[development] Core scripts cleanup
Bèr Kessels
ber at webschuur.com
Wed Aug 16 15:13:41 UTC 2006
Op dinsdag 15 augustus 2006 19:10, schreef Khalid B:
> The discussion of the cli script being under DocumentRoot or not
> has to be brought into context of previous discussions on what
> should be under there and what should not.
Sympal scripts checks for existance of certain arguments. If not found it
exists quietly. drupal.php requires --site if not set (for now) it exits
without any output.
Still if in a web accessible dir
* they /can/ be loaded. This is bad enough in the first place.
* they /don't need to be there at all/. No-one needs non-web-accessible-files
in a web-accessible place. No one should want that either. So why put them
there?
* if they can be loaded, people see no 404, but a blank page or so. People
then /know you have these scripts/. I prefer people to not know such things.
.htaccess: I think about 1/4th of all servers where I built drupal sites did
not eat my .htaccess. Go out there and look for drupal sites with urls in the
form of ?q= that will give a rough indication of the amount of servers
where .htaccess is not allowed (off course missing mod_rewrite can be causing
unclean urls too). Google counts [1] 4.830.000 of em. If even 1/3rd of these
are due to missing .htaccess there are still a million!
relying on this file for security means, in practice, that we drop all support
for none .htaccess servers!
Bèr
[1] http://www.google.nl/search?q=inurl%3A%3Fq%3Dnode&ie=UTF-8&oe=UTF-8
More information about the development
mailing list