-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Ionescu wrote:
Rich Bowen wrote:
Joshua Slive wrote:
FilesMatch \.php$
SetHandler php-script
/FilesMatch
(in place of any other method of activating php)
[...]
That only works if you happen to be the server administrator. If,
however,
Rich Bowen wrote:
Joshua Slive wrote:
FilesMatch \.php$
SetHandler php-script
/FilesMatch
(in place of any other method of activating php)
[...]
That only works if you happen to be the server administrator. If,
however, you are renting web space from someone who has php enabled
globally (this
Rich Bowen wrote:
The folks at Drupal have apparently just discovered that
something.php.bar is executed as PHP, and, thus, checking to see if a
file ends with .php is not sufficient to ensure that their file upload
feature can't be exploited.
Their file upload feature can likely be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The folks at Drupal have apparently just discovered that
something.php.bar is executed as PHP, and, thus, checking to see if a
file ends with .php is not sufficient to ensure that their file upload
feature can't be exploited.
In fact, they have a
On 5/25/06, Rich Bowen [EMAIL PROTECTED] wrote:
The folks at Drupal have apparently just discovered that
something.php.bar is executed as PHP, and, thus, checking to see if a
file ends with .php is not sufficient to ensure that their file upload
feature can't be exploited.
In fact, they have a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joshua Slive wrote:
On 5/25/06, Rich Bowen [EMAIL PROTECTED] wrote:
The folks at Drupal have apparently just discovered that
something.php.bar is executed as PHP, and, thus, checking to see if a
file ends with .php is not sufficient to ensure that