On top of other difficulties I’m encountering (but that I’m working on), there’s one making me crazy: Include a stupid file. That’s prioritary because this are ads, that can’t be offline too many hours by contract.
The file is /includes/display.php - Earlier I used a SSI statement, and worked fine. In the Pro template, while studying a good position and/or placement, for now I thought it would be ok put them in the footer.
I edit the “Footer Links” Widget, thinking it was right place to edit, and put the classical statement: < ! - - # include virtual=”/includes/display.php” - - > (note that, i set an “SHTML” suffix in Preferences->Publishing options)
Save and hop! Error: Method Not Implemented POST to /cgi-bin/mt/mt.cgi not supported
So I go through Template options and tried to set “Server Side Include:” “Process as SHTML include”
Nothing. Same error.
So I edit again and try this statement instead: <$MT:Include file="/includes/display.php"$>
Save is ok (happy for a while) but… PHP code appears in clear form. No links.
I’m almost desperate. What I must do in this MT4.2 to see a PHP file included?
Many thanks to helpers!
Luciano
Reported on Movable Type 4.2
The invisible code is this:
These server-side errors from saving templates are usually due to a server side filter like mod_security preventing you from posting things that could be considered a type of exploit. MT itself doesn't care what you store in a MT template. Raw SSI Apache includes are perfectly fine. Try adding a '.htaccess' file to your MT directory (where mt.cgi resides) that has this in it:
SecEngineFilter off
If my guess is right, you should then be able to save your templates with the native Apache include tag in place.
Unfortunately, I discovered that when i put a .htaccess it gives me a 500 Internal Server Error.
And this ONLY for this website running MT 4.2 (in other websites, this not).
I check tre syntax three times, the UNIX format, the ASCII ftp transfer.. nothing.
If I put .htaccess, i receive a 500 Server Errore
If not, i have a 501 Method Not Implemented
I'm becoming more desperate..
On the last temptative, I can try to edit manually the template itself..
Where MT stores the "Footer Links" widget code?
The Banner Footer module.
I mean physically: on the website path or on the DB?
I can't - actually - save via browser any Module, widget or other with a SSI directive inside, without having a 501 Error back.
I don't know why.
Could you please provide the content of your .htaccess file?
The directive SecEngineFilter off would only apply if your webserver had the mod_security module enabled and even then it should not be interfering with a default installation as MT does not by default trigger any rules, including using the bleeding edge snort rulesets.
Do you know what AllowOverride setting your web server has?
And finally, what is the error the webserver records for the 500 and 501 errors?
P.s...Just re-red the initial post. The error:
Save and hop! Error: Method Not Implemented POST to /cgi-bin/mt/mt.cgi not supported
Is most likely caused by the web server owner turning off some HTTP verbs to prevent verbing attacks.
The changes you make under templating options affect the web application, not the web server and in order to be successful the web application must be configured to match the web servers mode of operating. The same applies for the php code, it falls back on the web servers configuration (or lack there of) of php.
Yes, I agree with your considerations, still remember anyway that there isn't a .htaccess file at all, at the moment.
On the other hand, I don't have a full look on the webserver settings, logs and configuration, because in hosting there.
I can argue what it's happening, but I've control only on the MT settings, and can't change anything "server side", except the things allowed in ftp and to write in .htaccess (few things). Then, I noticed that if I try to put a .htaccess file with some settings like SecEngineFilter tc, I have a 500 Server Error in all MT calls. That's what happened also when, for test, I tried to configure the Dynamic publishing system.
Now i'm seeing to move where I can have a different perspective, moving toward another hosting solution.
If I don't understand bad, with this version of MT is more problematic to remain in a "standard" one.
They don't even give you SSH access to their servers?
Of course not: it's only a web hosting, not a virtual server or a VPS service. I would like to switch to a VPS, though..
I have in mind that the problem is inside a mod_security filter like Brad said, but the problem is that I haven't access to those settings. I asked to the assistance.. Hoping in a reply.
Mike, about PHP, Mike, I can't include a PHP statement inside a .shtml in a MT:Include way. The web server is instructed to interpretate PHP only in .php files. Since all my files are with a .shtml suffix, the result would be PHP code showed in screen. Instead, the inclusion must be SSI: "Server Side Include".
That is unfortunately a serious issue with shared hosting in general, and no matter what software you're using, it's going to bite you in the ass. I have had similar suspicions, since what you're doing by itself could not possibly cause a normal installation of Movable Type 4.2 to crash. I've been using 4.2 since the betas, and it's always been more stable on my host than what you're describing.
This is my host. They have an excellent environment for hosting MT, and have so far for the last few years been rock solid stable. If you want to experiment with a new host, their basic package is only $6. I pay $11/month for my account, and have absolutely no complaints except the fact that they dropped PostgreSQL support. I'm constantly on their server by SSH, hacking away at PHP scripts, Perl files, htaccess files, etc. and so far, as I said, they don't give me any grief. The only thing they interfere with on MT is that they configured their environment to not allow mt-tb.cgi to execute on their server unless you rename the file to something less obvious for spammers :)
Hurra. One problem has been resolved: the assistance wrote me that it was a setting (mod_security) and that they fix it.
Now the SSI inclusion
works, finally!
I recommend fsckvps if you are thinking about vps hosting. Their packages start at $9.95 and so far it's been worth it for me. If you signup, you can use the cupon code 10OFF to get a 10% discount each month. It would mean that you would have to manage apache, database server etc yourself.