[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible release note for systems running PHP through CGI.

On Tue, 21 Aug 2012 09:48:37 +0200
Ondřej Surý <ondrej@debian.org> wrote:

> >> The mime-types package has dropped non-standard definitions of
> >> PHP MIME-Types as a security measure.  Default PHP configuration
> >> for libapache2-mod-php5{filter} and php5-cgi now only serve files
> >> which have .php, .php[345] and .phtml extensions on a most right
> >> place as opposed to previous state where <filename>.php.foobar
> >> would have been interpreted.  Please read NEWS file in the PHP
> >> SAPI of your choice for further information.
> >
> > I fail to parse that "on a most right place" bit though I'm not a
> > native speaker.  If you meant that those extension specifications
> > form a minimal sane and safe subset, may be just go ahead and write
> > exactly that. ;-)
> Nope I mean that the extension should be last.
> E.g.  index.blah.php, but not index.php.blah.
Thanks for the explanation.

Then I suggest it to be rephrased "... extensions on the rightmost
place ...", or may be even simpler: "... php5-cgi now only serves files
which have .php, .php[345] or .phtml as their rightmost extension ...".

Reply to: