if you use the apache addhandler command for things like php, perl, python, etc
it can create a huge hole if you allow uploads into your web space (images for
example). the unbelievable behavior is that addhandler (and other friends from
mod_mime) look for the extension anywhere in the filename, not just the end.
so foo.php.jpg will be run as php if addhandler is used for .php (which is the
default for redhat 5 systems).
a workaround is to use:
<FilesMatch \.php$>
SetHandler php5-script
ForceType text/html
</FilesMatch>
instead. wow, this is just scary...
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
