Hi, vermi schrieb: > There is a big security problem in suPHP. When activated, suPHP give to php > the .php.jpg files. A Hacker can upload a php renamed to .php.jpg in an image > upload form and have all access to the site :/ > The bug is not present when suPHP is loaded into memory and deactivated with : > suPHP_Engine off > RemoveHandler .php > AddHandler application/x-httpd-php .php > AddType application/x-httpd-php .php > php_admin_flag engine on
Actually, this is a configuration problem, not a bug in suPHP: If you use "AddHandler" all filename containing the ".php" extension (e.g. ".php", ".php.jpg") will be served using mod_suphp. If you use the "AddType" directive, only files with the ".php" extension at the end of the filename will be served using suPHP. This behaviour is not specific to suPHP but caused by how Apache handles this directives. Unfortunately the Apache documentation is very unclear on this: http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addhandler http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addtype BTW: The patch you proposed would not only break setups where other extensions than .php, .php4, .php5 or .phtml are used for PHP scripts, but also setups which use suPHP to serve CGI scripts. Regards Sebastian _______________________________________________ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp