Why does PHP set the execute bit on an uploaded file? This means a user
could upload a script and it would be executable. Ouch! Especially if
the file is available via httpd after upload. . . HELP.
I am saving to a directory with permissions of 766
And when php copies the file it assigns the
? File Upload Permissions
Why does PHP set the execute bit on an uploaded file? This means a user
could upload a script and it would be executable. Ouch! Especially if
the file is available via httpd after upload. . . HELP.
I am saving to a directory with permissions of 766
And when php copies
First, the execute bit means nothing over HTTP. So they couldn't just
execute it remotely. They would need an account on the box.
And second, PHP does not set the x bit, you are doing that. Check your
default umask or set it explicitly with a call to umask() before copying
the file into
]]
Sent: Tuesday, March 26, 2002 11:08 PM
To: David McInnis
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Does this seem odd? File Upload Permissions
First, the execute bit means nothing over HTTP. So they couldn't just
execute it remotely. They would need an account on the box.
And second, PHP does
, March 26, 2002 11:08 PM
To: David McInnis
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Does this seem odd? File Upload Permissions
First, the execute bit means nothing over HTTP. So they couldn't just
execute it remotely. They would need an account on the box.
And second, PHP does not set
PROTECTED]]
Sent: Tuesday, March 26, 2002 11:08 PM
To: David McInnis
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Does this seem odd? File Upload Permissions
First, the execute bit means nothing over HTTP. So they couldn't just
execute it remotely. They would need an account on the box
PROTECTED]
Subject: RE: [PHP] Does this seem odd? File Upload Permissions
But it would mean that you would have to severly misconfigure your
server
and write severely braindead code. Simply putting a file in your
document_root that has the x bit set will under normal circumstances not
do anything
On Wednesday 27 March 2002 15:33, David McInnis wrote:
OK. But I am not changing the permissions. How am I setting the x bit?
I am not doing anything in my code except executing a copy() or
move_uploaded_file(). Is my server not configured correctly? If so, how
do I change the default
8 matches
Mail list logo