[development] Core scripts cleanup

Bèr Kessels ber at webschuur.com
Wed Aug 16 15:13:41 UTC 2006

Op dinsdag 15 augustus 2006 19:10, schreef Khalid B:
> The discussion of the cli script being under DocumentRoot or not
> has to be brought into context of previous discussions on what
> should be under there and what should not.

Sympal scripts checks for existance of certain arguments. If not found it 
exists quietly. drupal.php requires --site if not set (for now) it exits 
without any output. 

Still if in a web accessible dir
 * they /can/ be loaded. This is bad enough in the first place. 
 * they /don't need to be there at all/. No-one needs non-web-accessible-files 
in a web-accessible place. No one should want that either. So why put them 
 * if they can be loaded, people see no 404, but a blank page or so. People 
then /know you have these scripts/. I prefer people to not know such things.
.htaccess: I think about 1/4th of all servers where I built drupal sites did 
not eat my .htaccess. Go out there and look for drupal sites with urls in the 
form of ?q= that will give a rough indication of the amount of servers 
where .htaccess is not allowed (off course missing mod_rewrite can be causing 
unclean urls too). Google counts [1] 4.830.000 of em. If even 1/3rd of these 
are due to missing .htaccess there are still a million!
relying on this file for security means, in practice, that we drop all support 
for none .htaccess servers!

[1] http://www.google.nl/search?q=inurl%3A%3Fq%3Dnode&ie=UTF-8&oe=UTF-8

More information about the development mailing list