Hi, The issue was chmod a+w included o+w so using chmod o+w is no improvement. You might find if the owner:group was changed on the directory config, as apache runs under www:www to:
www:www, that drwxr-xr-x (u+w) or root:www then drwxrwxr-x (ug+w) this might solve part of the issue. However the file index.php is located in the wrong directory in the first place, and if index.php is changed this breaks the package updating. Nigel On 10/22/11 13:25, wen heping wrote: > How about this one ? > > wen > > 2011/10/19 Nigel Taylor <njtay...@asterisk.demon.co.uk>: >> On 10/19/11 14:05, wen heping wrote: >>> Hi, >>> >>> Here is an update of www/mediawiki to 1.7.0. >>> >>> Tested on Loongson and no regress. >>> >>> Comments? OK ? >>> >>> >>> wen >> Hi, >> >> That's update to 1.17.0.. >> >> In the PLIST >> >> +mediawiki/cache/.htaccess >> @mode a+w >> mediawiki/config/ >> +@mode >> +mediawiki/config/OBSOLETE >> +@mode a+w >> mediawiki/config/index.php >> @mode >> mediawiki/config/index.php5 >> >> All users write access to mediawiki/config directory that's almost >> always wrong, only /tmp or /var/tmp have this but also have sticky bit >> set. A directory named config if truly for configurations as implied by >> the name it's most definitely wrong. >> >> Then mediawiki/config/index.php, executable code with all users write >> access, that's wrong. index.php shouldn't be modified as supplied by the >> package and sha checksummed, pkg_add will complain if modified on >> updates. You don't place any executable code in a rw directory. >> >> Not used this software. Looks like this has been wrong from the start. >> Could possibly be an upstream. >> >> It's no worse than it was before, but I can't say it's Ok. >> >> Nigel >>
