fix: add league/climate dependency and fix .htaccess for Mautic 5.2#176
fix: add league/climate dependency and fix .htaccess for Mautic 5.2#176edouard-mangel wants to merge 6 commits into
Conversation
Add template files for Mautic 5.2.x:
- libraries.css: append CSS variable overrides for --primary-60/--primary-70
- head.html.twig: use {{company_name}} in default page title
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add league/climate ^3.4 and psr/log ^1.0 to composer.json so CLI whitelabeling works out of the box - Update .htaccess to disable RewriteEngine and allow PHP files so the tool is accessible when placed inside a Mautic installation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR aims to make the whitelabeler usable out of the box in Mautic 5.2.x by ensuring required PHP dependencies are present for the CLI tooling and by adjusting the whitelabeler directory’s Apache behavior to avoid Mautic’s upstream PHP-deny rules.
Changes:
- Added
league/climateandpsr/logto the root Composer requirements and updated the lockfile/vendor artifacts accordingly. - Updated the whitelabeler
.htaccessto disable rewriting and explicitly allow PHP execution, plus harden directory indexing behavior. - Added Mautic 5.2 Twig template overrides under
templates/5.2/.
Reviewed changes
Copilot reviewed 7 out of 153 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| composer.json | Adds league/climate and psr/log to root requirements. |
| composer.lock | Locks dependency set including league/climate and psr/log versions and constraints. |
| .htaccess | Adjusts Apache behavior to avoid inherited deny rules and prevent directory listing. |
| .gitignore | Adds .worktrees/ ignore entry. |
| templates/5.2/app/bundles/UserBundle/Resources/views/Security/base.html.twig | Adds Mautic 5.2 login template override with whitelabel placeholders. |
| templates/5.2/app/bundles/CoreBundle/Resources/views/LeftPanel/index.html.twig | Adds Mautic 5.2 sidebar/left-panel template override with whitelabel placeholders. |
| templates/5.2/app/bundles/CoreBundle/Resources/views/Default/head.html.twig | Adds Mautic 5.2 head/title template override with whitelabel placeholders. |
| templates/5.2/app/bundles/CoreBundle/Resources/views/Default/base.html.twig | Adds Mautic 5.2 base layout override with whitelabel placeholders. |
| vendor/** | Updates/introduces vendored dependencies and Composer autoload/runtime checks to match the new requirements. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| RewriteEngine Off | ||
|
|
||
| # deny from all | ||
| # Allow PHP files in this directory | ||
| <FilesMatch "\.php$"> | ||
| Order allow,deny | ||
| Allow from all | ||
| </FilesMatch> |
There was a problem hiding this comment.
RewriteEngine Off is used without an <IfModule mod_rewrite.c> guard, which can cause a 500 error on servers where mod_rewrite is not enabled. Also, the access control inside <FilesMatch> uses the Apache 2.2-style Order/Allow directives; on Apache 2.4 this will 500 unless mod_access_compat is enabled. Consider wrapping the rewrite directive in <IfModule mod_rewrite.c> and using Apache 2.4 Require all granted (optionally with an Apache 2.2 fallback) so the whitelabeler is accessible across common Mautic 4.2+/5.2 environments.
| # Allow PHP files in this directory | ||
| <FilesMatch "\.php$"> | ||
| Order allow,deny | ||
| Allow from all | ||
| </FilesMatch> | ||
|
|
||
| <IfModule mod_rewrite.c> | ||
| RewriteEngine Off | ||
| </IfModule> No newline at end of file | ||
| Options -Indexes | ||
| DirectoryIndex index.php |
There was a problem hiding this comment.
This change removes the previously documented deny from all toggle for locking down the whitelabeler directory after use. If the intent is to keep the directory publicly accessible, the README step about re-enabling the deny rule should be updated; otherwise, consider keeping a commented-out deny rule (or an equivalent Require all denied) so users can easily disable public access after whitelabeling.
| <!DOCTYPE html> | ||
| <html> | ||
| {{ include('@MauticCore/Default/head.html.twig', { | ||
| headerTitle: block('headerTitle') is defined ? block('headerTitle') : headerTitle|default(''), | ||
| pageTitle: block('pageTitle') is defined ? block('pageTitle') : '{{company_name}}', | ||
| }) | ||
| }} | ||
| <body class="header-fixed"> | ||
| <section id="app-wrapper"> | ||
| {{ outputScripts('bodyOpen') }} |
There was a problem hiding this comment.
The new templates/5.2 directory only adds Twig templates, but whitelabeler.php also reads versioned CSS/JS templates (e.g. templates/<version>/app/bundles/CoreBundle/Assets/css/app.css, .../libraries.css, and templates/<version>/app/bundles/CoreBundle/Assets/js/1a.content.js). If those 5.2 template files are missing, file_get_contents() will return false and the subsequent str_replace()/file writes can produce empty/invalid Mautic assets. Add the required 5.2 CSS/JS templates (or implement a fallback to the closest supported version) to avoid breaking Mautic 5.2 installs.
| "require": { | ||
| "chrisjean/php-ico": "^1.0", | ||
| "components/font-awesome": "4.7.0" | ||
| "components/font-awesome": "4.7.0", | ||
| "league/climate": "^3.4", | ||
| "psr/log": "^1.0" | ||
| }, |
There was a problem hiding this comment.
Root composer.json now requires league/climate, which (per the lockfile/vendor platform checks) effectively requires PHP >= 7.3. To make this constraint explicit for users running composer install (and to avoid confusing runtime failures when using the bundled vendor/), consider adding an explicit "php" requirement to the root composer.json that matches the locked platform constraint.
…t bugs
- Restore deny from all security mechanism in .htaccess so users can
lock down the directory after whitelabeling (per README instructions)
- Remove insecure Allow from all FilesMatch block that exposed phpinfo.php,
cli.php, and compare.php to the web
- Fix {{$logo_bg}} typo in libraries.css replacement (was never replaced)
- For Mautic 5.2+: append CSS override block to existing app.css and
libraries.css instead of overwriting the entire file, preventing stale
CSS from overwriting Mautic updates
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…CSS append - Return error if template CSS is missing the override sentinel comment instead of silently appending nothing and reporting success - Check file_get_contents return value before use; return error if the live CSS file cannot be read (e.g. permission denied), preventing file_put_contents from writing only the override block and destroying the existing CSS - Add targeted Allow for index.php and view.php in .htaccess so the web UI works on Apache installs where Mautic denies PHP access in subdirectories; CLI-only files (cli.php, compare.php, phpinfo.php) remain inaccessible from the web Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Summary
league/climate ^3.4andpsr/log ^1.0tocomposer.jsonso the CLI whitelabeler works out of the box (was crashing withClass "League\CLImate\CLImate" not found).htaccessto disableRewriteEngineand explicitly allow PHP files, fixing the 403 Forbidden error when accessing the tool inside a Mautic 4.2+ installationContext
Tested against a Mautic 5.2.10 instance. Without these fixes:
.htaccessPHP deny rules)php cli.phpfails immediately withClass "League\CLImate\CLImate" not foundbecauseleague/climateis referenced incli.phpbut not declared incomposer.jsonBoth issues prevent the tool from being usable out of the box on a fresh clone.
🤖 Generated with Claude Code