[php-maint] Bug#670945: libapache2-mod-php5: Bug #589384 breaks default behaviour for MultiViews
Tim White
timwhite88 at gmail.com
Tue Apr 17 09:07:39 UTC 2012
Package: libapache2-mod-php5
Version: 5.4.0-3
Severity: important
Dear Maintainer,
Bug #589384 breaks default "expected" behaviour of MultiViews in relation to
executing PHP scripts.
URLs of the format http://example.com/file should execute the file.php script
if it exists without needing to request http://example.com/file.php, when
MultiViews is enabled. MultiViews is enabled in the default config shipped with
Apache2 in Debian.
As the fix for #589384 disables the php mimetypes, the MultiViews content
negotitation fails for the *.php files as there is no relevant mimetype for the
*.php files, causing apache to give a 404 instead of executing file.php.
The MultiViews documentation suggests that "MultiviewsMatch Handlers" should
fix the issue, however this fails to work.
As the default expected behaviour is broken, and any packages that enable
MultiViews explicitly for that functionality are broken, this change breaks
packages. I understand the security reasons for the fix, however without a
working solution for renabling this behaviour securely, I've had to uncomment
the mime types for php.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (750, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libapache2-mod-php5 depends on:
ii apache2-mpm-prefork 2.2.22-2
ii apache2.2-common 2.2.22-2
ii libbz2-1.0 1.0.6-1
ii libc6 2.13-27
ii libcomerr2 1.42.2-1
ii libdb5.1 5.1.29-1
ii libgssapi-krb5-2 1.10+dfsg~beta1-2
ii libk5crypto3 1.10+dfsg~beta1-2
ii libkrb5-3 1.10+dfsg~beta1-2
ii libmagic1 5.11-1
ii libonig2 5.9.1-1
ii libpcre3 1:8.30-4
ii libqdbm14 1.8.78-2
ii libssl1.0.0 1.0.1-4
ii libstdc++6 4.7.0-1
ii libxml2 2.7.8.dfsg-7
ii mime-support 3.52-1
ii php5-common 5.4.0-3
ii tzdata 2012b-1
ii ucf 3.0025+nmu2
ii zlib1g 1:1.2.6.dfsg-2
Versions of packages libapache2-mod-php5 recommends:
ii php5-cli 5.4.0-3
Versions of packages libapache2-mod-php5 suggests:
ii php-pear 5.4.0-3
-- no debconf information
More information about the pkg-php-maint
mailing list