Re: Why PHP is parsing not only .php

To: debian-security@lists.debian.org
Subject: Re: Why PHP is parsing not only .php
From: Bart-Jan Vrielink <bartjan@vrielink.net>
Date: 03 Apr 2003 15:01:00 +0200
Message-id: <[🔎] 1049374859.734.24.camel@zarniwoop.dontpanic.nl>
In-reply-to: <[🔎] 20030403104344.GA24477@milc.com.pl>
References: <[🔎] 20030403104344.GA24477@milc.com.pl>

On Thu, 2003-04-03 at 12:43, Yoss wrote:

> Why PHP is parsing file with ".php.txt" extension? I think that is a
> security hole, because in easy way we can imagine that thereis php
> script that should allow to upload only .txt files. 99% of coders will
> check this with /.+?\.txt$/ because this is logic, that php script is
> everything what ends with ".php". 
> Is there any way to prevent such a situation that not only /.+?\.php/ is
> parsed by PHP?
> If you need any additional informations (config files, or something) let
> me know, I will send it with pleasure.

Did you enable content negotiation ?? If yes, then that is likely to
cause your problem.

-- 
Tot ziens,

Bart-Jan

Reply to:

References:
- Why PHP is parsing not only .php
  - From: Yoss <bartek@milc.pl>

Prev by Date: Why PHP is parsing not only .php
Next by Date: Re: Why PHP is parsing not only .php
Previous by thread: Why PHP is parsing not only .php
Next by thread: Re: Why PHP is parsing not only .php
Index(es):
- Date
- Thread