Re: Why PHP is parsing not only .php
This is expected behaviour... Please see the secion about files with
multiple extensions on the page
http://httpd.apache.org/docs/mod/mod_mime.html#addencoding
---
If more than one extension is given which maps onto the same type of
meta-information, then the one to the right will be used. For example,
if ".gif" maps to the MIME-type image/gif and ".html" maps to the
MIME-type text/html, then the file welcome.gif.html will be associated
with the MIME-type "text/html".
---
You should probably be using the phps extension with the
AddType application/x-httpd-php-source .phps instead of renameing them
to have a .txt extension.
Chris
--- Yoss <bartek@milc.pl> wrote:
> Hello.
> Please, take a look at this:
> http://www.milc.com.pl/aa.php.txt
>
> Why PHP is parsing file with ".php.txt" extension? I think that is a
> security hole, because in easy way we can imagine that thereis php
> script that should allow to upload only .txt files. 99% of coders
> will
> check this with /.+?\.txt$/ because this is logic, that php script is
> everything what ends with ".php".
> Is there any way to prevent such a situation that not only /.+?\.php/
> is
> parsed by PHP?
> If you need any additional informations (config files, or something)
> let
> me know, I will send it with pleasure.
>
> --
> Bart³omiej Butyn aka Yoss
> Nie ma tego z³ego co by na gorsze nie wysz³o.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to: