Re: Possible release note for systems running PHP through CGI.
On Tue, 21 Aug 2012 09:48:37 +0200
Ondřej Surý <ondrej@debian.org> wrote:
[...]
> >> The mime-types package has dropped non-standard definitions of
> >> PHP MIME-Types as a security measure. Default PHP configuration
> >> for libapache2-mod-php5{filter} and php5-cgi now only serve files
> >> which have .php, .php[345] and .phtml extensions on a most right
> >> place as opposed to previous state where <filename>.php.foobar
> >> would have been interpreted. Please read NEWS file in the PHP
> >> SAPI of your choice for further information.
> >
> > I fail to parse that "on a most right place" bit though I'm not a
> > native speaker. If you meant that those extension specifications
> > form a minimal sane and safe subset, may be just go ahead and write
> > exactly that. ;-)
>
> Nope I mean that the extension should be last.
>
> E.g. index.blah.php, but not index.php.blah.
Thanks for the explanation.
Then I suggest it to be rephrased "... extensions on the rightmost
place ...", or may be even simpler: "... php5-cgi now only serves files
which have .php, .php[345] or .phtml as their rightmost extension ...".
Reply to: