reassign 562006 libapache2-mod-php5 forcemerge 491928 562006 thanks On Monday 21 December 2009, Paul Tagliamonte wrote: > <FilesMatch \.php$> > SetHandler application/x-httpd-php > </FilesMatch>
This has been fixed in mod_php 5.2.11.dfsg.1-2. Probably you are using an old version of /etc/apache2/mods-available/php5.conf (or you did the bug report from a different machine). > the issue lies in the fact that AddType 'suggests' to the HTTP > clients what to do with .php files, instead of forcing the server > to parse it. This causes the server to hand out the PHP file > because it depends on the client to ask nicely. This interpretation is not correct. The problem with AddType is that things like blah.php.jpg will be executed as PHP script. Or looking at it differently: you describe the normal meaning of AddType but mod_php does some special magic to execute the php script. > This behavior, and work-around is outlined clearly here [1]. > > This can be considered a security risk, it is common to have > passwords and other sensitive data in the php script. No, the issue described there is that if you have viewed the file before enabling mod_php, the browser will cache the source code. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
