why is a .txt file being run as a php script?
On my local system I have apache running so I can test web pages
before I upload them to my ISP. I have a sample .php script which I explicitly named with a .php.txt suffix so it would be treated as a plain text file, not a php script. Yet apache is clearly running the php script rather than just uploading the plain text copy of the script when I click on the link to the .php.txt file. Anyone have any clue what is causing this to happen? I can't imagine this is something that would be desirable behavior :-). I made it stop by turning off php completely in the subdirectory holding the pages, but I still what to understand what on earth was making it run the script in the first place. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
On 10/08/2012 11:08 AM, Tom Horsley wrote:
Anyone have any clue what is causing this to happen? I can't imagine this is something that would be desirable behavior :-). What are the permissions on the file? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
Am 08.10.2012 20:08, schrieb Tom Horsley:
> On my local system I have apache running so I can test web pages > before I upload them to my ISP. > > I have a sample .php script which I explicitly named with > a .php.txt suffix so it would be treated as a plain text > file, not a php script. > > Yet apache is clearly running the php script rather than just > uploading the plain text copy of the script when I click > on the link to the .php.txt file this is widely known and caused by the "MultiViews" option and can also lead to execute PHP if images conatin code and saved with .php.gif Options -MultiViews -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
Am 08.10.2012 20:12, schrieb Joe Zeff:
> On 10/08/2012 11:08 AM, Tom Horsley wrote: >> Anyone have any clue what is causing this to happen? >> I can't imagine this is something that would be desirable >> behavior :-). > > What are the permissions on the file? apache/php is not interesed at all in execute-flags this is widely known and caused by the "MultiViews" option and can also lead to execute PHP if images contain code and saved with .php.gif you can simply add php-code at the end of a image without break image display - this is a know exploit vector for uploaded images Options -MultiViews -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
On 10/08/2012 11:18 AM, Reindl Harald wrote:
apache/php is not interesed at all in execute-flags this is widely known and caused by the "MultiViews" option and can also lead to execute PHP if images contain code and saved with .php.gif Not by me, because I've never worked with them. I sit corrected, and will try to remember it in the future. BTW, for some weird reason, Thunderbird wanted to send this back to you and you alone, not the list even though you sent the message to the list. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
> this is widely known and caused by the "MultiViews" option
> and can also lead to execute PHP if images conatin code > and saved with .php.gif But when I read the docs for that (which, by the way, make my head want to explode) it sounds like MultiViews is something that will try to find a different file if the requested one doesn't exist, but I'm *requesting* the .php.txt file and it does exist, so I'm still confused, but when I get home I'll try re-enabling php and turning off MultiViews and see what happens. Thanks. P.S. I'm not sure "widely known" is a phrase that should ever be used with anything on linux :-). -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
On 10/08/2012 11:46 AM, Reindl Harald wrote:
Am 08.10.2012 20:36, schrieb Joe Zeff: On 10/08/2012 11:28 AM, Reindl Harald wrote: because i am still moderated on teh list and since MANY DAYS people decided to moderate DO NOT DO THEIR JOB and release any message You have my sympathy. Granted, you sometimes sound like you're jumping up and down and tearing your hair out, but even when you're at your most irate you don't go out of your way to make trouble. And, even though you and I don't always get along, I've always respected your knowledge. I don't have to like you to learn from you. reply this to the list maybe the moderators are reading sometimes there :-) That's a good idea. Frankly, I can't understand why you've been moderated in the first place unless somebody malicious made an unfounded complaint. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
10/08/2012 11:39 AM, Tom Horsley wrote:
this is widely known and caused by the "MultiViews" option and can also lead to execute PHP if images conatin code and saved with .php.gif But when I read the docs for that (which, by the way, make my head want to explode) it sounds like MultiViews is something that will try to find a different file if the requested one doesn't exist, but I'm *requesting* the .php.txt file and it does exist, so I'm still confused, but when I get home I'll try re-enabling php and turning off MultiViews and see what happens. Pleasure to offer some help, Tom. I've been struggling/learning with Apache for many years. It is a very powerful tool. MultiViews has to do with a thing called "Content Negotiation". Helpful in multilingual situations where it may be desired to return something in a specific language, whether content or error pages. *Very clever people could think up other uses* Unfortunately it can match and grab the wrong files if allowed to roam or is not properly tethered. Only enable MultiViews for resources that absolutely require them. Make sure to specify the Directory, Location, or File directives when using it. For further head explosion refer please refer to http://httpd.apache.org/docs/2.2/content-negotiation.html Thanks. P.S. I'm not sure "widely known" is a phrase that should ever be used with anything on linux :-). LOL -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
On 10/08/2012 11:08 AM, Tom Horsley wrote:
I have a sample .php script which I explicitly named with a .php.txt suffix so it would be treated as a plain text file, not a php script. Yet apache is clearly running the php script rather than just uploading the plain text copy of the script when I click on the link to the .php.txt file. In the default configuration, .php.txt will use the php handler, because .php is still of the file's extensions. Instead of adding .txt (and thus adding a second extension), replace .php with .txt. http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler The extension argument is case-insensitive and can be specified with or without a leading dot. Filenames may have multiple extensions and the extension argument will be compared against each of them. http://httpd.apache.org/docs/2.2/mod/mod_mime.html#multipleext For example, if you wish to have the file foo.html.cgi processed as a CGI script, but not the file bar.cgi.html, then instead of using AddHandler cgi-script .cgi, use <FilesMatch .cgi$> SetHandler cgi-script </FilesMatch> -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
why is a .txt file being run as a php script?
On Mon, 08 Oct 2012 13:20:27 -0700
Mike Wright wrote: > For further head explosion refer please refer to > http://httpd.apache.org/docs/2.2/content-negotiation.html That was the one that made my head explode :-). I have just tried it turning off MultiViews in the directory where I have my copy of my web pages and by gosh, it does indeed just show me the file now instead of running the php script, so even though my poor brain can't figure out how the heck what the apache docs say about MultiViews could possibly cause this, it does indeed appear to be MultiViews that is causing it. Thanks to everyone. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org |
| All times are GMT. The time now is 01:43 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.