You down with APP? Yeah you know me! (Oh wait, maybe not on Dreamhost)
2007-12-24 / 14:02 / dave
In a combined quest to edit this blog from Emacs and stay super-cool, I’ve been trying to get atompub working on Wordpress 2.3.1 hosted on Dreamhost.
Will it work? Will I master the Atompub standard? Am I typing this in the world’s best editor?
Spoiler: NO
Read on for the thrilling details…
All I need to do is get to the damn URL
I started with the Wordpress AtomPub page in the Codex which recommends testing with Tim Bray’s APE. Time to first error: 5 seconds.
A typo in the codex said the end point was http://[Blog URL]/wp-app.php service. Er, that’s probably not a space, huh? I do the right thing and fix it.
The right URL still gave either a 404 or the extremely helpful “No input file specified” (I forget which condition produced which). Googling for “No input file specified” brought up this helpful number. I had already checked that Dreamhost was running PHP as CGI, so the error means that something is not getting forwarded right.
Well it looks like Wordpress Atompub might not work with PHP4, so I switched Dreamhost to PHP5:
Now I can surf to the URL and, thanks to the magic of the “cookies give you permission” hack inside wp-app.php and
<?xml version="1.0" encoding="utf-8" ?>
<service xmlns="http://www.w3.org/2007/app" xmlns:atom="http://www.w3.org/2005/Atom">
<workspace>
<atom:title>WordPress Workspace</atom:title>
<collection href="http://ndanger.org/blog/wp-app.php/posts">
<atom:title>WordPress Posts</atom:title>
<accept>application/atom+xml;type=entry</accept>
<categories href="http://ndanger.org/blog/wp-app.php/categories" />
</collection>
<collection href="http://ndanger.org/blog/wp-app.php/attachments">
<atom:title>WordPress Media</atom:title>
<accept>image/*</accept>
<accept>audio/*</accept>
<accept>video/*</accept>
</collection>
</workspace>
</service>
Hooray!
Mere steps away
Predictably, APE gives me an authorization error
That’s covered in the codex. Unfortunately, neither the “HTTP Authentication with PHP” suggestion the codex links to or Joseph Scott’s get hack works.
Time to turn on logging in wp-app.php, and tail -f wp-app.log.
Maybe the rewrite rule isn’t getting applied? A test–by forwarding to my about page–works, so the rule is getting applied. Maybe the environment hacking isn’t working, so I redirect to a test script:
<?
$agent = $_SERVER['HTTP_USER_AGENT'];
$ip = $_SERVER['REMOTE_ADDR'];
$port = $_SERVER['REMOTE_PORT'];
$d = date ('dS \of F Y h:1:s A');
$ha = $_SERVER['HTTP_AUTHORIZATION'];
echo "Your IP : $ip<br>";
echo "You are using : $agent<br>";
echo "You are connected through port : $port<br>";
echo "Today is : $d<br>";
echo "HTTP_AUTHORIZATION : $ha<br>";
echo "<br>_SERVER:<br>";
foreach ($_SERVER as $key => $value) {
echo "$key: $value<br>";
}
echo "<br>_ENV:<br>";
foreach ($_ENV as $key => $value) {
echo "$key: $value<br>";
}
echo "<br>_GET:<br>";
foreach ($_GET as $key => $value) {
echo "$key: $value<br>";
}
?>
Both hacks seem to work in theory, except that the header I need–HTTP_AUTHORIZATION–seems to be absent, even if I use curl to manually set the headers using the example in the RFC.
More googling turns up the blocking of BasicAuth in WinXP SP2. Enable that. Nothing.
By now it’s 4 am and I’m still starting at a 404, so I post to the Dreamhost support forums.
And you got an answer, right?
Nah. That was all 3 days ago, so now I submitted a help ticket to the support staff. Have’t heard anything back yet, but that’s probably because I marked it as “Hey, it’d be nice, but it’s not holding me up”.
Anyone got any suggestions? I was going to set up a test directory and see if Apache’s .htaccess authentication–in BasicAuth mode–works.
In the meantime I’ll try out XML-RPC… it looks like there’s even an Emacs package.
UPDATE:
Heard back from dreamhost:
Hello,
Unfortunately, I’m not sure what would cause this, however, we can’t
really provide support for custom scripting, or custom mod_rewrite rules.
Sorry about that.If you need anything else, please let us know.
Thanks!
Brian
i was quite surprised when i put that script on my server and viewed it with a browser.
not only did it expose the ip that i was ssh’ed in on my local net, but also the /dev/tty
and possibly much more to my surprise, it also expozerd my super sekret tcp port that i’m running ssh on to avoid constant hammering by hostile ssh exploit scans.
yuo basically pwnerd my site, d00d. all your base…
Whoa, sorry to pwn you dude. Anyway, I moved mine to a protected directory… not that I’m running on a top secret port, but hey, might as well be safe.
Have you had any more progress here? I’ve pretty much run into the same problem trying to get HTTP auth credentials via PHP at Dreamhost. The one thing that did work was the GET suggestion at http://labs.spaceshipnofuture.org/icky/HTTP%20authentication%20with%20PHP-CGI/. I wasn’t sure if that was kosher, though.
Tim:
Thanks for the link! That looks promising. As far as “kosher”, I don’t see it being different than the POST hack or even sending the actual header for that matter. It it’s not on
httpsI think it’s all easily sniffable. But I’m not an HTTP expert.Anyway, if I get some free time I’ll try it out on Wordpress and, with luck, write a “hot damn, that worked” post :)
I haven’t made any progress: I tried using Weblogger.el to access the XML-RPC interface but had elisp problems (cygwin XEmacs). I now use ViewSourceWith to edit in XEmacs when needed.
OK. I e-mailed support tonight to see if they can confirm the cause of the problem, which might help us find a work-around. I suspect it has something to do with the suEXEC setup.
Thanks Tim, let me know.
After a lot of back and forth, Dreamhost Support is unwilling to look any further than the PHP HTTP Auth documentation, which says PHP HTTP Auth variables won’t work when running PHP as CGI. Their recommendation was to run PHP as an Apache module.
Disappointing, but thanks a lot for looking into it. Unfortunately I still haven’t gotten around to trying the GET hack in anger. I’ll comment here when I do (I see you’re subscribed).
Sounds good!