php_value in 2.1-beta .htaccess breaks on many installations

Found a bug? Tell us!!
Post Reply
hanno
Regular
Posts: 72
Joined: Fri May 20, 2005 8:04 am
Contact:

php_value in 2.1-beta .htaccess breaks on many installations

Post by hanno » Fri Jul 15, 2016 7:02 pm

I just did a test installation of s9y 2.1-beta1. After the installation I first only got an error 500.

The reason is that the default htaccess contains two php_value commands:
php_value session.use_trans_sid 0
php_value register_globals off

It is my understanding that setting php options via .htaccess has long been deprecated. It only works on installations using mod_php, most modern webhosters use either fcgid or fpm to launch php. In those settings apache is unaware of any php-specific commands in htaccess and will throw an error.
The alternative is to use .user.ini, which works independend of the way PHP is launched:
https://secure.php.net/manual/de/config ... r-user.php
(works since php 5.3.0)

If there is a strong need to support .htaccess-based php options (I don't see a reason for it, except maybe if there is a wish to support very ancient PHP versions), a workaround for this issue is to enclose the options in an IfModule-block. That was used sometimes in the transitioning time.

User avatar
onli
Regular
Posts: 2264
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: php_value in 2.1-beta .htaccess breaks on many installat

Post by onli » Tue Jul 19, 2016 1:39 pm

I have not enough experience with that type of server administration. With a bit of research though it seems to me as if those options were completely unnecessary in newer PHP versions – use_trans_sid is by default 0, and register_globals does not exist anymore. I will remove them, and ping Garvin to have a look at that.

https://github.com/s9y/Serendipity/tree ... nclude/tpl also shows that those files did not change much in the last months/years.

Thanks for the report!

User avatar
garvinhicking
Core Developer
Posts: 30020
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: php_value in 2.1-beta .htaccess breaks on many installat

Post by garvinhicking » Tue Jul 19, 2016 2:15 pm

Even though I agree that we can remove those settings as they are deprecated, we actually should have some installer logic which should detect the CGI versions and use a different _cgi.tpl file for those versions. I wonder why these might fail, it would be good to properly detect CGI for some of the other settings to be applied properly...?!

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/


User avatar
garvinhicking
Core Developer
Posts: 30020
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: php_value in 2.1-beta .htaccess breaks on many installat

Post by garvinhicking » Tue Jul 19, 2016 3:06 pm

That looks spot on :)
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

User avatar
onli
Regular
Posts: 2264
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: php_value in 2.1-beta .htaccess breaks on many installat

Post by onli » Tue Jul 19, 2016 6:52 pm

In this specific example it might be fpm-fcgi that is missing there. Or it could be a number of different values, sadly… We maybe should adapt the example code with if (substr($sapi_type, 0, 3) == 'cgi') {

Post Reply