[ale] file name extension per Apache
Jerry Yu
jjj863 at gmail.com
Wed Jan 24 10:20:26 EST 2007
I wasn't using .phps. On these two test servers, php.conf is unchanged. By
default, .phps handler was commented out too.
On 1/24/07, Warren Myers <volcimaster at gmail.com> wrote:
>
> .phps is supposed to be the php source extension - so I suppose the smart
> thing may be to pick a totally new extension -
> perhapsfilename-<oldext>.<newext>
>
> WMM
>
> On 1/24/07, Jerry Yu <jjj863 at gmail.com> wrote:
> >
> > yes, both are mod_php (modules/libphp5.so and modules/libphp4.so for FC6
> > and CentOS4, respectively). Do you mean mod_php was too aggressive instead
> > of Apache on matching file extension (.php) ? To me, Apache should be the
> > one to determine whether a file's name extension satisfies what specified in
> > the 'AddHandler' directive before passing the ball mod_php to handle it.
> >
> > On these two test servers, files w/o extension or containing no (.php)
> > at all will be displayed as text/plain. Maybe the do-less-harm security rule
> > kicked in? It is hard to choose between revealing your source code (from
> > important.php.old) and executing an obsolete copy of important.php?
> >
> >
> >
> > On 1/24/07, Warren Myers < volcimaster at gmail.com> wrote:
> > >
> > > Your Apache conf is probably set to read .php* through mod_php. I've
> > > noticed some installs of Apache will even just guess if you put in filename
> > > (no extension) and run the filename.ext.
> > >
> > > WMM
> > >
> > > On 1/24/07, Jerry Yu <jjj863 at gmail.com> wrote:
> > > >
> > > > I did a backup of a PHP file under Apache's DocumentRoot. To my
> > > > surprise, both Apache 2.0/CentOS4 (AddType) and Apache 2.2/FC6
> > > > (AddHandler) executes the backup file (test.php.20070123). Thus
> > > > comes a question, what is considered to be the extension for a name like
> > > > a.b.c.d.e.f Should it be b|b.c|b.c.d|b.c.d.e|b.c.d.e.f or either?
> > > >
> > > > http://localhost/test.php.20070123
> > > >
> > > > _______________________________________________
> > > > Ale mailing list
> > > > Ale at ale.org
> > > > http://www.ale.org/mailman/listinfo/ale
> > > >
> > > >
> > >
> > >
> > > --
> > > http://warrenmyers.com
> > > "God may not play dice with the universe, but something strange is
> > > going on with the prime numbers." --Paul Erd?s
> > > "It's not possible. We are the type of people who have everything in
> > > our favor going against us." --Ben Jarhvi, Short Circuit 2
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > >
> > >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> >
>
>
> --
> http://warrenmyers.com
> "God may not play dice with the universe, but something strange is going
> on with the prime numbers." --Paul Erd?s
> "It's not possible. We are the type of people who have everything in our
> favor going against us." --Ben Jarhvi, Short Circuit 2
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ale
mailing list