[ale] file name extension per Apache
Warren Myers
volcimaster at gmail.com
Wed Jan 24 10:07:22 EST 2007
.phps is supposed to be the php source extension - so I suppose the smart
thing may be to pick a totally new extension -
perhapsfilename-<oldext>.<newext>
WMM
On 1/24/07, Jerry Yu <jjj863 at gmail.com> wrote:
>
> yes, both are mod_php (modules/libphp5.so and modules/libphp4.so for FC6
> and CentOS4, respectively). Do you mean mod_php was too aggressive instead
> of Apache on matching file extension (.php) ? To me, Apache should be the
> one to determine whether a file's name extension satisfies what specified in
> the 'AddHandler' directive before passing the ball mod_php to handle it.
>
> On these two test servers, files w/o extension or containing no (.php) at
> all will be displayed as text/plain. Maybe the do-less-harm security rule
> kicked in? It is hard to choose between revealing your source code (from
> important.php.old) and executing an obsolete copy of important.php?
>
>
>
> On 1/24/07, Warren Myers < volcimaster at gmail.com> wrote:
> >
> > Your Apache conf is probably set to read .php* through mod_php. I've
> > noticed some installs of Apache will even just guess if you put in filename
> > (no extension) and run the filename.ext.
> >
> > WMM
> >
> > On 1/24/07, Jerry Yu <jjj863 at gmail.com> wrote:
> > >
> > > I did a backup of a PHP file under Apache's DocumentRoot. To my
> > > surprise, both Apache 2.0/CentOS4 (AddType) and Apache 2.2/FC6
> > > (AddHandler) executes the backup file (test.php.20070123). Thus comes
> > > a question, what is considered to be the extension for a name like
> > > a.b.c.d.e.f Should it be b|b.c|b.c.d|b.c.d.e|b.c.d.e.f or either?
> > >
> > > http://localhost/test.php.20070123
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > >
> > >
> >
> >
> > --
> > http://warrenmyers.com
> > "God may not play dice with the universe, but something strange is going
> > on with the prime numbers." --Paul Erd?s
> > "It's not possible. We are the type of people who have everything in our
> > favor going against us." --Ben Jarhvi, Short Circuit 2
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
--
http://warrenmyers.com
"God may not play dice with the universe, but something strange is going on
with the prime numbers." --Paul Erd?s
"It's not possible. We are the type of people who have everything in our
favor going against us." --Ben Jarhvi, Short Circuit 2
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ale
mailing list