[php-maint] Bug#589384: Bug#589384: libapache2-mod-php5: Even with new SetHandler config, php is still activated because of mime type

Raphael Geissert geissert at debian.org
Sat Mar 12 00:55:48 UTC 2011


reassign 589384 mime-support 3.44-1
thanks

On 17 July 2010 03:41, Stefan Fritsch <sf at debian.org> wrote:
> [...] Files named blah.php.blubb are still executed as php scripts because
> they are assigned the type application/x-httpd-php in /etc/mime.types and
> mod_php will execute all files of this type. This can of course be a security
> problem for sites that accept uploaded files.
>
> There are two possible remedies:
> - Remove all relevant types from /etc/mime.types
> - Add
>            RemoveType php phtml pht phps php3 php3p php4 php5
>   to php5.conf
>

I somehow missed this report.

I don't think we should have to deal with side effects of changes in
mime-support. I'm therefore reassigning this report; all the x-httpd-*
entries seem incorrect to me.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net





More information about the pkg-php-maint mailing list