search

perusio / drupal-with-nginx

Running Drupal using nginx: an idiosyncratically crafted bleeding edge configuration.
855 stars 246 forks source link

Add handling for modules that like to access index.php directly #261

Closed tdm4 closed 7 years ago

tdm4 commented 7 years ago

For example, autocomplete taxonomy wants to access index.php and cannot. This rewrites the URL so it can. Also handles Drupal security issue people experienced earlier in the year.

Relates to issue (https://github.com/perusio/drupal-with-nginx/issues/241)

tdm4 commented 7 years ago

@perusio not sure if you want it to return 404 if there are no arguments to index.php, or have it try via drupal handler.

emjayess commented 7 years ago

Could you please provide a link to the taxonomy autocomplete module project page that you are referencing? And does this patch address Drupal 7 configuration?

tdm4 commented 7 years ago

Hi @emjayess this is from Drupal 7 core code: https://www.drupal.org/node/854216 This addresses Drupal 7 configuration. I'm not sure about Drupal 6. Have nothing to test that code on.

tdm4 commented 7 years ago

OK maybe the title is was wrong. The drupal core code has autocomplete that accesses index.php directly. Also the patch for https://www.drupal.org/SA-CORE-2015-003 affected things too. I'm not a drupal developer, just a sysadmin.

iryston commented 7 years ago

@tdm4 this commit doesn't works at my server. I still receive an error.

An AJAX HTTP error occurred. HTTP Result Code: 404 Debugging information follows. Path: http://www.example.com/index.php?q=taxonomy/autocomplete/field_subjects StatusText: Not Found ResponseText: 404 Not Found 404 Not Found nginx

iryston commented 7 years ago

To prevent allowing direct access to index.php is written a little module Autocomplete Unblock The sandbox project is located at https://www.drupal.org/sandbox/irystonnet/2821464

Opened issue on Drupal.org Project applications https://www.drupal.org/node/2821473

To use it just clone to modules directory and enable.

git clone --branch 7.x-1.x https://git.drupal.org/sandbox/iryston.net/2821464.git autocomplete_unblock
acrolink commented 7 years ago

Would you please confirm that this issue cannot be fixed by some modification to the Nginx configuration files provided by drupal-with-nginx repo, without the need to install the above mentioned sandbox Drupal module? Thank you.

iryston commented 7 years ago

@acrolink this issue can be fixed as described in this comment But, I don't think that allowing direct access to index.php is the preferred choice.

tdm4 commented 7 years ago

Closing this as an agreement cannot be reached.