[php-maint] Bug#589384: Bug#589384: libapache2-mod-php5: Even with new SetHandler config, php is still activated because of mime type
geissert at debian.org
Sat Mar 12 00:55:48 UTC 2011
reassign 589384 mime-support 3.44-1
On 17 July 2010 03:41, Stefan Fritsch <sf at debian.org> wrote:
> [...] Files named blah.php.blubb are still executed as php scripts because
> they are assigned the type application/x-httpd-php in /etc/mime.types and
> mod_php will execute all files of this type. This can of course be a security
> problem for sites that accept uploaded files.
> There are two possible remedies:
> - Remove all relevant types from /etc/mime.types
> - Add
> RemoveType php phtml pht phps php3 php3p php4 php5
> to php5.conf
I somehow missed this report.
I don't think we should have to deal with side effects of changes in
mime-support. I'm therefore reassigning this report; all the x-httpd-*
entries seem incorrect to me.
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the pkg-php-maint