-
keitekk committed patchset 250 of module wheatblog to the wheatblog CVS repository, changing 3 files.
2009-01-23 12:08:10 UTC by keitekk
-
keitekk committed patchset 249 of module wheatblog to the wheatblog CVS repository, changing 10 files.
2009-01-22 20:17:19 UTC by keitekk
-
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 45 days (the time period specified by
the administrator of this Tracker).
2007-05-05 02:20:10 UTC by sf-robot
-
Are you running this on your own box (a test platform, perhaps)? It looks like you have two problems:
This will help with problem #1: http://lists.netfielders.de/pipermail/typo3-english/2005-March/002664.html
The problem is with the Apache server setting "allow_url_fopen". There are good security reasons for leaving that to "off". Apparently, wheatblog requires it to be set to "on."...
2007-03-20 12:38:46 UTC by wheatbread
-
Hi,
Im tying to get wheatblog to work but it keeps raising the following errors
Warning: require_once() [function.require-once]: URL file-access is disabled in the server configuration in D:\webroot\wheatblog\settings.php on line 139
Warning: require_once(http://localhost/wheatblog//includes/sessions.php) [function.require-once]: failed to open stream: no suitable wrapper could be found...
2007-03-19 19:23:51 UTC by nobody
-
Logged In: YES
user_id=168317
Petteri,
You are correct that .htaccess is an Apace-specific control.
We only test the app on Apache, so we could make Apache a
requirement, which it already is, for the most part. I know
of no one running the app under other webservers. And I
certainly don't have the time to test it under other servers.
So relying on .htaccess would be require making...
2006-08-16 14:03:58 UTC by wheatbread
-
Hei,
Correct me if I am wrong but .htaccess is Apache specific access control
configuration. Therefore, your idea to use .htaccess to circumvent the potential
problem in wB source is flawed because not everybody uses Apache.
--
Petteri.
2006-08-16 13:58:15 UTC by nobody
-
Logged In: YES
user_id=168317
Peiter,
No one is asking anyone to "play around with .htaccess
files." The files in question would be included with the
distribution. They users will install these files along
with all the other files that they already have to install.
To then, it's just a matter of uploading a directory. If
they can't handle that, they don't need to be installing...
2006-08-16 13:57:09 UTC by wheatbread
-
Logged In: YES
user_id=207101
IMHO, using .htaccess is even more braindead than my
preg_match idea.
It's not security if we require the user to start playing
around with .htaccess files. It's false security because
the lowest common denominator is not going to know what the
heck we're talking about, and ignore it.
Requiring the user to take action is just nonsense for
something...
2006-08-16 13:51:29 UTC by peiter
-
Logged In: YES
user_id=168317
All,
Instead of (or, perhaps, in addition to) coding around this
problem in PHP, why not use .htaccess to prevent remote file
inclusion:
Order allow,deny
Deny from all
We could include .htaccess files for all of the relevant
directories (admin/, includes/, classes/).
As to Petteri's point about blocking additional...
2006-08-16 13:29:41 UTC by wheatbread
