[CWB] Upgrade of CQPweb server
Hardie, Andrew
a.hardie at lancaster.ac.uk
Mon Nov 17 15:23:01 CET 2025
I'll answer this one now:
> While going through the current .php files, I found files named like the following examples:
> usr/31/index.php
> usr/4a/index.php
> ...
>
> Do they serve a purpose? They all contain the same line of code:
> <?php exit(1);
>
>>Yes, these are weird. We've got two such subdirectories on our CQPweb server (with different numbers), created 5 years apart.
Short explanation: It's a security plug.
Long explanation:
This directory structure is how user-installed corpora are accessed. The system of directory naming (reflected in the URL) is
... / usr / (hex code of first byte of username) / (username) / (underscore then base-36 ID of corpus)
(why split the accounts up according to first byte? cos I have 40,000+ user accounts on my server)
By default, if a browser accesses a folder, Apache EITHER serves up the "index.html~php~whatever", if there is one, OR otherwise prints the directory's content list.
Therefore, making the byte-code directories (and user directories) content-listable over the web would expose usernames (plus the number of corpora each user has installed).
Having an index.php file that runs but produces nothing - ie "<?php exit(1);" - blocks Apache from serving the folder list. Anyone poking around just gets a blank page.
So whenever one of these folders is created (by a user installing a corpus), it's given such an index.php file.
It's probably better in some abstract sense to fix these issues via Apache config, etc. but that would need to be set up by every server admin separately (and procedure would be different for every web daemon). This way doesn't have that issue.
In retrospect I probably should have made them symlinks rather than separate files though, just for tidiness. Ah well, hindsight's a wonderful thing.
best
Andrew.
-----Original Message-----
From: CWB <cwb-bounces at sslmit.unibo.it> On Behalf Of Stephanie Evert via CWB
Sent: 17 November 2025 13:38
To: CWBdev Mailing List <cwb at sslmit.unibo.it>
Cc: Stephanie Evert <stefanML at collocations.de>
Subject: Re: [CWB] Upgrade of CQPweb server
Hi Stefan,
I can answer some of these points:
> We want to upgrade from Ubuntu 22.04 LTS to 24.04 LTS. Has anyone faced issues with that upgrade? I vaguely remember that an earlier Ubuntu upgrade caused some problems due to changing defaults.
Our CQPweb server runs on Ubuntu 24.04.3. As far as I can remember, we didn't have any major issues during the OS upgrade. However, ...
> We were also thinking about an update of CQPweb (revision 1826, 3.3.17). However, I am somewhat uncertain about the version policy of CQPweb. The website (https://cwb.sourceforge.io/cqpweb.php#install) mentions 3.3.15 as the latest version. Where, in terms of stability, does revision 1826 stand? Is there a more recent revision that provides the same level of stability?
>
> I checked the administrator's manual and could not find any necessary migration steps for 3.3.17 or later. Does that mean that I can simply compare r1826 with the latest SVN revision and merge any changes into the installed .php files?
... we're still on CQPweb v3.2.44 because 3.3 is still considered unstable / incomplete and we didn't have the courage to upgrade. Did you upgrade your server from 3.2 to 3.3 at some point? And if so, did you have major issues due to the upgrade?
> As far as I can see, only Perl will be affected by a major version change. The MySQL version seems to remain the same. I guess that means I'll have to reinstall cwb and cwb-perl from SVN. Our current system (cwb, cwb-perl, CQPweb) is based on revision 1826.
You could also simply install CWB from the .deb-package and cwb-perl from CPAN. Though it's always best to use the latest and least buggy versions from SVN, of course.
> While going through the current .php files, I found files named like the following examples:
> usr/31/index.php
> usr/4a/index.php
> ...
>
> Do they serve a purpose? They all contain the same line of code:
> <?php exit(1);
Yes, these are weird. We've got two such subdirectories on our CQPweb server (with different numbers), created 5 years apart.
Best,
Stephanie
_______________________________________________
CWB mailing list
CWB at sslmit.unibo.it
http://liste.sslmit.unibo.it/mailman/listinfo/cwb
More information about the CWB
mailing list