r1304: active clean URL test

zem · 2006-04-30 23:04:53

Thanks. I should point out that there are three different errors that could be produced:

‘clean_url_untested’ means fopen wrappers are disabled and it’s impossible to check whether or not clean URLs work
‘clean_url_test_failed’ means the test was run clean URLs are completely broken (e.g. they produce a 404 or 500 error).
‘clean_url_data_failed’ means clean URLs are handled and passed to Textpattern, but the URL data that’s passed by the web server to PHP is incomplete or incorrect. This might be the case on IIS, for example.

domfucssion · 2006-05-07 00:26:19

hi,
diagnostics is reporting an error:
clean_url_data_failed: /a844e88667122beb70ff4f55660f9a9a/?txpcleantest=1

from diag high level:
pretext_data: array ( ‘id’ => ‘’, ‘s’ => ‘’, ‘c’ => ‘’, ‘q’ => ‘’, ‘pg’ => ‘’, ‘p’ => ‘’, ‘month’ => ‘’, ‘author’ => ‘’, ‘request_uri’ => ‘/a844e88667122beb70ff4f55660f9a9a/?txpcleantest=1’, ‘qs’ => ‘txpcleantest=1’, ‘subpath’ => ‘\\/’, ‘req’ => ‘/a844e88667122beb70ff4f55660f9a9a/?txpcleantest=1’,
)

running locally as a virualhost on Apache/1.3.33 os x.
everything appears to work fine for me using section/title, just wondered if that info was relevant?

domfucssion · 2006-05-12 19:53:43

hi again,

Spent some time today trying to work out what was causing my “clean_url_data_failed:” error.

I checked out the same rev 1310 into a different vhost and did not get any diagnostics error, so my general setup looked ok.

It turned out that removing all plugins from tmp stopped the error. I made a simple plugin and put it on it’s own in tmp and still did not get any diagnostics errors. I check the permissions on new plugin files that worked and old files that gave the “clean_url_data_failed” error and they were identical.

Finally I discovered that copying the plugin txt from the old file and pasting / saving / replacing the old file with the same name made the error disappear.

So all is well, but I would really love to know wtf was the difference between the old plugins in tmp that triggered the diagnostics error and the newly saved ones that are ok.

cheers,

dave

Last edited by domfucssion (2006-05-12 20:59:56)

baby · 2006-08-17 20:59:01

Hi zem…

I’m at r1729 (txp_diag is at r1711 last updated by mary).

I was getting clean_url_untested… when I edited php.ini to put
<pre>
allow_url_fopen = On
</pre>
I found I had commented that and added “disabled for security reasons” (my own writing)… I probably got a security complain from something I was installing at that time (April 2006) and put that (regretfully, I didn’t include a URL in the comment).

Anyway, I re-enabled allow_url_fopen and the test passes just fine.

Is it unsafe to have allow_url_fopen = On?

zem · 2006-08-17 22:36:01

“clean_url_untested” means it wasn’t possible to do the test, so that’s expected. Read as “clean URLs may or may not work, we can’t tell”.

Is it unsafe to have allow_url_fopen = On?

Depends on what your standards are. I’d call it a low risk. Textpattern doesn’t assume it’s off. Many or most people run sites with it on. We know of no security issues in Textpattern itself, but there might be some in plugins or external scripts.

Sencer · 2006-08-18 08:03:21

Is it unsafe to have allow_url_fopen = On?

There can be php issues when code is written sloppily. With unitilialized variables and includes it’s possible that remote files get included and parsed as php. It’s not a problem with textpattern, but every now and then an application with that problem crops up.
When that setting is off, remote files cannot be included, which unfortunately also means that remote files cannot be simply fopen()ed (which cannot turn into a security problem). The latter we use for the clean url test, IIRC.

PHP 5.2 (when releases) will “fix” this, as it will allow different settings for include/require on the one hand, and fopen/etc. on the other hand.

If you know that clena urls work for you (which is not hard to find out), you are free to leave that setting off.

baby · 2006-08-18 12:10:39

OK, it’s clear to me now… so, since the only use of url fopen by textpattern is just this test, I’ll leave allow_url_fopen = Off… whenever I install or upgrade txp, I might set it to allow_url_fopen = On for testing and then reset it to allow_url_fopen = Off…

Even when txp is safe, and, in this particular site, this is the only php app I’m running, I might well install something else… what’s more, this site is for students to test plugins, so better be safe than sorry :-)

Thank you, Sencer & Alex for your replies.

fineartdavid · 2006-10-25 18:26:08

mrdale wrote:

Zem I still get clean url test failed. (r1306) I don’t care, cause they work. Thought you might be interested.

Me too. I’m getting the same message, but everything is working fine. I’m running the release version of 4.04 on Textdrive (howe) and my .htaccess looks like

#DirectoryIndex index.php index.html
#Options +FollowSymLinks
#RewriteBase /relative/web/path/

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) – [PT,L]

#This path should match the relative url of your Textpattern install
RewriteBase /
#If you’re using a section other than “tag”, change the following two rules accordingly
RewriteRule ^tag/([^/]+)$ tag/$1/ [R,L]
RewriteRule ^tag/(.+)/$ ?s=tag&t=$1

RewriteRule set/([0-9]+) index.php?set=$1
RewriteRule img/([0-9]+) index.php?img=$1
RewriteRule set/([0-9]+)/img/([0-9]+) index.php?set=$1x%x%img=$2
RewriteRule set/([0-9]+)/page/([0-9]+) index.php?set=$1x%x%page=$2
RewriteRule tags/(.+) index.php?tags=$1
RewriteRule tags/(.)/page/([0-9]) index.php?tags=$1x%x%page=$2

RewriteRule ^(.*) /index.php
</IfModule>

Last edited by fineartdavid (2006-10-25 18:27:47)

zem · 2006-10-26 03:12:01

If you switch to High Detail diagnostics and scroll through, you’ll see some more information about the clean URL test.

Andrew · 2006-11-02 22:20:56

With v4.0.4 & allow_url_fopen enabled, I get this error:

Warning: file(http://example.com/2e0b806cfa4ed78f73aad3793a837c55/?txpcleantest=1) [function.file]: failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /http/www/e/example.com/public_html/textpattern/include/txp_diag.php on line 318

There are no other diagnostic errors and everything works correctly. Should I care?

Last edited by Andrew (2006-11-02 22:21:40)

zem · 2006-11-08 21:24:09

Is the domain in the URL (example.com) your site URL? If so, it probably means clean URLs aren’t entirely working on your server.

Textpattern CMS

Textpattern CMS support forum

#13 2006-04-30 23:04:53

Re: r1304: active clean URL test

#14 2006-05-07 00:26:19

Re: r1304: active clean URL test

#15 2006-05-12 19:53:43

Re: r1304: active clean URL test

#16 2006-08-17 20:59:01

Re: r1304: active clean URL test

#17 2006-08-17 22:36:01

Re: r1304: active clean URL test

#18 2006-08-18 08:03:21

Re: r1304: active clean URL test

#19 2006-08-18 12:10:39

Re: r1304: active clean URL test

#20 2006-10-25 18:26:08

Re: r1304: active clean URL test

#21 2006-10-26 03:12:01

Re: r1304: active clean URL test

#22 2006-11-02 22:20:56

Re: r1304: active clean URL test

#23 2006-11-08 21:24:09

Re: r1304: active clean URL test

Board footer