Just to recap: on PAYH, PHP scripts in httpdocs are handled by the Apache-module version of PHP. In order to prevent cross-site-scripting attacks, mod_php5, which runs as the Apache user (www-data), has to run in "safe mode". This causes a whole heap of problems! If we could use the CGI version of PHP, this would run as our own user and can safely run without safe mode.
There are unsupported fixes that would allow us to do that on the current Plesk-8 PAYH servers, but Plusnet doesn't seem keen. Similarly, Plesk 9 will allow PHP to be handled by FastCGI, but Plusnet doesn't seem keen to upgrade soon, and haven't (yet?) offered to keep the ccgi servers running until they do.
As mentioned previously, PAYH does have a working version of php5-cgi and this can be used for executable scripts in the cgi-bin, with a shebang line. This makes converting scripts a right pain. If we could override the file handlers in .htaccess, we could use php5-cgi from httpdocs, but it seems we can't. There is, however, a way to recreate this behaviour:
This is my own method. It can probably be improved. It's primarily aimed at scripters, but it seems to work with Gallery2.
This method redirects requests for php files in httpdocs to a php5-cgi wrapper script in cgi-bin which inherits the apparent location and contents of the requested file.
The example I give works on a per-folder basis.
First, create a wrapper script:
phpwrapper.cgi
#!/opt/php52/bin/php5-cgi
<?php
$_ENV["SCRIPT_NAME"]=$_SERVER['PHP_SELF']=$_SERVER["SCRIPT_NAME"]=$_ENV["REDIRECT_URL"];
$_ENV["SCRIPT_FILENAME"]=$_SERVER["SCRIPT_FILENAME"]=$_SERVER["DOCUMENT_ROOT"].$_ENV["REDIRECT_URL"];
ereg('^(.*)/([^/]*\.php)$', $_ENV["REDIRECT_URL"], $wrap_url);
chdir('/var/www/vhosts/yourusername.plushost.co.uk/httpdocs/'.$wrap_url{1});
include $wrap_url{2};
?>
Substitute your user name for "yourusername", or your domain name for "yourusername.plushost.co.uk", to create a valid path. Put this script (phpwrapper.cgi), including the shebang line, in your cgi-bin folder and make it executable (755).
Then, add these lines to the end of the .htaccess file in your httpdocs folder (if you don't already have one, write one), replacing "yourfolder" with the name of the folder (within httpdocs) in which you want to use the CGI version of PHP. This will then work for all subfolders, so long as they don't contain .htaccess files that override the one in httpdocs.
rewriteEngine on
rewriteCond %{query_string} ^(.*)$
rewriteRule ^yourfolder.*/[^/]*\.php$ cgi-bin/phpwrapper.cgi?%1
If you want to use both mod_php5 and php5-cgi in the same folder, change "php" to "php5" - then all files with the php extension will still be handled by mod_php and all files with the php5 extension will be handled by the cgi wrapper.
If you want to use php5-cgi in more folders, just repeat the last two lines (the condition and the rule), replacing "yourfolder" with a different folder. Keep the "
" each time because it only terminates when a match is made.
(NB, In this example, the request URI must contain the named folder.)
You still won't be able to install PHP apps that require safe-mode-off straight from the Plesk panel, because that will still see safe-mode-on for mod_php5.
edit: security update added 19/02/09
Gabe
