Hello,
It seems with the migration of spip code to gitlab yet again the URL of the ecran_securite file has changed.
This used to work:
curl -f https://git.spip.net/spip-contrib-outils/securite/raw/branch/master/ecran_securite.php -o /var/www/html/config/ecran_securite.php
But after the migration, the URL of ecran_securite has slightly changed.
Now from this page: Écran de sécurité - SPIP
I can see the URL should be
Error 403: Forbidden
Hence this would be the correct cronjob:
curl -L -f https://git.spip.net/spip-contrib-outils/securite/-/raw/master/ecran_securite.php -o /var/www/html/config/ecran_securite.php
Another option (as adjusted above for future changes of this URL) is to add to the curl line the option -L
curl -L
So that the redirect is followed. Without it, it will result in an ecran_securite with the following contents, which are then included to every spip page.
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
And as it is I am not sure how this approach would need to be modified:
This seems to be the best approach to prevent faulty ecran_securite.php files from being installed by cron.
I think a proper documentation should be provided on the ecran_securite page to use curl -L. There should also be an way to not complete the download when there is an error 5x, 4x, 3x, which has been an issue before (5xx error page that was shown but without a 5xx header, hence the file was still downloaded).