Why PHP is parsing not only .php
Hello.
Please, take a look at this:
http://www.milc.com.pl/aa.php.txt
Why PHP is parsing file with ".php.txt" extension? I think that is a
security hole, because in easy way we can imagine that thereis php
script that should allow to upload only .txt files. 99% of coders will
check this with /.+?\.txt$/ because this is logic, that php script is
everything what ends with ".php".
Is there any way to prevent such a situation that not only /.+?\.php/ is
parsed by PHP?
If you need any additional informations (config files, or something) let
me know, I will send it with pleasure.
--
Bartłomiej Butyn aka Yoss
Nie ma tego złego co by na gorsze nie wyszło.
Reply to: