why is a .txt file being run as a php script?
Mike Wright
mike.wright at mailinator.com
Mon Oct 8 20:20:27 UTC 2012
10/08/2012 11:39 AM, Tom Horsley wrote:
>> this is widely known and caused by the "MultiViews" option
>> and can also lead to execute PHP if images conatin code
>> and saved with .php.gif
>
> But when I read the docs for that (which, by the way, make
> my head want to explode) it sounds like MultiViews is something
> that will try to find a different file if the requested
> one doesn't exist, but I'm *requesting* the .php.txt file
> and it does exist, so I'm still confused, but when I get
> home I'll try re-enabling php and turning off MultiViews
> and see what happens.
Pleasure to offer some help, Tom.
I've been struggling/learning with Apache for many years. It is a very
powerful tool.
MultiViews has to do with a thing called "Content Negotiation". Helpful
in multilingual situations where it may be desired to return something
in a specific language, whether content or error pages.
*Very clever people could think up other uses*
Unfortunately it can match and grab the wrong files if allowed to roam
or is not properly tethered. Only enable MultiViews for resources that
absolutely require them. Make sure to specify the Directory, Location,
or File directives when using it.
For further head explosion refer please refer to
http://httpd.apache.org/docs/2.2/content-negotiation.html
>
> Thanks.
>
> P.S. I'm not sure "widely known" is a phrase that should
> ever be used with anything on linux :-).
LOL
More information about the users
mailing list