[php-maint] Bug#670945: libapache2-mod-php5: Bug #589384 breaks default behaviour for MultiViews

Tim White timwhite88 at gmail.com
Tue Apr 17 09:07:39 UTC 2012

Package: libapache2-mod-php5
Version: 5.4.0-3
Severity: important

Dear Maintainer,

Bug #589384 breaks default "expected" behaviour of MultiViews in relation to
executing PHP scripts.

URLs of the format http://example.com/file should execute the file.php script
if it exists without needing to request http://example.com/file.php, when
MultiViews is enabled. MultiViews is enabled in the default config shipped with
Apache2 in Debian.

As the fix for #589384 disables the php mimetypes, the MultiViews content
negotitation fails for the *.php files as there is no relevant mimetype for the
*.php files, causing apache to give a 404 instead of executing file.php.

The MultiViews documentation suggests that "MultiviewsMatch Handlers" should
fix the issue, however this fails to work.

As the default expected behaviour is broken, and any packages that enable
MultiViews explicitly for that functionality are broken, this change breaks
packages. I understand the security reasons for the fix, however without a
working solution for renabling this behaviour securely, I've had to uncomment
the mime types for php.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (750, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libapache2-mod-php5 depends on:
ii  apache2-mpm-prefork  2.2.22-2
ii  apache2.2-common     2.2.22-2
ii  libbz2-1.0           1.0.6-1
ii  libc6                2.13-27
ii  libcomerr2           1.42.2-1
ii  libdb5.1             5.1.29-1
ii  libgssapi-krb5-2     1.10+dfsg~beta1-2
ii  libk5crypto3         1.10+dfsg~beta1-2
ii  libkrb5-3            1.10+dfsg~beta1-2
ii  libmagic1            5.11-1
ii  libonig2             5.9.1-1
ii  libpcre3             1:8.30-4
ii  libqdbm14            1.8.78-2
ii  libssl1.0.0          1.0.1-4
ii  libstdc++6           4.7.0-1
ii  libxml2              2.7.8.dfsg-7
ii  mime-support         3.52-1
ii  php5-common          5.4.0-3
ii  tzdata               2012b-1
ii  ucf                  3.0025+nmu2
ii  zlib1g               1:1.2.6.dfsg-2

Versions of packages libapache2-mod-php5 recommends:
ii  php5-cli  5.4.0-3

Versions of packages libapache2-mod-php5 suggests:
ii  php-pear  5.4.0-3

-- no debconf information

More information about the pkg-php-maint mailing list