tags:

views:

126

answers:

1
+2  Q: 

Prevent .htaccess syntax error

Hi,

As part of one our system's we enable a user in the backoffice to add a block of 301 redirects should they need to. This is just a textarea which then populates a specific area of a .htaccess file. As much as this may seem insecure it has only previously used internally by people who know what they are doing but for various reasons they cannot access the specific file. We need now to allow more access to this function, not for the general public, but for people that probably have far less knowledge of regexp etc and syntax in htaccess files. Obviously the major concern here is the user enters some bad syntax and makes their entire site, including the backoffice where they could fix the issue, totally inaccessible without manual intervention. What approaches can i take to make sure that they do not break their site? A htaccess syntax check? copy the file elsewhere and check it doesnt generate a 500 error (with cURL or similar)?. Would welcome any ideas.

Thanks.

+1  A: 

For ingenous users you should create a Tool that only accepts the data for the specific task, validates it and adds it to the htaccess.

elias  2010-04-19 14:10:30
its difficult given that 301 rewrite rules could differ massively
seengee  2010-04-19 14:11:58
They can't differ too "massively". They have to be on one line, and in two parts with an expected format for both parts. You can at the very least split your textarea's value on new line characters and make sure the two pieces fit the format. I'd guess the bulk of errors you'll encounter will either be people breaking things onto multiple lines or people who completely misunderstand the format, so even though the rules can be very different, some simple rules (and ensuring the proper prefix on each line) will make a big difference.
Tom  2010-04-19 14:18:54
@Tom that's true - its not completely fault tolerant but would be an improvement
seengee  2010-04-19 14:24:55
@seengee - this is similar to how cPanel in some hosting environments lets you setup redirects. Provide users with a from-to, verify that they work and don't violate rules that you set up, and then add them in.
thetaiko  2010-04-19 14:27:14
this is as close to an answer as i think i'm going to get, i've thought of a new approach so i'll look at posting that as a new question
seengee  2010-05-04 14:35:37

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases