Move .tt files out of "htdocs" and into separate "tt" or "templates" directory

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Move .tt files out of "htdocs" and into separate "tt" or "templates" directory

dcook

Hi all,

 

We should move all the .tt files out of the /usr/share/koha/intranet/htdocs and /usr/share/koha/opac/htdocs directories and put them somewhere private like /usr/share/koha/tt or /usr/share/koha/templates.

 

At the moment, Apache is serving these files to anyone who asks for them, and it really shouldn’t.

 

Having these files in the “htdocs” directories also makes it harder to manage actual static assets that are served to Koha users.

 

I’ve opened a Bugzilla report for it: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26140

 

This early in the release cycle, it could be great to get this done, so that we have a chance to work out any kinks before November.

 

What do people think?

 

David Cook

Systems Librarian

Prosentient Systems

72/330 Wattle St

Ultimo, NSW 2007

Australia

 

Office: 02 9212 0899

Online: 02 8005 0595

 


_______________________________________________
Koha-devel mailing list
[hidden email]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

signature.asc (495 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Move .tt files out of "htdocs" and into separate "tt" or "templates" directory

MJ Ray-2
On Wed, 5 Aug 2020 17:28:47 +1000
<[hidden email]> wrote:

> We should move all the .tt files out of
> the /usr/share/koha/intranet/htdocs and /usr/share/koha/opac/htdocs
> directories and put them somewhere private like /usr/share/koha/tt
> or /usr/share/koha/templates.
>
> At the moment, Apache is serving these files to anyone who asks for
> them, and it really shouldn't.

Why shouldn't it? Do they contain anything sensitive that people
couldn't discover by looking in the koha sources?

> Having these files in the "htdocs" directories also makes it harder to
> manage actual static assets that are served to Koha users.

That seems like a far stronger reason not to do it.

> I've opened a Bugzilla report for it:
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26140

Cool. Thanks.

Regards,
--

MJR http://mjr.towers.org.uk/
Member of http://www.software.coop/ (but this email is my personal view
only)

_______________________________________________
Koha-devel mailing list
[hidden email]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

Re: Move .tt files out of "htdocs" and into separate "tt" or "templates" directory

dcook
Hey MJ,

I didn't realize that you were still in the Koha world. Nice to hear from you.

I meant that Apache shouldn't serve the template files because doing so is not useful and - as far as I know - it is unintended. I think having unintended consequences is something to be avoided, even if the consequence is not a security risk (this time).

As you note though, my real motivation is better/easier management of static assets. (With a longer view to what is described here for separately deploying static assets: https://docs.djangoproject.com/en/dev/howto/static-files/deployment/)

Lately, I've been thinking how Koha owes some success from being geared towards very simple deployments (achieved by just following the instructions on the wiki), but how it should be friendly to more complex and modern deployments too.

David Cook
Software Engineer
Prosentient Systems
72/330 Wattle St
Ultimo, NSW 2007
Australia

Office: 02 9212 0899
Online: 02 8005 0595

-----Original Message-----
From: Koha-devel <[hidden email]> On Behalf Of MJ Ray
Sent: Monday, 17 August 2020 11:16 PM
To: [hidden email]
Subject: Re: [Koha-devel] Move .tt files out of "htdocs" and into separate "tt" or "templates" directory

On Wed, 5 Aug 2020 17:28:47 +1000
<[hidden email]> wrote:

> We should move all the .tt files out of the
> /usr/share/koha/intranet/htdocs and /usr/share/koha/opac/htdocs
> directories and put them somewhere private like /usr/share/koha/tt or
> /usr/share/koha/templates.
>
> At the moment, Apache is serving these files to anyone who asks for
> them, and it really shouldn't.

Why shouldn't it? Do they contain anything sensitive that people couldn't discover by looking in the koha sources?

> Having these files in the "htdocs" directories also makes it harder to
> manage actual static assets that are served to Koha users.

That seems like a far stronger reason not to do it.

> I've opened a Bugzilla report for it:
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26140

Cool. Thanks.

Regards,
--

MJR http://mjr.towers.org.uk/
Member of http://www.software.coop/ (but this email is my personal view
only)

_______________________________________________
Koha-devel mailing list
[hidden email]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/


_______________________________________________
Koha-devel mailing list
[hidden email]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

signature.asc (495 bytes) Download Attachment