Warnings

Questions about how to install and problems installing - please read the documentation first!
Post Reply
lianergoist
Posts: 20
Joined: Sun Mar 18, 2012 5:34 pm
Location: Denmark
Contact:

Warnings

Post by lianergoist » Sat Apr 14, 2018 5:30 pm

I try to run CMSimple_XH on a raspberry Pi. I have been pulling my hair because I didn't realize I had to install php7.0-intl and php7.0-mbstring... :roll:
Now it's up and running, except I get some warnings from Settings -> Info:
Checking that './cmsimple/config.php' is access protected … warning
Checking that './content/content.htm' is access protected … warning
Checking that './templates/fhs-simple/template.htm' is access protected … warning
I am not sure what the problem is. All directories are 755 and all files are 644. Isn't that correct?
--
Thomas Jensen, Denmark

olape
Posts: 2731
Joined: Fri Mar 13, 2015 8:47 am
Contact:

Re: Warnings

Post by olape » Sat Apr 14, 2018 7:15 pm

In this case it is not primarily about the file permissions. (where /content/ 777 and the three files would need 666 each, except php runs with the rights of the FTP user, for example, then 755 and 644 is ok.)
The point here is that you are not allowed to access these files directly.
You can test this in your browser. This should result an error 403. Sometimes the test does not work correctly in the CMS. This is related to the configuration of the server.
Gruß Olaf, Plugins for CMSimple_XH

Ich habe schon lange den Verdacht, dass so viele so eifrig auf Gender, Trans und Queer machen:
Weil sie für das Fachliche ganz einfach zu doof sind.

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Warnings

Post by cmb » Sat Apr 14, 2018 8:50 pm

lianergoist wrote:
Sat Apr 14, 2018 5:30 pm
I have been pulling my hair because I didn't realize I had to install php7.0-intl and php7.0-mbstring... :roll:
The intl extension is not strictly necessary, though. Anyhow, the requirements are documented. :)
lianergoist wrote:
Sat Apr 14, 2018 5:30 pm
I am not sure what the problem is.
Besides olape's explanation, this is also documented in the Wiki (see the warning in the middle of the page). However, if the Webserver is not accessible from the internet (or actually by any untrusted user), you can ignore these warnings.
Christoph M. Becker – Plugins for CMSimple_XH

lianergoist
Posts: 20
Joined: Sun Mar 18, 2012 5:34 pm
Location: Denmark
Contact:

Re: Warnings

Post by lianergoist » Sun Apr 15, 2018 8:15 am

cmb wrote:
Sat Apr 14, 2018 8:50 pm
The intl extension is not strictly necessary, though. Anyhow, the requirements are documented. :)
Well, the System Check is checking to see if Intl is loaded, so I would not be able to sleep if it was not there... ;)

But yes, the requirements are documented. You are doing a great job developing this project. I have used CMSimple_XH for several years and have only needed support a few times, because everything have just been working out-of-the-box. But let me put it this way; I have learned a lot the last days... The hard way... :D To make a long story short; if debugging had been on by default, it would have helped me a lot. It took some time before I found that little pearl.
--
Thomas Jensen, Denmark

lianergoist
Posts: 20
Joined: Sun Mar 18, 2012 5:34 pm
Location: Denmark
Contact:

Re: Warnings

Post by lianergoist » Sun Apr 15, 2018 11:19 am

olape wrote:
Sat Apr 14, 2018 7:15 pm
In this case it is not primarily about the file permissions. (where /content/ 777 and the three files would need 666 each, except php runs with the rights of the FTP user, for example, then 755 and 644 is ok.)
The point here is that you are not allowed to access these files directly.
You can test this in your browser. This should result an error 403. Sometimes the test does not work correctly in the CMS. This is related to the configuration of the server.
I am not sure I understand what you say. I think I more or less understand ownership - I have been using Linux for more than 10 years - but I still find it a bit confusing. I don't understand what "Checking that './cmsimple/config.php' is access protected … warning" means... and I am not really sure the warnings is about ownership at all. But, that's why I ask here.

The reason why I am not sure, is because of this: I uploaded 1.7.2 to my normal web server (my ISP) and I had the same three warnings. I activated debugging in CMSimple_XH, and it told me 'allow_url_fopen' was set to Off. I turned it on, and the warnings disappeared.

But that's not the problem on my setup on the raspberry Pi. Here, allow_url_fopen is set to On, and I still get the three warnings. So, what the problem is here, I have no clue about.
--
Thomas Jensen, Denmark

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Warnings

Post by cmb » Sun Apr 15, 2018 11:36 am

lianergoist wrote:
Sun Apr 15, 2018 11:19 am
But that's not the problem on my setup on the raspberry Pi. Here, allow_url_fopen is set to On, and I still get the three warnings. So, what the problem is here, I have no clue about.
There are some files and directories which are not supposed to be accessible via HTTP(S). For instance, requesting http://example.com/content/content.htm from a browser should not be possible. CMSimple_XH ships with respective .htaccess files, but your Webserver may not be configured to process .htaccess files (or may not even be able to process .htaccess).

So first try what happens when you enter http://example.com/content/content.htm in the address line of your browser (adjust the URL for your setup). If the browser reports 403 Forbidden or 404 Not found, everything is fine. Otherwise check the documentation of your webserver, on how to forbid HTTP(S) access to individual files or directories, and apply that.
Christoph M. Becker – Plugins for CMSimple_XH

lianergoist
Posts: 20
Joined: Sun Mar 18, 2012 5:34 pm
Location: Denmark
Contact:

Re: Warnings

Post by lianergoist » Sun Apr 15, 2018 12:13 pm

cmb wrote:
Sun Apr 15, 2018 11:36 am
There are some files and directories which are not supposed to be accessible via HTTP(S). For instance, requesting http://example.com/content/content.htm from a browser should not be possible.
Okay, now I get it. Thanks for explaining that to me.
--
Thomas Jensen, Denmark

Post Reply