safe_mode

我想用script.php访问文件系统,但又想把script.php能访问权限限制在script.php owner 的权限内(而不是apache的权限)。今天才知道把safe_mode turn on就可以,真是又高兴又痛苦,因为很久以前我就想限制script.php的访问权限了,不知道怎么,当时我得出的结论是php 以cgi模式安装才能做到权限检查,sapi模式是做不到的。可能fastcgi过分宣传它的安全特性给我造成一种错觉,其实就文件访问权限来说,sapi一样安全。

同样也是很久以前,见论坛上有个好学的人想要一个免费的空间体验一下xoops,对于好学的人我总想热心帮忙的,况且我又不用额外支出,何乐而不为。无奈我的服务器的designer做的初始设置不是针对share hosting的,safe_mode default off。这样把服务器分给别人用我总归不放心,所以最终没有划空间给好学之士。

safe_mode=on,真就这么简单!

What Makes A Good Web Program

我看问题可能有局限性,但我现在判断程序好坏的必要非充分条件之一是:这套程序能否充分利用Apache Url Rewrite。换句话说,如果是php程序,这套程序的前台页面是否由一个index.php来产生。

以这个条件来看,Zen Cart算好,Magento当然更好,osCommerce就不算好;Drupal / Joomla 都算好,WordPress 当然算是典范,Xoops 就不怎么样了。

也是因为这个原因,我放弃关注Xoops——痛苦地放弃,尽管曾经它是我的最爱,尽管它有某些功能很独到。

Where to Set $xoops_charset

I prefer UTF-8, always.

I am sorry to see Xoops new release is by default still ISO-8859-1 encoded. Unfortunately, Xoops have not provided a complete reference book for all smarty tags. I struggled to change the charset.

First, I looked at theme.html, and found it is

<meta http-equiv="content-type" content="text/html; charset=<{$xoops_charset}>" />

instread of

<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />

Although I could erase “<{$xoops_charset}>” and put in “UTF-8”, I knew it was not the best way to change the default encoding.

So I began to search for where the smarty tag $xoops_charset is saved. I thought Xoops the adminstration interface had a place to change the charset. I went through each field in Site Preferences and found nowhere to set the charset.

It becomes a guess work for me where which value was stored. I searched the database but I could not find any value is “ISO-8859-1”.

Last method I used was a global search for the string “ISO-8859-1” in all Xoops source files. 16 hits. “/language/english/global.php” was likely to affect $xoops_charset. I opened it and changed a line from

define('_CHARSET', 'UTF-8');

to

define('_CHARSET', 'UTF-8');

Then, UTF-8 encoding is successfully changed.