New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Separating read-only from read-write files: PIWIK_USER_PATH does not work #11654
Comments
In hindsight, Nowadays, it would be more conventional to have |
in UIAssetFetcher and StylesheetUIAssetMerger. Resolves matomo-org#11654, makes PIWIK_USER_PATH work again. Presumably. the paths were just mixed up.
@robocoder I understand your suggestion with a But even then, I think I need something like I found out my other problem after patching |
I wrote a PR at #11661 which seems to fix all problems I had with |
in UIAssetFetcher and StylesheetUIAssetMerger. Resolves matomo-org#11654, makes PIWIK_USER_PATH work again. Presumably. the paths were just mixed up.
in UIAssetFetcher and StylesheetUIAssetMerger. Resolves #11654, makes PIWIK_USER_PATH work again. Presumably. the paths were just mixed up.
From #1453 (comment) by @robocoder, I learned that you should be able to overwrite
PIWIK_USER_PATH
viabootstrap.php
to move the writable piwik folders,config
andtmp
, to a read-write directory, and keep the rest read-only.I found out that I need to copy the
config
folder toPIWIK_USER_PATH
, and tmp is created automatically.Problem is: Afterwards, there are errors about missing plugin folders and unfound stylesheet files. I investigated the code and found suspicious uses of
PIWIK_USER_PATH
incore/AssetManager/UIAssetFetcher.php
andcore/AssetManager/UIAssetMerger/StylesheetUIAssetMerger.php
which look like they should bePIWIK_INCLUDE_PATH
. I tried to patch them toPIWIK_INCLUDE_PATH
, I can load the page then, but it renders without stylesheets. 😢 In that state, I could not find any error messages, so I don't really know what's not working.https://piwik.org/docs/include-piwik-in-your-project/#bootstrap-php-execute-custom-code-before-piwik-runs notes that using
PIWIK_USER_PATH
andPIWIK_INCLUDE_PATH
“facilitates a ‘best practice’ of preventing direct access to PHP files.” – I could not find concrete examples on how and what exactly to do to achieve this, e.g. whether I also should copyplugins
or so.Related: #10854
Steps to reproduce:
/var/www/piwik
bootstrap.php
with e.g.:/var/lib/piwik
and make it writable from the webserver/var/www/piwik/config
into/var/lib/piwik
Result:
I don't know how to get a working
PIWIK_USER_PATH
, seems like there is more to it that the presumably wrong use ofPIWIK_USER_PATH
in AssetManager classes which I do not understand.(Not important for the problem, but for people who find this through search: I'm trying to do this to create a Nix package and NixOS module, where I have to separate statefull and stateless files)
The text was updated successfully, but these errors were encountered: