[PHP] Does this seem odd? File Upload Permissions

2002-03-26 Thread David McInnis
Why does PHP set the execute bit on an uploaded file? This means a user could upload a script and it would be executable. Ouch! Especially if the file is available via httpd after upload. . . HELP. I am saving to a directory with permissions of 766 And when php copies the file it assigns the

RE: [PHP] Does this seem odd? File Upload Permissions

2002-03-26 Thread Demitrious S. Kelly
? File Upload Permissions Why does PHP set the execute bit on an uploaded file? This means a user could upload a script and it would be executable. Ouch! Especially if the file is available via httpd after upload. . . HELP. I am saving to a directory with permissions of 766 And when php copies

Re: [PHP] Does this seem odd? File Upload Permissions

2002-03-26 Thread Rasmus Lerdorf
First, the execute bit means nothing over HTTP. So they couldn't just execute it remotely. They would need an account on the box. And second, PHP does not set the x bit, you are doing that. Check your default umask or set it explicitly with a call to umask() before copying the file into

RE: [PHP] Does this seem odd? File Upload Permissions

2002-03-26 Thread Demitrious S. Kelly
]] Sent: Tuesday, March 26, 2002 11:08 PM To: David McInnis Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Does this seem odd? File Upload Permissions First, the execute bit means nothing over HTTP. So they couldn't just execute it remotely. They would need an account on the box. And second, PHP does

RE: [PHP] Does this seem odd? File Upload Permissions

2002-03-26 Thread Rasmus Lerdorf
, March 26, 2002 11:08 PM To: David McInnis Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Does this seem odd? File Upload Permissions First, the execute bit means nothing over HTTP. So they couldn't just execute it remotely. They would need an account on the box. And second, PHP does not set

RE: [PHP] Does this seem odd? File Upload Permissions

2002-03-26 Thread Demitrious S. Kelly
PROTECTED]] Sent: Tuesday, March 26, 2002 11:08 PM To: David McInnis Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Does this seem odd? File Upload Permissions First, the execute bit means nothing over HTTP. So they couldn't just execute it remotely. They would need an account on the box

RE: [PHP] Does this seem odd? File Upload Permissions

2002-03-26 Thread David McInnis
PROTECTED] Subject: RE: [PHP] Does this seem odd? File Upload Permissions But it would mean that you would have to severly misconfigure your server and write severely braindead code. Simply putting a file in your document_root that has the x bit set will under normal circumstances not do anything

Re: [PHP] Does this seem odd? File Upload Permissions

2002-03-26 Thread Jason Wong
On Wednesday 27 March 2002 15:33, David McInnis wrote: OK. But I am not changing the permissions. How am I setting the x bit? I am not doing anything in my code except executing a copy() or move_uploaded_file(). Is my server not configured correctly? If so, how do I change the default