New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MultiViews with root settings.php breaks settings URLs #8806

Closed
juho-jaakkola opened this Issue Aug 5, 2015 · 31 comments

Comments

Projects
None yet
5 participants
@juho-jaakkola
Member

juho-jaakkola commented Aug 5, 2015

It is not possible to access www.site.com/settings/* if settings.php is located at the Elgg root.

This also could be a problem with other magic/common Elgg directories like "views" or "actions".

Possible solutions:

  1. Prefix with elgg- (elgg-settings.php, elgg-views/, etc...)
  2. Move index.php handler into subdir (e.g., public/index.php like Laravel). Means you have to do some more work to make sure that "/public" isn't part of your website's path. 😢
  3. Place into elgg-config/ directory: (elgg-config/settings.php, elgg-config/views/, etc.).
  4. Rename settings to something better like .env.php (might be a good idea anyways, but we'd still need to address the views/, actions/, etc. conflict.)
  5. Make engine/start.php the default location for non-composer installs.
  6. Just elgg- prefix the settings file.

@juho-jaakkola juho-jaakkola added this to the Elgg 2.0.x milestone Aug 5, 2015

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 5, 2015

Member

Hmm... seems like a rewrite problem. Did you experience this on elgg.org?

Member

ewinslow commented Aug 5, 2015

Hmm... seems like a rewrite problem. Did you experience this on elgg.org?

@juho-jaakkola

This comment has been minimized.

Show comment
Hide comment
@juho-jaakkola

juho-jaakkola Aug 5, 2015

Member

No, I didn't. Apparently there it is also in the root? I'll check if I'm just doing something wrong.

Member

juho-jaakkola commented Aug 5, 2015

No, I didn't. Apparently there it is also in the root? I'll check if I'm just doing something wrong.

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 5, 2015

Member

Yes, it is in the root there as well

Member

ewinslow commented Aug 5, 2015

Yes, it is in the root there as well

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 5, 2015

Member

https://elgg.org/settings seems to work for me.

Member

ewinslow commented Aug 5, 2015

https://elgg.org/settings seems to work for me.

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Aug 6, 2015

Member

Apache MultiViews causes problems like this. I avoid it.

Member

mrclay commented Aug 6, 2015

Apache MultiViews causes problems like this. I avoid it.

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 7, 2015

Member

@juho-jaakkola Any updates here?

Member

ewinslow commented Aug 7, 2015

@juho-jaakkola Any updates here?

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 7, 2015

Member

Please reopen if you can confirm this is a problem with stock Elgg. Otherwise, we can't support every possible configuration of htaccess users might want to do...

Member

ewinslow commented Aug 7, 2015

Please reopen if you can confirm this is a problem with stock Elgg. Otherwise, we can't support every possible configuration of htaccess users might want to do...

@ewinslow ewinslow closed this Aug 7, 2015

@juho-jaakkola juho-jaakkola reopened this Aug 7, 2015

@juho-jaakkola

This comment has been minimized.

Show comment
Hide comment
@juho-jaakkola

juho-jaakkola Aug 7, 2015

Member

This happens only if installing from git, but not when installing as a composer dependency.

We will be providing Elgg as a composer dependency within the .zip releases, so I'm not sure if it's worth fixing. WDYT?

Member

juho-jaakkola commented Aug 7, 2015

This happens only if installing from git, but not when installing as a composer dependency.

We will be providing Elgg as a composer dependency within the .zip releases, so I'm not sure if it's worth fixing. WDYT?

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 7, 2015

Member

I'm able to access https://development-ewinslow.c9.io/elgg/settings/user/evan fine with elgg installed at root. I think this is a local configuration issue.

Member

ewinslow commented Aug 7, 2015

I'm able to access https://development-ewinslow.c9.io/elgg/settings/user/evan fine with elgg installed at root. I think this is a local configuration issue.

@ewinslow ewinslow closed this Aug 7, 2015

@juho-jaakkola

This comment has been minimized.

Show comment
Hide comment
@juho-jaakkola

juho-jaakkola Aug 7, 2015

Member

This was indeed caused by Apache MultiViews.

Member

juho-jaakkola commented Aug 7, 2015

This was indeed caused by Apache MultiViews.

@vPriVate

This comment has been minimized.

Show comment
Hide comment
@vPriVate

vPriVate Aug 13, 2015

I've downloaded the .zip, no composer install.
You're right that you can't provide every possible server configuration. But this is on a hosted apache-server with no problems with the 1.x versions and after a clean install without any changes of the distributed htaccess (OK, a prior move to another server was needed to use PHP 5.6).
IMO this is a problem which affects a lot of users, so it would be nice if there will be at least a guide how to fix this...

vPriVate commented Aug 13, 2015

I've downloaded the .zip, no composer install.
You're right that you can't provide every possible server configuration. But this is on a hosted apache-server with no problems with the 1.x versions and after a clean install without any changes of the distributed htaccess (OK, a prior move to another server was needed to use PHP 5.6).
IMO this is a problem which affects a lot of users, so it would be nice if there will be at least a guide how to fix this...

@vPriVate

This comment has been minimized.

Show comment
Hide comment
@vPriVate

vPriVate Aug 13, 2015

This was indeed caused by Apache MultiViews.

There is no such line in the htaccess. It is possible to deactivate MultiViews by setting
Options -MultiViews, but this doesn't have an affect on it :(

vPriVate commented Aug 13, 2015

This was indeed caused by Apache MultiViews.

There is no such line in the htaccess. It is possible to deactivate MultiViews by setting
Options -MultiViews, but this doesn't have an affect on it :(

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Aug 13, 2015

Member

It is possible to deactivate MultiViews by setting Options -MultiViews

The main Apache config int /etc/ can disallow you from altering Options in .htaccess. If you also get white screen from http://example.org/version that's MultiViews in action.

That said, MultiViews is indeed a common setting that we may need to take into account. Maybe our .htaccess can work around this.

Member

mrclay commented Aug 13, 2015

It is possible to deactivate MultiViews by setting Options -MultiViews

The main Apache config int /etc/ can disallow you from altering Options in .htaccess. If you also get white screen from http://example.org/version that's MultiViews in action.

That said, MultiViews is indeed a common setting that we may need to take into account. Maybe our .htaccess can work around this.

@ewinslow ewinslow reopened this Aug 13, 2015

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 13, 2015

Member

Reopened for now.

Member

ewinslow commented Aug 13, 2015

Reopened for now.

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Aug 13, 2015

Member

Basically if a RewriteCond would match a PHP file in the root, but the URL doesn't contain .php we want to still rewrite. We can't simply say "if no filename matches".

Member

mrclay commented Aug 13, 2015

Basically if a RewriteCond would match a PHP file in the root, but the URL doesn't contain .php we want to still rewrite. We can't simply say "if no filename matches".

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Aug 13, 2015

Member

This seems to work for me when MultiViews is on:

# If match one of these files, still route through Elgg (in case MultiViews is enabled)
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^((version|settings)\.php)$ index.php?__elgg_uri=$1 [QSA,L]

# Everything else that isn't a file/directory gets routed through Elgg
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?__elgg_uri=$1 [QSA,L]

We still have the problem that a plugin can't route a URL like /views because it's a directory. I can now see the logic in having all core files/dirs start with something like wp-.

Member

mrclay commented Aug 13, 2015

This seems to work for me when MultiViews is on:

# If match one of these files, still route through Elgg (in case MultiViews is enabled)
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^((version|settings)\.php)$ index.php?__elgg_uri=$1 [QSA,L]

# Everything else that isn't a file/directory gets routed through Elgg
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?__elgg_uri=$1 [QSA,L]

We still have the problem that a plugin can't route a URL like /views because it's a directory. I can now see the logic in having all core files/dirs start with something like wp-.

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 13, 2015

Member

Yes, I was just thinking this, too. WordPress takes the prefix approach.
Larval takes the public subdir approach.

Another approach we could do is support putting all the magic framework
stuff in an elgg/ or elgg-config/ directory.

On Thu, Aug 13, 2015, 3:08 PM Steve Clay notifications@github.com wrote:

This seems to work for me when MultiViews is on:

If match one of these files, still route through Elgg (in case MultiViews is enabled)

RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^((version|settings).php)$ index.php?__elgg_uri=$1 [QSA,L]

Everything else that isn't a file/directory gets routed through Elgg

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?__elgg_uri=$1 [QSA,L]

We still have the problem that a plugin can't route a URL like /views
because it's a directory. I can now see the logic in having all core
files/dirs start with something like wp-.


Reply to this email directly or view it on GitHub
#8806 (comment).

Member

ewinslow commented Aug 13, 2015

Yes, I was just thinking this, too. WordPress takes the prefix approach.
Larval takes the public subdir approach.

Another approach we could do is support putting all the magic framework
stuff in an elgg/ or elgg-config/ directory.

On Thu, Aug 13, 2015, 3:08 PM Steve Clay notifications@github.com wrote:

This seems to work for me when MultiViews is on:

If match one of these files, still route through Elgg (in case MultiViews is enabled)

RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^((version|settings).php)$ index.php?__elgg_uri=$1 [QSA,L]

Everything else that isn't a file/directory gets routed through Elgg

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?__elgg_uri=$1 [QSA,L]

We still have the problem that a plugin can't route a URL like /views
because it's a directory. I can now see the logic in having all core
files/dirs start with something like wp-.


Reply to this email directly or view it on GitHub
#8806 (comment).

@vPriVate

This comment has been minimized.

Show comment
Hide comment
@vPriVate

vPriVate Aug 15, 2015

Another idea would be not to place the settings.php into the root or to rename it (e.g. elgg-settings.php)...

vPriVate commented Aug 15, 2015

Another idea would be not to place the settings.php into the root or to rename it (e.g. elgg-settings.php)...

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Aug 15, 2015

Member

Updated the original ticket description with a summary of possible solutions. My current favorite is 3, since it solves the problem for all current and future files, and makes the root directory much less noisy.

Member

ewinslow commented Aug 15, 2015

Updated the original ticket description with a summary of possible solutions. My current favorite is 3, since it solves the problem for all current and future files, and makes the root directory much less noisy.

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Aug 16, 2015

Member

Another option for .htaccess

# If you have settings.php in the root and cannot disable MultiViews, you will need to
# uncomment this to access URLs starting with /settings.
#RewriteCond %{REQUEST_FILENAME} -f
#RewriteRule ^(settings\.php)$ index.php?__elgg_uri=$1 [QSA,L]
Member

mrclay commented Aug 16, 2015

Another option for .htaccess

# If you have settings.php in the root and cannot disable MultiViews, you will need to
# uncomment this to access URLs starting with /settings.
#RewriteCond %{REQUEST_FILENAME} -f
#RewriteRule ^(settings\.php)$ index.php?__elgg_uri=$1 [QSA,L]
@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Sep 3, 2015

Member

I think for 2.0 we punt this and ask users to configure their servers in a sane way, add the above (commented out) to htaccess_dist and mention the issue in release notes.

Member

mrclay commented Sep 3, 2015

I think for 2.0 we punt this and ask users to configure their servers in a sane way, add the above (commented out) to htaccess_dist and mention the issue in release notes.

@juho-jaakkola

This comment has been minimized.

Show comment
Hide comment
@juho-jaakkola

juho-jaakkola Sep 4, 2015

Member

SGTM

Maybe also add section to the FAQ http://learn.elgg.org/en/1.12/appendix/faqs.html

Member

juho-jaakkola commented Sep 4, 2015

SGTM

Maybe also add section to the FAQ http://learn.elgg.org/en/1.12/appendix/faqs.html

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Sep 7, 2015

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Sep 7, 2015

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay
Member

mrclay commented Sep 7, 2015

PR #8919

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Sep 8, 2015

Member

Fixed by #8919

Member

mrclay commented Sep 8, 2015

Fixed by #8919

@mrclay mrclay closed this Sep 8, 2015

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Sep 9, 2015

Member

Huh, #8919 doesn't actually work. Something very similar was definitely working before. Grr.

Member

mrclay commented Sep 9, 2015

Huh, #8919 doesn't actually work. Something very similar was definitely working before. Grr.

@mrclay mrclay reopened this Sep 9, 2015

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Sep 9, 2015

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Sep 9, 2015

Member

PR #8922. I gave up on trying to mitigate the effects of MultiViews.

@vPriVate you will have to figure out how to disable MultiViews in your server config, or move settings.php into engine/.

Member

mrclay commented Sep 9, 2015

PR #8922. I gave up on trying to mitigate the effects of MultiViews.

@vPriVate you will have to figure out how to disable MultiViews in your server config, or move settings.php into engine/.

@vPriVate

This comment has been minimized.

Show comment
Hide comment
@vPriVate

vPriVate Sep 9, 2015

As I already said, I've downloaded the zip and was "forced" to place the settings.php into the root. Does it work without further configuration when I move it to the engine/-directory? If yes, why it has been moved to the root?
Maybe MultiViews haven't worked with Elgg 1.X neither and no one have noticed that yet, but it is no solution to force the user to change the configuration of the apache. That isn't possible for everyone, especially if the site is hosted at a webhosting provider, like mine.
I would guess that a lot of users will have issues upgrading to Elgg 2.X due to this problem and "newcomer" wouldn't give Elgg a chance if they have to change the configuration of the apache...

vPriVate commented Sep 9, 2015

As I already said, I've downloaded the zip and was "forced" to place the settings.php into the root. Does it work without further configuration when I move it to the engine/-directory? If yes, why it has been moved to the root?
Maybe MultiViews haven't worked with Elgg 1.X neither and no one have noticed that yet, but it is no solution to force the user to change the configuration of the apache. That isn't possible for everyone, especially if the site is hosted at a webhosting provider, like mine.
I would guess that a lot of users will have issues upgrading to Elgg 2.X due to this problem and "newcomer" wouldn't give Elgg a chance if they have to change the configuration of the apache...

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Sep 9, 2015

Member

keeping engine/settings.php the default location for non-composer installs seems reasonable.

Member

mrclay commented Sep 9, 2015

keeping engine/settings.php the default location for non-composer installs seems reasonable.

@mrclay mrclay changed the title from settings.php in Elgg root conflicts with settings page to MultiViews with root settings.php breaks settings URLs Sep 25, 2015

@beck24

This comment has been minimized.

Show comment
Hide comment
@beck24

beck24 Sep 26, 2015

Member

I'm not familiar with apache multiViews but if it's also going to affect any other directory such as /views /actions etc, then simply moving/renaming the settings.php doesn't really solve it.
I would vote for prefixed directories.

Member

beck24 commented Sep 26, 2015

I'm not familiar with apache multiViews but if it's also going to affect any other directory such as /views /actions etc, then simply moving/renaming the settings.php doesn't really solve it.
I would vote for prefixed directories.

@ewinslow

This comment has been minimized.

Show comment
Hide comment
@ewinslow

ewinslow Sep 26, 2015

Member

Option 3 remains my favorite because then we don't need to support fallbacks for every single magic directory, we just shove everything into a single magic subdirectory and we can keep names simple like views, actions, etc.

Member

ewinslow commented Sep 26, 2015

Option 3 remains my favorite because then we don't need to support fallbacks for every single magic directory, we just shove everything into a single magic subdirectory and we can keep names simple like views, actions, etc.

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Sep 30, 2015

chore(core): Moves settings.php and views.php to prevent MultiViews i…
…ssues

The default settings.php location is now inside elgg-config/ instead of
the installation root.

views.php is moved inside engine/.

Fixes #8806
@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Sep 30, 2015

Member

PR #8989. I think moving the views/ dir isn't necessary (but if so, I vote for inside engine/).

Member

mrclay commented Sep 30, 2015

PR #8989. I think moving the views/ dir isn't necessary (but if so, I vote for inside engine/).

@mrclay mrclay closed this in 0ada89d Sep 30, 2015

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Oct 9, 2015

chore(core): Moves settings.php and views.php to prevent MultiViews i…
…ssues

The default settings.php location is now inside elgg-config/ instead of
the installation root. At the root, settings.php would interfere with
settings URLs on Apache installations with MultiViews, and site owners
can't always disable this.

views.php is moved inside engine/.

Fixes #8806

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Oct 11, 2015

chore(core): Moves settings.php and views.php to prevent MultiViews i…
…ssues

The default settings.php location is now inside elgg-config/ instead of
the installation root. At the root, settings.php would interfere with
settings URLs on Apache installations with MultiViews, and site owners
can't always disable this.

views.php is moved inside engine/.

Fixes #8806

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Oct 25, 2015

chore(core): Moves settings.php and views.php to prevent MultiViews i…
…ssues

The default settings.php location is now inside elgg-config/ instead of
the installation root. At the root, settings.php would interfere with
settings URLs on Apache installations with MultiViews, and site owners
can't always disable this.

views.php is moved inside engine/.

Fixes #8806
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment