FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 10-09-2012, 01:08 AM
Tim
 
Default why is a .txt file being run as a php script?

Mike Wright:
>> For further head explosion refer please refer to
>> http://httpd.apache.org/docs/2.2/content-negotiation.html

Tom Horsley:
> That was the one that made my head explode :-).
>
> I have just tried it turning off MultiViews in the
> directory where I have my copy of my web pages and
> by gosh, it does indeed just show me the file now
> instead of running the php script, so even though
> my poor brain can't figure out how the heck what the
> apache docs say about MultiViews could possibly
> cause this, it does indeed appear to be MultiViews
> that is causing it.

Content negotiation allows the webserver to hold multiple different
variations of the same data, and for the webserver and web browser to
negotiate between them as to which will be the best version to offer.

That could be a web page written in several different languages (each
actual version being a different file), and your browser (if you
bothered to configure it properly) will state what languages you can
read, and hopefully the server will offer the best match. That's
relatively simple if there's just one match (e.g. English), becoming
more complicated if there's several matches. In that case, there's a
weighting applied. Supposedly, the author can score the pages, so that
one version is promoted as the best, and other's lesser (e.g. their
skills in that language aren't as good, or they used an auto-translater,
so that that page may be harder to understand). And supposedly the web
browser can score your list of languages that you can read. However,
I've yet to see a browser do that, it just seems to let you sort the
order of the languages in the list, and the top of the list is
supposedly considered best. I've yet to see an example of how the page
author can score their pages, short of making explicit configurations of
the webserver, per page.

And, it can negotiation be for different file types. I could offer
downloads of a document in PDF, ODT, DOC, or just TXT, and between the
server and the browser working it out, they'd hopefully offer you the
best choice (as outlined in the language discussion, above, some
weighting automatically picks the best choice). Likewise, I could offer
you JPEGs, or GIFs, or PNGs, of the same image, and hopefully offer you
the best choice. Unfortunately, with these sorts of negotiated
offerings, the usual consideration seems to be merely be picking the
smallest size file. And most browsers default configuration says that
they'll accept ANY type of file, never mind if that file is actually
supported on your system. So you can still get offered file types that
you can't actually use.

In any case, language or file type of negotiation, the server uses the
filename as part of the process. Particularly the file suffix. And
multiple file suffixes are allowed. i.e. example.php.txt is a PHP file
(to be treated as a PHP file), *AND* a text file. As you've found out,
there are problems when you use file suffixes with competing purposes.

For fun and games, you could see what happens with example.jpg.txt and
example.txt.jpg, with images and text files tried with either names.
Similar games with example.html.txt and example.txt.html can be rather
confusing (serving HTML or plain text). Even more so when you try to
browse using a non-compliant browser, like MSIE, which pays scant
attention to the MIME type sent by the server, and snoops at the file
data content, instead. Hence, the many misconfigured web servers that
seem to work, because the webmaster knows not what they're doing. And
hence the many infected Windows machine, because the browser executed
the executable program that was deliberately sent to the browser with a
safe MIDI filetype description, the browser allowing such a safe thing,
then automatically doing what it does with the executable program that
it found, instead.

But, if you're not using content negotiation, and you don't appear to
be, and most people probably do not use it. You can, and probably
should, disable the feature. It'll mean less work for the server, and
less chance of surprises.

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-09-2012, 02:36 AM
David G. Miller
 
Default why is a .txt file being run as a php script?

Tom Horsley <horsley1953 <at> gmail.com> writes:

>
> On my local system I have apache running so I can test web pages
> before I upload them to my ISP.
>
> I have a sample .php script which I explicitly named with
> a .php.txt suffix so it would be treated as a plain text
> file, not a php script.
>
> Yet apache is clearly running the php script rather than just
> uploading the plain text copy of the script when I click
> on the link to the .php.txt file.
>
> Anyone have any clue what is causing this to happen?
> I can't imagine this is something that would be desirable
> behavior .
>
> I made it stop by turning off php completely in the
> subdirectory holding the pages, but I still what to
> understand what on earth was making it run the script
> in the first place.

Just guessing but what is the first line of the file? It's probably:

<?php

Apache reads the file, hits the <?php line and processes it as a php file. It's
a feature. *nix (not just Linux) don't use the file extension to determine what
to do with a file.

Cheers,
Dave

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-09-2012, 06:42 AM
Gordon Messmer
 
Default why is a .txt file being run as a php script?

On 10/08/2012 04:32 PM, Tom Horsley wrote:

I have just tried it turning off MultiViews in the
directory where I have my copy of my web pages and
by gosh, it does indeed just show me the file now
instead of running the php script, so even though
my poor brain can't figure out how the heck what the
apache docs say about MultiViews could possibly
cause this, it does indeed appear to be MultiViews
that is causing it.


MultiViews isn't enabled anywhere except for /icons in the default
configuration, but the standard behavior is exactly as you originally
described. You might want to verify that your browser isn't showing you
a cached version of the server's response.


I just checked one of the few systems where I run php, and I'm certain
that MultiViews does not cause the behavior that you described.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-09-2012, 06:46 AM
Gordon Messmer
 
Default why is a .txt file being run as a php script?

On 10/08/2012 06:08 PM, Tim wrote:

Content negotiation allows the webserver to hold multiple different
variations of the same data, and for the webserver and web browser to
negotiate between them as to which will be the best version to offer.


According to the documentation and to tests, MultiViews does not
interact with AddHandler. Apache documents that files may have multiple
extensions, regardless of the setting of MultiViews.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-09-2012, 06:48 AM
Gordon Messmer
 
Default why is a .txt file being run as a php script?

On 10/08/2012 07:36 PM, David G. Miller wrote:

Just guessing but what is the first line of the file? It's probably:

<?php

Apache reads the file, hits the <?php line and processes it as a php file. It's
a feature. *nix (not just Linux) don't use the file extension to determine what
to do with a file.


That is also wrong. Apache uses the AddHandler directive and file
extensions to decide whether or not a handler should process a file.
The php will only process files that have .php as one of their
extensions in the default configuration. Thus, you can have a file
named "sample.txt" which started with "<?php", and it will be served as
unmodifed text.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 04:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org