Page 1 of 1

Warnings

Posted: Sat Apr 14, 2018 5:30 pm
by lianergoist
I try to run CMSimple_XH on a raspberry Pi. I have been pulling my hair because I didn't realize I had to install php7.0-intl and php7.0-mbstring... :roll:
Now it's up and running, except I get some warnings from Settings -> Info:
Checking that './cmsimple/config.php' is access protected … warning
Checking that './content/content.htm' is access protected … warning
Checking that './templates/fhs-simple/template.htm' is access protected … warning
I am not sure what the problem is. All directories are 755 and all files are 644. Isn't that correct?

Re: Warnings

Posted: Sat Apr 14, 2018 7:15 pm
by olape
In this case it is not primarily about the file permissions. (where /content/ 777 and the three files would need 666 each, except php runs with the rights of the FTP user, for example, then 755 and 644 is ok.)
The point here is that you are not allowed to access these files directly.
You can test this in your browser. This should result an error 403. Sometimes the test does not work correctly in the CMS. This is related to the configuration of the server.

Re: Warnings

Posted: Sat Apr 14, 2018 8:50 pm
by cmb
lianergoist wrote:
Sat Apr 14, 2018 5:30 pm
I have been pulling my hair because I didn't realize I had to install php7.0-intl and php7.0-mbstring... :roll:
The intl extension is not strictly necessary, though. Anyhow, the requirements are documented. :)
lianergoist wrote:
Sat Apr 14, 2018 5:30 pm
I am not sure what the problem is.
Besides olape's explanation, this is also documented in the Wiki (see the warning in the middle of the page). However, if the Webserver is not accessible from the internet (or actually by any untrusted user), you can ignore these warnings.

Re: Warnings

Posted: Sun Apr 15, 2018 8:15 am
by lianergoist
cmb wrote:
Sat Apr 14, 2018 8:50 pm
The intl extension is not strictly necessary, though. Anyhow, the requirements are documented. :)
Well, the System Check is checking to see if Intl is loaded, so I would not be able to sleep if it was not there... ;)

But yes, the requirements are documented. You are doing a great job developing this project. I have used CMSimple_XH for several years and have only needed support a few times, because everything have just been working out-of-the-box. But let me put it this way; I have learned a lot the last days... The hard way... :D To make a long story short; if debugging had been on by default, it would have helped me a lot. It took some time before I found that little pearl.

Re: Warnings

Posted: Sun Apr 15, 2018 11:19 am
by lianergoist
olape wrote:
Sat Apr 14, 2018 7:15 pm
In this case it is not primarily about the file permissions. (where /content/ 777 and the three files would need 666 each, except php runs with the rights of the FTP user, for example, then 755 and 644 is ok.)
The point here is that you are not allowed to access these files directly.
You can test this in your browser. This should result an error 403. Sometimes the test does not work correctly in the CMS. This is related to the configuration of the server.
I am not sure I understand what you say. I think I more or less understand ownership - I have been using Linux for more than 10 years - but I still find it a bit confusing. I don't understand what "Checking that './cmsimple/config.php' is access protected … warning" means... and I am not really sure the warnings is about ownership at all. But, that's why I ask here.

The reason why I am not sure, is because of this: I uploaded 1.7.2 to my normal web server (my ISP) and I had the same three warnings. I activated debugging in CMSimple_XH, and it told me 'allow_url_fopen' was set to Off. I turned it on, and the warnings disappeared.

But that's not the problem on my setup on the raspberry Pi. Here, allow_url_fopen is set to On, and I still get the three warnings. So, what the problem is here, I have no clue about.

Re: Warnings

Posted: Sun Apr 15, 2018 11:36 am
by cmb
lianergoist wrote:
Sun Apr 15, 2018 11:19 am
But that's not the problem on my setup on the raspberry Pi. Here, allow_url_fopen is set to On, and I still get the three warnings. So, what the problem is here, I have no clue about.
There are some files and directories which are not supposed to be accessible via HTTP(S). For instance, requesting http://example.com/content/content.htm from a browser should not be possible. CMSimple_XH ships with respective .htaccess files, but your Webserver may not be configured to process .htaccess files (or may not even be able to process .htaccess).

So first try what happens when you enter http://example.com/content/content.htm in the address line of your browser (adjust the URL for your setup). If the browser reports 403 Forbidden or 404 Not found, everything is fine. Otherwise check the documentation of your webserver, on how to forbid HTTP(S) access to individual files or directories, and apply that.

Re: Warnings

Posted: Sun Apr 15, 2018 12:13 pm
by lianergoist
cmb wrote:
Sun Apr 15, 2018 11:36 am
There are some files and directories which are not supposed to be accessible via HTTP(S). For instance, requesting http://example.com/content/content.htm from a browser should not be possible.
Okay, now I get it. Thanks for explaining that to me.