On Fri, 2012-10-26 at 13:18 +0200, Ondřej Surý wrote:
+ It is also advised that
+ you check your custom configuration whether it's not vulnerable to
+ foo.php.jpeg attacks. The php5_cgi configuration snippet can be used
+ as base - it's important to use FilesMatch or Files directive to
+
On Sat, Oct 6, 2012 at 9:51 PM, Stefan Fritsch s...@debian.org wrote:
Hi Ondřej,
I also cannot think of any configuration that would make everyone happy. At
the moment, I fear this can only be solved by more documentation.
Maybe one could add such a paragraph to the NEWS entry of php5-cgi
On Thursday 11 October 2012, Charles Plessy wrote:
Le Mon, Oct 08, 2012 at 03:38:10PM +0200, Ondřej Surý a écrit :
Just one last question which came to my mind. Would this all be
fixed if we added non-magic type to mime-support (e.g.
http://bugs.debian.org/670945) and reverting the changes
Hey folks.
On Tue, 2012-10-16 at 00:16 +0200, Stefan Fritsch wrote:
And remove the php-cgi.conf completely, right? So this would introduce
a different fix for the multi-views problem. Are you sure that there
is no other problem that we would re-introduce? Maybe it's worth a
try.
There
Hi Charles.
On Thu, 2012-10-11 at 09:06 +0900, Charles Plessy wrote:
Do you think that there is a way to fix #589384 (the *.php.foo problem)
without removing the application/x-httpd-* media types ?
I would say no, well at least not if we also want to use these media
types later on in Apache to
Oh and one more thing (even though this is PHP unrelated):
Maybe I misunderstand something but it seems both:
libapache2-mod-fcgid, which uses:
IfModule mod_fcgid.c
AddHandlerfcgid-script .fcgi
FcgidConnectTimeout 20
/IfModule
and
libapache2-mod-fastcgi, which uses:
IfModule
On Sat, Oct 6, 2012 at 9:51 PM, Stefan Fritsch s...@debian.org wrote:
This sucks. In hindsight, maybe the mime.types change should have been
deferred until we ugrade to apache 2.4 and people have to adjust their
configs anyway. But I think it's too late now to go back. And leaving the
Stephan,
thanks for the input.
Just one last question which came to my mind. Would this all be fixed
if we added non-magic type to mime-support (e.g.
http://bugs.debian.org/670945) and reverting the changes done in the
php5-cgi package?
That I think would justify change in the mime-support
Hi,
Ondřej Surý:
Just one last question which came to my mind. Would this all be fixed
if we added non-magic type to mime-support (e.g.
http://bugs.debian.org/670945) and reverting the changes done in the
php5-cgi package?
IMHO that would be a good idea. (Subject to testing …)
--
--
On Mon, 2012-10-08 at 15:38 +0200, Ondřej Surý wrote:
Just one last question which came to my mind. Would this all be fixed
if we added non-magic type to mime-support (e.g.
http://bugs.debian.org/670945) and reverting the changes done in the
php5-cgi package?
I'm a bit unsure how/why that
On Mon, Oct 8, 2012 at 9:51 PM, Christoph Anton Mitterer
cales...@scientia.net wrote:
On Mon, 2012-10-08 at 15:38 +0200, Ondřej Surý wrote:
Just one last question which came to my mind. Would this all be fixed
if we added non-magic type to mime-support (e.g.
http://bugs.debian.org/670945) and
On Mon, 2012-10-08 at 22:42 +0200, Ondřej Surý wrote:
Basically it would bring the old behaviour back while not mangling
with custom Set/AddHandler directives in the apache. Remember the
php5_cgi.{load,conf} hack was introduced after decision to fix this
only in Apache - which in turn caused
Hi Ondřej,
I also cannot think of any configuration that would make everyone happy.
At the moment, I fear this can only be solved by more documentation.
Maybe one could add such a paragraph to the NEWS entry of php5-cgi
5.4.4-5, e.g. before The standard configuration now also... :
13 matches
Mail list logo
