important to give them examples
and motivation.
2) My motivation for some other changes was partially already described
in the hard to read/parse email ;-)
Some more:
a) I do not write about negotiation being disabled for "PHP files" but
rather for "PHP file extensions". Why?
We only disabled the negotiation with respect to MIME types not with
respect to langauge, content encoding, etc.
So things like (yes, the examples are stupid):
foo.php.en
foo.php.de
foo.php.ascii
foo.php.UTF8
would be still "negotiated" to "foo.php" (WITH the .php extension - this
is not a typo).
b) I largely overtook your explanation on the backgrounds how the
default config makes PHP files being interpreted (SetHandler and that
sections)
Open issues:
I) In:
AddType application/x-php php phtml php3
AddType application/x-php-source phps
Didn't you use other extensions as well, in the current PHP config
snippets? And shouldn't we add them here, too?
II) I've already added, mod_rewrite rules, which I'm quite sure to work
and to be safe; but I'm abroad giving some lectures at a research centre
and haven't had time yet to test really them.
Could some one do this please?
The intention is:
For any entered URL:
It should try allow to access that file without the trailing ".php" IF:
- There is not already such (non-directory) file (without .php) that
exists.
- There is not already such a directory of that name.
- If no file of such a name exists, the usual 404 should come.
The rules should work from directory and global/vhost server context.
All that would need to be verified.
III) I haven't done spell checking.
Hope that helps,
Chris.
*************
php5 (5.4.4-7) unstable; urgency=low
* As a side effect of the MIME-Type changes in the mime-support
package, the default Apache 2 configuration will no longer perform
HTTP content negotiation on the PHP file extensions, which was very
questionable anyway.
If you really want to re-enable this support then please read
/usr/share/doc/php5-common/README.Debian file for further
instructions.
-- Ondřej Surý <ondrej at debian.org> Wed, 29 Aug 2012 09:18:41 +0200
*************
*************
PHP 5 and Apache 2 Multiviews (HTTP Content Negotiation)
----------------------------------------------------------------------
Apache 2’s mod_negotiation needs files to have a MIME type (amongst
others) associated with them in order to be considered for HTTP content
negotiation.
Per default, the Debian PHP packages use Apache 2 handlers (SetHandler
directive) to enable PHP interpretation, while no MIME type is being
associated with the common PHP file extensions.
Thus, by default, the HTTP content negotiation is disabled for PHP file
extensions.
Some scenarios:
1) You intended to use HTTP content negotiation in order to tidy up
URLs:
For example, you wanted the file “http://example.org/foo.php” being
accessible as “http://example.org/foo”, too.
In that case you really shouldn’t abuse mod_negotiation but use
mod_rewrite.
An example of rewrite-rules, which allow any file ending in “.php”
to be accessed without this extension is:
RewriteCond "%{REQUEST_FILENAME}" !-f
RewriteCond "%{REQUEST_FILENAME}" !-d
RewriteRule "^(.*)$" "$1.php" [last]
Depending on your setup you may need to set other flags, too,
especially “passthrough” or “qsappend”.
2) You really wanted to use HTTP content negotiation on PHP files (be
they interpreted or not).
An example for this might be, when you have the files
http://example.org/foo.php
http://example.org/foo.js
which both do the same job, but the former is executed as PHP on
the server-side, while the later is executed as JavaScript on the
client-side.
This scenario is really very rarely used (if at all)!
If you really want it, just add MIME type definitions like the
following to your Apache 2 configuration:
AddType application/x-php php phtml php3
AddType application/x-php-source phps
*************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5502 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120830/6318be5f/attachment.bin>
More information about the pkg-php-maint
mailing list