Interesting Javascript/PHP problem I need help with

[heatherfeuer]

I have upgraded my web hosting account and I now have PHP5 installed.  However, on this server, safe_mode is on and there is nothing I can do about it.  That's okay.  CMSms installed perfectly (1.0.5) and I can do all the functions... except:

If there is any javascript code in a template (even with the {literal}{/literal} tags) or a call to an external javascript file, when I try to save the template, I get a 403 Forbidden error.  However, if I put that same javascript code or call to external javascript file in the head of a static html page, I have no problem.

I need to know if this is a server problem that I am going to have to live with or if there is some other kind of workaround.

Thanks!

[Nullig]

If you try to use an .htaccess override on an Apache server that has overrides disabled you will get a 403, Forbidden error.

Nullig

[heatherfeuer]

Also, I noticed that PHP is installed with the CGI API.  I don't know what affect, if any, that would have on my problem.  My hosting provider clarified that I can edit .htaccess on a local level, but when I try to put PHP directives in there I get 500 server errors.

I'm still stumped!

[Nullig]

Create a file called info.php, which contains the following code:

Code: Select all

<?php 
print "PHP runs under the user: [" . system('whoami') . "]<br>";
phpinfo(); 
?>

Copy it to your site and call it from your browser.
Copy the results and post them so we can see how PHP is configured.

Nullig

[heatherfeuer]

  All righty then!  I do believe I've figured out how to get around this problem. 

Problem:
My server has php 5.2.0 installed using the CGI API and running in safe_mode.  I was able to use ini_set() in my config file as explained in other posts in order to set the memory_limit and session.save_path.  Everything was working, or so I thought until I tried to copy and paste in a template from my local install.  The template included two calls to javascript files in the section:

Code: Select all

<!--[if IE]>
<__script__ defer type="text/javascript" src="pngfix.js"></__script>
<! [endif] -->
<__script__ type="text/javascript" src="minmax.js"></__script>

Don't ask me why, but when I would try to save the template, I would get a 403 Forbidden error: "You don't have permission to access '/mypath/admin/addtemplate.php on this server'."  The same thing happened when I would open the template for the css menu.  I would open it, make no changes, but when I hit submit, I get the same 403 Forbidden error.  Take the tags out and the template saves no problem.  Don't ask me why; that's just the way it is.

So, I thought I could maybe create a UDT with the script code.  No dice.  Got the same 403 Forbidden error.  In desperation I created a simple html file with the script calls in the head section and not a single problem.  So that got me thinking...

Solution:
I created a simple text file with the script code shown above and saved it as mytest.php and uploaded it to the remote server.  Then I created a UDT with the following: include("mytest.php"); and saved it as my_workaround.  In my template, in the head section I included the UDT {my_workaround}.  A long way around, but this time it worked.  When I looked at the page source, the scripts were there.

Granted, that is a convoluted way to get javascript code into the templates.  If anyone has a better suggestion, I'm all for it!

[heatherfeuer]

Nullig, I'll try that and get back to you!  I'm not sure if it will work, because phpinfo() is supposed to be disabled, but I think I can work around that too.

[heatherfeuer]

okay... I got the following:

Warning: system() has been disabled for security reasons in /home/username/public_html/info.php on line 2
PHP runs under the user: []

Warning: phpinfo() has been disabled for security reasons in /home/username/public_html/info.php on line 3

Edited to include:
Howsomever... if I upload an empty file called php.ini and run that script again, I don't get the errors.  I get the same PHP runs under the user: [].  Do you really want to see all of the stuff in phpinfo()?  Or do you want specific info?

It's coming up on 10:00 PM my time and I want to watch CSI:NY and then go to bed.  I'll respond to any other questions, suggestions and ideas in the morning.