Can"t find the server path when, in http.conf, using Alias and DirectoryIndex

I want to write a simple indexing script to display a
directory full of photos as a gallery of thumbnails.
(There are various solutions out there for this, but
they're all a bit more complicated than I need).

I've added a file in /etc/apache2/conf.d that
looks like this:

Alias /photos /home/public/photos

AllowOverride None
Order allow,deny
Allow from all

DirectoryIndex /cgi-bin/index.php



I use "Alias" so that I can leave the photos where they are
and not have to move them to DocumentRoot. I use "DirectoryIndex"
so that the script doesn't have to be in with the photos. My
problem is that the running script seems to have no way to
work out the photos are in /home/public/photos.

$_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
is "/srv/www/htdocs".

$_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.


How can I do this? Is there a way to interrogate the alias,
or can I set a variable in the conf file that PHP can pick up?

Cheers,
Paul.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Can"t find the server path when, in http.conf, using Aliasand DirectoryIndex

Paul Gardiner wrote:
> I want to write a simple indexing script to display a
> directory full of photos as a gallery of thumbnails.
> (There are various solutions out there for this, but
> they're all a bit more complicated than I need).
>
> I've added a file in /etc/apache2/conf.d that
> looks like this:
>
> Alias /photos /home/public/photos
>
> AllowOverride None
> Order allow,deny
> Allow from all
>
> DirectoryIndex /cgi-bin/index.php
>
>
>
> I use "Alias" so that I can leave the photos where they are
> and not have to move them to DocumentRoot. I use "DirectoryIndex"
> so that the script doesn't have to be in with the photos. My
> problem is that the running script seems to have no way to
> work out the photos are in /home/public/photos.
>
> $_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
> derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
> is "/srv/www/htdocs".
>
> $_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.
>
>
> How can I do this? Is there a way to interrogate the alias,
> or can I set a variable in the conf file that PHP can pick up?

I've sussed it. If I use this apache2 conf file, where I
tag the server path onto the end of the index url:

Alias /photos /home/public/photos

AllowOverride None
Order allow,deny
Allow from all

DirectoryIndex /cgi-bin/index.php/home/public/photos


then the script can pick up the path as $_SERVER[PATH_INFO]

P.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Can"t find the server path when, in http.conf, using Alias

2009/8/26 Paul Gardiner :
> Paul Gardiner wrote:
>>
>> I want to write a simple indexing script to display a
>> directory full of photos as a gallery of thumbnails.
>> (There are various solutions out there for this, but
>> they're all a bit more complicated than I need).
>>
>> I've added a file in /etc/apache2/conf.d that
>> looks like this:
>>
>> Alias /photos /home/public/photos
>>
>> =A0 =A0AllowOverride None
>> =A0 =A0Order allow,deny
>> =A0 =A0Allow from all
>>
>> =A0 =A0DirectoryIndex /cgi-bin/index.php
>>
>>
>>
>> I use "Alias" so that I can leave the photos where they are
>> and not have to move them to DocumentRoot. I use "DirectoryIndex"
>> so that the script doesn't have to be in with the photos. My
>> problem is that the running script seems to have no way to
>> work out the photos are in /home/public/photos.
>>
>> $_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
>> derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
>> is "/srv/www/htdocs".
>>
>> $_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.
>>
>>
>> How can I do this? Is there a way to interrogate the alias,
>> or can I set a variable in the conf file that PHP can pick up?
>
> I've sussed it. If I use this apache2 conf file, where I
> tag the server path onto the end of the index url:
>
> Alias /photos /home/public/photos
>
> =A0 =A0AllowOverride None
> =A0 =A0Order allow,deny
> =A0 =A0Allow from all
>
> =A0 =A0DirectoryIndex /cgi-bin/index.php/home/public/photos
>
>
> then the script can pick up the path as $_SERVER[PATH_INFO]
>
> P.

Hi Paul,

Glad you got it working. I would add one note: I don't know if this is
what your actual code contains or if it's just in your emails, but not
quoting string indices in arrays is a Bad Idea (TM). i.e. I'd
recommend avoiding the use of something like $_SERVER[PATH_INFO] and
instead use $_SERVER['PATH_INFO']. While the unquoted version will
work much of the time, it's untrustworthy. In this case, PHP sees the
label PATH_INFO and looks for a constant named PATH_INFO. If it
doesn't find one, then it interprets the label as a string--which
allows things to work. However, if at some point you include code
which does a define('PATH_INFO', 'foo'); then what PHP will see is
$_SERVER['foo'], which probably isn't what you wanted.

This example is of course a little contrived, but unless you know that
there is a constant defined with the value you're using, and you want
to use that as your array index, then you should always quote string
array indices.

For more information check out
http://www.php.net/manual/en/language.types.array.php#langua ge.types.array.=
donts

Of course, if you just left out the quotes for the purposes of posting
then you may happily ignore this message and carry on. :)


Cheers (I'm done butting in now),

Torben

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Can"t find the server path when, in http.conf, using Alias and DirectoryIndex

Torben Wilson wrote:
> 2009/8/26 Paul Gardiner :
>> Paul Gardiner wrote:
>>> I want to write a simple indexing script to display a
>>> directory full of photos as a gallery of thumbnails.
>>> (There are various solutions out there for this, but
>>> they're all a bit more complicated than I need).
>>>
>>> I've added a file in /etc/apache2/conf.d that
>>> looks like this:
>>>
>>> Alias /photos /home/public/photos
>>>
>>> AllowOverride None
>>> Order allow,deny
>>> Allow from all
>>>
>>> DirectoryIndex /cgi-bin/index.php
>>>
>>>
>>>
>>> I use "Alias" so that I can leave the photos where they are
>>> and not have to move them to DocumentRoot. I use "DirectoryIndex"
>>> so that the script doesn't have to be in with the photos. My
>>> problem is that the running script seems to have no way to
>>> work out the photos are in /home/public/photos.
>>>
>>> $_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
>>> derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
>>> is "/srv/www/htdocs".
>>>
>>> $_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.
>>>
>>>
>>> How can I do this? Is there a way to interrogate the alias,
>>> or can I set a variable in the conf file that PHP can pick up?
>> I've sussed it. If I use this apache2 conf file, where I
>> tag the server path onto the end of the index url:
>>
>> Alias /photos /home/public/photos
>>
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>>
>> DirectoryIndex /cgi-bin/index.php/home/public/photos
>>
>>
>> then the script can pick up the path as $_SERVER[PATH_INFO]
>>
>> P.
>
> Hi Paul,
>
> Glad you got it working.

Actually, since posting, I've given up on that method,
partly because I realised that in doing so I was opening up
a security hole and being close to allowing enumeration of
any apache-readable directory on my server, via direct use
of the url http://cgi-bin/index.php//. I've
found a much better way (using SetEnv):

Alias /photos /home/public/photos

AllowOverride None
Order allow,deny
Allow from all

SetEnv GalleryPath /home/public/photos
DirectoryIndex /cgi-bin/index.php


And then the script can pick up the path as $_SERVER['GalleryPath']

> I would add one note: I don't know if this is
> what your actual code contains or if it's just in your emails, but not
> quoting string indices in arrays is a Bad Idea (TM). i.e. I'd
> recommend avoiding the use of something like $_SERVER[PATH_INFO] and
> instead use $_SERVER['PATH_INFO']. While the unquoted version will
> work much of the time, it's untrustworthy. In this case, PHP sees the
> label PATH_INFO and looks for a constant named PATH_INFO.

Thanks for the advice. I've always been a little uncertain of that. I
don't generally leave the quotes out, but I had been tending to, just
for accessing $_SERVER (not sure why - some example code I must have
read I think). Anyway, I'll put the quotes in.

What about the case of including an array within a string, e.g.,

$line = "$array['name']$array['address']";

I've read something about that not working with the quotes in place.
Is that best avoided too?

Cheers,
Paul.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Can"t find the server path when, in http.conf, using Alias

2009/8/27 Paul Gardiner :
> Torben Wilson wrote:
>>
>> 2009/8/26 Paul Gardiner :
>>>
>>> Paul Gardiner wrote:
>>>>
>>>> I want to write a simple indexing script to display a
>>>> directory full of photos as a gallery of thumbnails.
>>>> (There are various solutions out there for this, but
>>>> they're all a bit more complicated than I need).
>>>>
>>>> I've added a file in /etc/apache2/conf.d that
>>>> looks like this:
>>>>
>>>> Alias /photos /home/public/photos
>>>>
>>>> =A0 AllowOverride None
>>>> =A0 Order allow,deny
>>>> =A0 Allow from all
>>>>
>>>> =A0 DirectoryIndex /cgi-bin/index.php
>>>>
>>>>
>>>>
>>>> I use "Alias" so that I can leave the photos where they are
>>>> and not have to move them to DocumentRoot. I use "DirectoryIndex"
>>>> so that the script doesn't have to be in with the photos. My
>>>> problem is that the running script seems to have no way to
>>>> work out the photos are in /home/public/photos.
>>>>
>>>> $_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
>>>> derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
>>>> is "/srv/www/htdocs".
>>>>
>>>> $_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.
>>>>
>>>>
>>>> How can I do this? Is there a way to interrogate the alias,
>>>> or can I set a variable in the conf file that PHP can pick up?
>>>
>>> I've sussed it. If I use this apache2 conf file, where I
>>> tag the server path onto the end of the index url:
>>>
>>> Alias /photos /home/public/photos
>>>
>>> =A0 AllowOverride None
>>> =A0 Order allow,deny
>>> =A0 Allow from all
>>>
>>> =A0 DirectoryIndex /cgi-bin/index.php/home/public/photos
>>>
>>>
>>> then the script can pick up the path as $_SERVER[PATH_INFO]
>>>
>>> P.
>>
>> Hi Paul,
>>
>> Glad you got it working.
>
> Actually, since posting, I've given up on that method,
> partly because I realised that in doing so I was opening up
> a security hole and being close to allowing enumeration of
> any apache-readable directory on my server, via direct use
> of the url http://cgi-bin/index.php//. =A0I've
> found a much better way (using SetEnv):
>
> Alias /photos /home/public/photos
>
> =A0 AllowOverride None
> =A0 Order allow,deny
> =A0 Allow from all
>
> =A0 SetEnv GalleryPath /home/public/photos
> =A0 DirectoryIndex /cgi-bin/index.php
>
>
> And then the script can pick up the path as $_SERVER['GalleryPath']
>
>> I would add one note: I don't know if this is
>> what your actual code contains or if it's just in your emails, but not
>> quoting string indices in arrays is a Bad Idea (TM). i.e. I'd
>> recommend avoiding the use of something like $_SERVER[PATH_INFO] and
>> instead use $_SERVER['PATH_INFO']. While the unquoted version will
>> work much of the time, it's untrustworthy. In this case, PHP sees the
>> label PATH_INFO and looks for a constant named PATH_INFO.
>
> Thanks for the advice. I've always been a little uncertain of that. I
> don't generally leave the quotes out, but I had been tending to, just
> for accessing $_SERVER (not sure why - some example code I must have
> read I think). Anyway, I'll put the quotes in.
>
> What about the case of including an array within a string, e.g.,
>
> =A0$line =3D "$array['name']$array['address']";

Hi Paul,

For that, you use curly braces inside strings:

$line =3D "{$array['name']}{$array['address']}";

http://www.php.net/manual/en/language.types.string.php#langu age.types.strin=
g.parsing


Regards,

Torben

> I've read something about that not working with the quotes in place.
> Is that best avoided too?
>
> Cheers,
> =A0 =A0 =A0 =A0Paul.
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php