[Koha-devel] Move .tt files out of "htdocs" and into separate "tt" or "templates" directory
dcook at prosentient.com.au
dcook at prosentient.com.au
Tue Aug 18 01:23:20 CEST 2020
Hey MJ,
I didn't realize that you were still in the Koha world. Nice to hear from you.
I meant that Apache shouldn't serve the template files because doing so is not useful and - as far as I know - it is unintended. I think having unintended consequences is something to be avoided, even if the consequence is not a security risk (this time).
As you note though, my real motivation is better/easier management of static assets. (With a longer view to what is described here for separately deploying static assets: https://docs.djangoproject.com/en/dev/howto/static-files/deployment/)
Lately, I've been thinking how Koha owes some success from being geared towards very simple deployments (achieved by just following the instructions on the wiki), but how it should be friendly to more complex and modern deployments too.
David Cook
Software Engineer
Prosentient Systems
72/330 Wattle St
Ultimo, NSW 2007
Australia
Office: 02 9212 0899
Online: 02 8005 0595
-----Original Message-----
From: Koha-devel <koha-devel-bounces at lists.koha-community.org> On Behalf Of MJ Ray
Sent: Monday, 17 August 2020 11:16 PM
To: koha-devel at lists.koha-community.org
Subject: Re: [Koha-devel] Move .tt files out of "htdocs" and into separate "tt" or "templates" directory
On Wed, 5 Aug 2020 17:28:47 +1000
<dcook at prosentient.com.au> wrote:
> We should move all the .tt files out of the
> /usr/share/koha/intranet/htdocs and /usr/share/koha/opac/htdocs
> directories and put them somewhere private like /usr/share/koha/tt or
> /usr/share/koha/templates.
>
> At the moment, Apache is serving these files to anyone who asks for
> them, and it really shouldn't.
Why shouldn't it? Do they contain anything sensitive that people couldn't discover by looking in the koha sources?
> Having these files in the "htdocs" directories also makes it harder to
> manage actual static assets that are served to Koha users.
That seems like a far stronger reason not to do it.
> I've opened a Bugzilla report for it:
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26140
Cool. Thanks.
Regards,
--
MJR http://mjr.towers.org.uk/
Member of http://www.software.coop/ (but this email is my personal view
only)
_______________________________________________
Koha-devel mailing list
Koha-devel at lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20200818/078d602f/attachment.sig>
More information about the Koha-devel
mailing list