First, the execute bit means nothing over HTTP. So they couldn't just execute it remotely. They would need an account on the box.
And second, PHP does not set the x bit, you are doing that. Check your default umask or set it explicitly with a call to umask() before copying the file into place. On Tue, 26 Mar 2002, David McInnis wrote: > Why does PHP set the execute bit on an uploaded file? This means a user > could upload a script and it would be executable. Ouch! Especially if > the file is available via httpd after upload. . . HELP. > > I am saving to a directory with permissions of 766 > > And when php copies the file it assigns the following permissions. > > rwxr-xr-x > > I am using the copy command to move the file from the tmp directory. > > David McInnis > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
