DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15358>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15358 Wrong filenames accepted by AddType Summary: Wrong filenames accepted by AddType Product: Apache httpd-1.3 Version: 1.3.27 Platform: PC OS/Version: Linux Status: NEW Severity: Blocker Priority: Other Component: mod_mime AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] A filename that is like a filename that should be handled by an external program, but has a dot after gets sent to the other apllication. ie. If a file is named info.php.OLD it gets sent to php even though the suffix given in AddType is .php This a severe security risk for any system that lets people upload files, since a check for .php endings aren't enough. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
