Op dinsdag 15 augustus 2006 19:10, schreef Khalid B:
The discussion of the cli script being under DocumentRoot or not has to be brought into context of previous discussions on what should be under there and what should not.
Sympal scripts checks for existance of certain arguments. If not found it exists quietly. drupal.php requires --site if not set (for now) it exits without any output. Still if in a web accessible dir * they /can/ be loaded. This is bad enough in the first place. * they /don't need to be there at all/. No-one needs non-web-accessible-files in a web-accessible place. No one should want that either. So why put them there? * if they can be loaded, people see no 404, but a blank page or so. People then /know you have these scripts/. I prefer people to not know such things. .htaccess: I think about 1/4th of all servers where I built drupal sites did not eat my .htaccess. Go out there and look for drupal sites with urls in the form of ?q= that will give a rough indication of the amount of servers where .htaccess is not allowed (off course missing mod_rewrite can be causing unclean urls too). Google counts [1] 4.830.000 of em. If even 1/3rd of these are due to missing .htaccess there are still a million! relying on this file for security means, in practice, that we drop all support for none .htaccess servers! Bèr [1] http://www.google.nl/search?q=inurl%3A%3Fq%3Dnode&ie=UTF-8&oe=UTF-8