tags 381907 +patch thanks Hello,
I have attached an adaptation of upstream's "hotfix" from http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads . The patch adds a patch in debian/patches, so please remember to run 'debian/rules patch' before building the package, so that the patch will be applied. Thanks, John Wright
=== added file 'debian/patches/upstream-Codev.SecurityAlertSecureFileUploads.patch' --- debian/patches/upstream-Codev.SecurityAlertSecureFileUploads.patch 1970-01-01 00:00:00 +0000 +++ debian/patches/upstream-Codev.SecurityAlertSecureFileUploads.patch 2006-08-24 18:37:39 +0000 @@ -0,0 +1,27 @@ +--- debian/apache.conf 2006-08-24 18:25:47 +0000 ++++ debian/apache.conf 2006-08-24 18:33:57 +0000 +@@ -12,4 +12,23 @@ + Allow from all + </Directory> + ++<Directory "/var/www/twiki/pub"> ++ Options None ++ AllowOverride None ++ Allow from all ++ ++ # Disable interpreting of php in the pub directory ++ <IfModule mod_php4.c> ++ php_admin_flag engine off ++ </IfModule> ++ <IfModule mod_php3.c> ++ php3_engine off ++ </IfModule> ++ ++ # This line will redefine the mime type for the most common ++ # types of scripts. It will also deliver HTML files as if ++ # they are text files ++ AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi ++</Directory> ++ + # End twiki Configuration Block +