[Pkg-monitoring-maintainers] Bug#757261: fails to enable PHP module, misleading error about ACL access

Daniel Pocock daniel at pocock.pro
Wed Aug 6 17:50:03 UTC 2014


Package: ganglia-webfrontend
Version: 3.6.1-1
Severity: important


I've noticed that in some fresh installs where the PHP module or CGI is
not already enabled ganglia-web is not enabling it either and the PHP
source code is being served to clients without being interpreted/executed.

I'd like to tidy up the debian/control Depends field and the postinst to
try and avoid this

To make matters more confusing, people who land in this situation with
the ganglia-web package usually see an error "Sorry, you do not have
access to this resource.".  One of the first lines of code in the PHP is
checking an ACL.  If PHP is not executed at all, the browser renders the
error anyway.  Maybe we need something like this at the top of every PHP
file:

<?php
if(1 > 2) {
  die("<html><head><title>PHP not enabled</title><body><h4>Your PHP
module or CGI support is not enabled.  Please check the web server.
Ignore any other messages below this line.</h4></body></html>");
}

or is there a more elegant solution?

I've posted a query to the PHP maintainers for advice about this matter:

http://lists.alioth.debian.org/pipermail/pkg-php-maint/2014-August/013661.html



More information about the Pkg-monitoring-maintainers mailing list