Softaculous


Topic : Softaculous breaks RemoveHandler and SetHandler in MediaWiki


Posted By: johnywhy on February 2, 2021, 9:33 pm
To prevent script execution in uploads dir, MediaWiki says to apply this htaccess:

Code
# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .phtml .php .php3 .php4 .php5 .php7

# Old way of registering php with AddHandler
RemoveHandler .php

# Recent way of registering php with SetHandler
<FilesMatch "\.ph(p[3457]?s?|tml)$">
SetHandler None
</FilesMatch>
https://www.mediawiki.org/wiki/Manual:Security#Upload_security


In manual installations of mw, this works. In Softaculous install on my namecheap host, it fails. I have confirmed this with phpinfo.php.

Posted By: Brijesh on February 10, 2021, 7:48 am | Post: 1
Hi,

Sorry for the inconvenience caused.

Do you face this issue while installing MediaWiki via Softaculous or while upgrading your MediaWiki installation ?

-----------------------
Loginizer - WordPress Security Plugin
Follow us on Twitter

Posted By: johnywhy on February 10, 2021, 8:12 am | Post: 2
new Softaculous installation

Posted By: johnywhy on February 12, 2021, 12:00 am | Post: 3
same problem in manually-installed MediaWiki. On namecheap

Posted By: Brijesh on February 26, 2021, 1:14 pm | Post: 4
Hi,

Sorry for the delay in response.

The .htaccess file is not included as a part of MediaWiki package so it should not be overwritten when you upgrade.

Can you please open a support ticket with us so we can check this in detail :
https://softaculous.deskuss.com/

-----------------------
Loginizer - WordPress Security Plugin
Follow us on Twitter

Posted By: johnywhy on February 26, 2021, 8:01 pm | Post: 5
hi

.htaccess isn't getting overwritten. It's just not working.

But i see now that in a manual mw install (not softaculous), the same .htaccess (above) isn't working. So this isn't a softaculous issue.

thx

Posted By: Brijesh on March 10, 2021, 10:20 am | Post: 6
Yes correct it seems to be a server config related issue.

-----------------------
Loginizer - WordPress Security Plugin
Follow us on Twitter

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.