View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
08356 | Bug reports | Installation | public | 2013-11-12 11:43 | 2013-11-24 19:05 |
Reporter | flewid | Assigned To | c_schmitz | ||
Priority | normal | Severity | minor | ||
Status | closed | Resolution | fixed | ||
Product Version | 2.00+ | ||||
Fixed in Version | 2.00+ | ||||
Summary | 08356: Apache 2.4 + PHP5-FPM (Fastcgi) and Rewrite Issue | ||||
Description | Hello, I didn't find another thread about this so I figured I should post it, after asking on IRC and nobody had encountered it. We are using Ubuntu, with Apache 2.4 and PHP 5.5.x on our new server. The old server, was using Apache 2.2 and Mod PHP. Upon migrating Limesurvey to our new server, the main screen will not load, and the administration interface gives an error. To be clear, we also tried a fresh installation, and the above still happens. This happens if it's in it's own directory, or, if it's in a sub directory on the server. Ive tried with, and without the default limesurvey .htaccess file as well. Here's what happens on the index page, followed by the admin page, then the server logs for reference; HOME PAGE; CException CHttpRequest is unable to determine the entry script URL. /home/username/survey.domainname.com/framework/base/CModule.php(106) 094 / Stack Trace 310 @see setScriptUrl #1 548 @return string the relative URL for the application #2 107 */ #3 101 public function get($name) #4 574 //The following url and dir locations do not need to be modified unless you have a non-standard #5 104 ), #6 122 to the constructor of the application class. #7 174 ADMIN PAGE; Access denied. SERVER LOGS; [Tue Nov 12 04:36:22.810573 2013] [:error] [pid 7811:tid 140527118784256] [client 50.157.104.227:65403] FastCGI: server "/usr/lib/cgi-bin/php5-fcgi-domainname-survey" stderr: Access to the script '/home/username/survey.domainname.com/index.php/admin' has been denied (see security.limit_extensions) | ||||
Steps To Reproduce |
| ||||
Additional Information | The problem appears to be in the rewrites supplied with the controller/limesurvey. By default, the newer versions of PHP and PHP5-FPM include a new directive in the pool configuration, which is; security.limit_extensions = .php What this does is limit what PHP5-FPM will execute as a php script. In hopes of stopping certain attacks on the site, obviously. However, because of the rewrites employed by limesurvey, it's thinking that /admin/ is not a php file. I tried adding /admin, admin, . to the restrictions line and that did not make a difference. Full PHP version; PHP 5.5.3-1ubuntu2 (cli) (built: Oct 9 2013 14:49:12) Default HTACCESS; <IfModule mod_rewrite.c>
</IfModule> General setting to properly handle LimeSurvey pathsAcceptPathInfo on My VHOST; <VirtualHost XXX.XXX.XXX.XXX:80> | ||||
Tags | No tags attached. | ||||
Bug heat | 4 | ||||
Complete LimeSurvey version number (& build) | 131107 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | Chrome, Firefox, Safari | ||||
Database type & version | MariaDB - Ubuntu Latest | ||||
Server OS (if known) | Ubuntu Server | ||||
Webserver software & version (if known) | Apache 2.4 | ||||
PHP Version | PHP 5.5.3 | ||||
If you set security.limit_extensions to an empty value the restriction should be lifted. |
|
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13474 |
|
Fix committed to 2.05 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13475 |
|
Fix: LimeSurvey now tries to find out if security.limit_extensions is set during install and uses urlFormat 'get' if applicable. |
|
2.00+ Build 131122 released |
|
LimeSurvey: master e1c3719d 2013-11-20 23:56 Details Diff |
Fixed issue 08356: PHP5.5 FPM with security.limit_extensions parameter breaks LimeSurvey |
Affected Issues 08356 |
|
mod - application/controllers/InstallerController.php | Diff File | ||
LimeSurvey: 2.05 21f665e3 2013-11-20 23:56 Details Diff |
Fixed issue 08356: PHP5.5 FPM with security.limit_extensions parameter breaks LimeSurvey |
Affected Issues 08356 |
|
mod - application/controllers/InstallerController.php | Diff File |
Date Modified | Username | Field | Change |
---|---|---|---|
2013-11-12 11:43 | flewid | New Issue | |
2013-11-12 14:11 | flewid | Issue Monitored: flewid | |
2013-11-20 23:43 | c_schmitz | Note Added: 27261 | |
2013-11-20 23:43 | c_schmitz | Assigned To | => c_schmitz |
2013-11-20 23:43 | c_schmitz | Status | new => feedback |
2013-11-20 23:56 | c_schmitz | Changeset attached | => LimeSurvey master e1c3719d |
2013-11-20 23:56 | c_schmitz | Note Added: 27262 | |
2013-11-20 23:56 | c_schmitz | Resolution | open => fixed |
2013-11-20 23:59 | c_schmitz | Changeset attached | => LimeSurvey 2.05 21f665e3 |
2013-11-20 23:59 | c_schmitz | Note Added: 27263 | |
2013-11-20 23:59 | c_schmitz | Note Added: 27264 | |
2013-11-20 23:59 | c_schmitz | Status | feedback => resolved |
2013-11-20 23:59 | c_schmitz | Fixed in Version | => 2.00+ |
2013-11-24 19:05 | c_schmitz | Note Added: 27347 | |
2013-11-24 19:05 | c_schmitz | Status | resolved => closed |
2021-08-02 18:07 | guest | Bug heat | 2 => 4 |