FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 10-08-2012, 06:08 PM
Tom Horsley
 
Default why is a .txt file being run as a php script?

On my local system I have apache running so I can test web pages
before I upload them to my ISP.

I have a sample .php script which I explicitly named with
a .php.txt suffix so it would be treated as a plain text
file, not a php script.

Yet apache is clearly running the php script rather than just
uploading the plain text copy of the script when I click
on the link to the .php.txt file.

Anyone have any clue what is causing this to happen?
I can't imagine this is something that would be desirable
behavior :-).

I made it stop by turning off php completely in the
subdirectory holding the pages, but I still what to
understand what on earth was making it run the script
in the first place.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 06:12 PM
Joe Zeff
 
Default why is a .txt file being run as a php script?

On 10/08/2012 11:08 AM, Tom Horsley wrote:

Anyone have any clue what is causing this to happen?
I can't imagine this is something that would be desirable
behavior :-).


What are the permissions on the file?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 06:14 PM
Reindl Harald
 
Default why is a .txt file being run as a php script?

Am 08.10.2012 20:08, schrieb Tom Horsley:
> On my local system I have apache running so I can test web pages
> before I upload them to my ISP.
>
> I have a sample .php script which I explicitly named with
> a .php.txt suffix so it would be treated as a plain text
> file, not a php script.
>
> Yet apache is clearly running the php script rather than just
> uploading the plain text copy of the script when I click
> on the link to the .php.txt file

this is widely known and caused by the "MultiViews" option
and can also lead to execute PHP if images conatin code
and saved with .php.gif

Options -MultiViews

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 06:18 PM
Reindl Harald
 
Default why is a .txt file being run as a php script?

Am 08.10.2012 20:12, schrieb Joe Zeff:
> On 10/08/2012 11:08 AM, Tom Horsley wrote:
>> Anyone have any clue what is causing this to happen?
>> I can't imagine this is something that would be desirable
>> behavior :-).
>
> What are the permissions on the file?

apache/php is not interesed at all in execute-flags

this is widely known and caused by the "MultiViews" option
and can also lead to execute PHP if images contain code
and saved with .php.gif

you can simply add php-code at the end of a image without
break image display - this is a know exploit vector for
uploaded images

Options -MultiViews

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 06:26 PM
Joe Zeff
 
Default why is a .txt file being run as a php script?

On 10/08/2012 11:18 AM, Reindl Harald wrote:

apache/php is not interesed at all in execute-flags

this is widely known and caused by the "MultiViews" option
and can also lead to execute PHP if images contain code
and saved with .php.gif


Not by me, because I've never worked with them. I sit corrected, and
will try to remember it in the future.


BTW, for some weird reason, Thunderbird wanted to send this back to you
and you alone, not the list even though you sent the message to the list.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 06:39 PM
Tom Horsley
 
Default why is a .txt file being run as a php script?

> this is widely known and caused by the "MultiViews" option
> and can also lead to execute PHP if images conatin code
> and saved with .php.gif

But when I read the docs for that (which, by the way, make
my head want to explode) it sounds like MultiViews is something
that will try to find a different file if the requested
one doesn't exist, but I'm *requesting* the .php.txt file
and it does exist, so I'm still confused, but when I get
home I'll try re-enabling php and turning off MultiViews
and see what happens.

Thanks.

P.S. I'm not sure "widely known" is a phrase that should
ever be used with anything on linux :-).
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 07:06 PM
Joe Zeff
 
Default why is a .txt file being run as a php script?

On 10/08/2012 11:46 AM, Reindl Harald wrote:



Am 08.10.2012 20:36, schrieb Joe Zeff:

On 10/08/2012 11:28 AM, Reindl Harald wrote:

because i am still moderated on teh list
and since MANY DAYS people decided to
moderate DO NOT DO THEIR JOB and release
any message


You have my sympathy. Granted, you sometimes sound like you're jumping up and down and tearing your hair out, but
even when you're at your most irate you don't go out of your way to make trouble. And, even though you and I don't
always get along, I've always respected your knowledge. I don't have to like you to learn from you.


reply this to the list
maybe the moderators are reading sometimes there :-)



That's a good idea. Frankly, I can't understand why you've been
moderated in the first place unless somebody malicious made an unfounded
complaint.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 08:20 PM
Mike Wright
 
Default why is a .txt file being run as a php script?

10/08/2012 11:39 AM, Tom Horsley wrote:

this is widely known and caused by the "MultiViews" option
and can also lead to execute PHP if images conatin code
and saved with .php.gif


But when I read the docs for that (which, by the way, make
my head want to explode) it sounds like MultiViews is something
that will try to find a different file if the requested
one doesn't exist, but I'm *requesting* the .php.txt file
and it does exist, so I'm still confused, but when I get
home I'll try re-enabling php and turning off MultiViews
and see what happens.


Pleasure to offer some help, Tom.

I've been struggling/learning with Apache for many years. It is a very
powerful tool.


MultiViews has to do with a thing called "Content Negotiation". Helpful
in multilingual situations where it may be desired to return something
in a specific language, whether content or error pages.


*Very clever people could think up other uses*

Unfortunately it can match and grab the wrong files if allowed to roam
or is not properly tethered. Only enable MultiViews for resources that
absolutely require them. Make sure to specify the Directory, Location,
or File directives when using it.


For further head explosion refer please refer to
http://httpd.apache.org/docs/2.2/content-negotiation.html



Thanks.

P.S. I'm not sure "widely known" is a phrase that should
ever be used with anything on linux :-).


LOL


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 09:58 PM
Gordon Messmer
 
Default why is a .txt file being run as a php script?

On 10/08/2012 11:08 AM, Tom Horsley wrote:

I have a sample .php script which I explicitly named with
a .php.txt suffix so it would be treated as a plain text
file, not a php script.

Yet apache is clearly running the php script rather than just
uploading the plain text copy of the script when I click
on the link to the .php.txt file.


In the default configuration, .php.txt will use the php handler, because
.php is still of the file's extensions.


Instead of adding .txt (and thus adding a second extension), replace
.php with .txt.


http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler
The extension argument is case-insensitive and can be specified with
or without a leading dot. Filenames may have multiple extensions and
the extension argument will be compared against each of them.

http://httpd.apache.org/docs/2.2/mod/mod_mime.html#multipleext
For example, if you wish to have the file foo.html.cgi processed as a
CGI script, but not the file bar.cgi.html, then instead of using
AddHandler cgi-script .cgi, use
<FilesMatch .cgi$>
SetHandler cgi-script
</FilesMatch>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-08-2012, 11:32 PM
Tom Horsley
 
Default why is a .txt file being run as a php script?

On Mon, 08 Oct 2012 13:20:27 -0700
Mike Wright wrote:

> For further head explosion refer please refer to
> http://httpd.apache.org/docs/2.2/content-negotiation.html

That was the one that made my head explode :-).

I have just tried it turning off MultiViews in the
directory where I have my copy of my web pages and
by gosh, it does indeed just show me the file now
instead of running the php script, so even though
my poor brain can't figure out how the heck what the
apache docs say about MultiViews could possibly
cause this, it does indeed appear to be MultiViews
that is causing it.

Thanks to everyone.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 07:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org