apache: limit php-fastcgi to php

AddHandler to php extensions instead of making the php wrapper the
default mod_fcgid wrapper to avoid weird/insecure behavior.

Also fix `phpVersion' action.

diff --git a/lib/apache.dtl b/lib/apache.dtl
index afd1eb0..c56a380 100644 (file)
--- a/lib/apache.dtl
+++ b/lib/apache.dtl
@@ -36,6 +36,7 @@ extern val use_cert : ssl_cert_path -> ssl;
 extern type php_version;
 extern val php5 : php_version;
 extern val fast_php : php_version;
+{{FastCGI based php5. Much faster than regular php5.}}
 
 extern val vhost : host -> Vhost => [Domain]
   {WebPlaces : [web_place],

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index c4b47af..8f8b00b 100644 (file)
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -559,11 +559,15 @@ fun vhostBody (env, makeFullHost) =
                                  then
                                      (* fastcgi php 5.6 since 6 doesn't exist *)
                                      (TextIO.output (file, "\n\tAddHandler fcgid-script .php .phtml");
-                                      TextIO.output (file, "\n\tFcgidWrapper \"");
-                                      TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
-                                      TextIO.output (file, " ");
-                                      TextIO.output (file, Config.Apache.phpFastCgiWrapper);
-                                      TextIO.output (file, "\""))
+                                      (* FIXME: only set kerberos wrapper of waklog is on *)
+                                      map (fn ext => (TextIO.output (file, "\n\tFcgidWrapper \"");
+                                                      TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
+                                                      TextIO.output (file, " ");
+                                                      TextIO.output (file, Config.Apache.phpFastCgiWrapper);
+                                                      TextIO.output (file, "\" ");
+                                                      TextIO.output (file, ext)))
+                                          [".php", ".phtml"];
+                                      ())
                                  else
                                      (TextIO.output (file, "\n\tAddHandler x-httpd-php");
                                       TextIO.output (file, Int.toString php);
@@ -1112,9 +1116,20 @@ val () = Env.action_one "diskCache"
 
 val () = Env.action_one "phpVersion"
         ("version", php_version)
-        (fn version => (write "\tAddHandler x-httpd-php";
-                        write (Int.toString version);
-                        write " .php .phtml\n"))
+        (fn version => (if version = 6
+                        then
+                            (* fastcgi php 5.6 since 6 doesn't exist *)
+                            (write "\tAddHandler fcgid-script .php .phtml\n";
+                             (* FIXME: only set kerberos wrapper of waklog is on *)
+                             write "\n\tFcgidWrapper \"";
+                             write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+                             write " ";
+                             write Config.Apache.phpFastCgiWrapper;
+                             write "\" .php .phtml\n")
+                        else
+                            (write "\tAddHandler x-httpd-php";
+                             write (Int.toString version);
+                             write " .php .phtml\n")))
 
 val () = Env.action_two "addType"
         ("mime type", Env.string, "extension", Env.string)