Author: shelleyp
Description:
Using .htaccess to eliminate the index.php from showing up in the pages worked
well in 1.3.6 but works badly with 1.3.7. The .htaccess file is:
php_flag register_globals 0
- first, enable the processing - Unless your ISP has it enabled
- already. That might cause weird errors.
RewriteEngine on
- Don't rewrite requests for files in MediaWiki subdirectories,
- MediaWiki PHP files, HTTP error documents, favicon.ico, or robots.txt
RewriteCond %{REQUEST_URI} !^/(stylesheets|images)/
RewriteCond %{REQUEST_URI} !^/(redirect|texvc|index).php
RewriteCond %{REQUEST_URI} !^/error/(40(1|3|4)|500).html
RewriteCond %{REQUEST_URI} !^/favicon.ico
RewriteCond %{REQUEST_URI} !^/robots.txt
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
~
The relevant bits from the LocalSettings.php file:
$wgScriptPath = "";
$wgScript = $wgScriptPath;
$wgRedirectScript = "/redirect.php";
If using PHP as a CGI module, use the ugly URLs
$wgArticlePath = "/$1";
I've had to back out using 1.3.7 on my production wiki because of the
performance problems. Yet I hate to leave an unfixed security problem. I've
tried looking through the changed code for the problem, but no luck yet.
Version: 1.3.x
Severity: critical
OS: Linux
Platform: PC
URL: http://testwiki.itkitchen.info