Tags

, , , ,

You may have noticed the source files’ view links give you a colorized view of the source code. That is done with SyntaxHighlighter v3.0.83.

You may also have noticed how all the view links end with ...?view. That is caught by Apache; it translates all requests ending with ?view to what you actually get to see.

Here’s how.

the /src/ folder

To start with, the ?view parameter must only work under a specific path, in my case the /src/ path.

Most source file extensions will be ‘safe’, but what about .php sources? By default the server will try to run those, so I have to make sure to never put run-able code in /src/ (ie. php,cgi,etc) that needs… running. This is because that code could be a potential information leak. Meaning: any .php file that would normally be ‘run’ may have sensitive info (ie. db logins) that would then be view-able by everyone in the source viewer.

So, the intention is to not run anything under /src/.

Something like this:

php_flag engine off
 and/or
RemoveHandler .php
 and/or
RemoveType .php
 and don't forget something like this:
RemoveHandler .pl
 and/or
RemoveType .pl

takes care of .php and .pl in Apache. All of them together are fine on my host (no errors or warnings).

Of course an even safer precaution is to always make sure the .php with ‘sensitive’ info is outside the www-root paths (and to include them into run-able code from there), but that’s another discussion.

RewriteEngine allows a browser request to result in something different than the ‘obvious’ fetching (or running) of the file in http://www.example.com/example.file

I chose to ‘redirect’ the browser to the source viewer whenever a URL ended with ?view so it was easy to remember.

I also added an extra ?download rule that simply forces the file to be downloaded — but the regular URL (without either ?view or ?download) should permit browsers to download the file as well. The download redirect will allow me to add an event handler upon download — ie. a php-based hit counter or whatever — in the future.

The .htaccess file in /src/ may look something like this:

Options +FollowSymlinks
php_flag engine off
RemoveHandler .php
RemoveType .php
RemoveHandler .pl
RemoveType.pl

RewriteEngine on
RewriteBase /src/

RewriteCond %{QUERY_STRING} =view
RewriteRule ^(.+)$ /view/sourceview.php?file=$1
RewriteCond %{QUERY_STRING} =download
RewriteRule ^(.+)$ /view/download.php?file=$1

The server applies the rules in this .htaccess to the /src/ folder and all its sub-folders.

Apache will silently redirect the request to this php script:

sourceview.php (view | download) — it’s a bit paranoid, but a I like paranoid.

download.php is just a simple forced downloader right now…

It is worth noting that there is a known bug that annoyed me in SyntaxHighlighter’s handling of multi-line comments, but it was easy to fix.

As for the look & feel; the source code coloring is not my doing — that comes from SyntaxHighlighter and its shThemeEmacs.css theme — but the panel arrangement look is.

It is just some pretty CSS. It all comes together nicely because of this one almost-magical CSS3 property…

box-sizing: border-box;

Without that, it’s all a mess! If the sources page looks broken to you, that probably means your browser is very outdated and it’s time to upgrade to a newer version! 😉

I’ve tested it with Chrome 16.x, Opera 11.x, Firefox 9.x and even IE 9.x and it looks good on all of them.

Enjoy!

Advertisements