files ending with '.' treated as if the '.' is not there

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Morning all,
 first post from myself.

If you have PHP, Perl or plain old CGI installed, and set up Apache to recognise these files with the extensions '.php', '.pl' or '.cgi', Apache will recognise the files even if the filename has a '.' at the end.

For example, 'test.php.' will be run as if it is a PHP file.

This causes some developers to unwittingly create insecure programs. for example, if you have a program which allows a user to rename a file, but bans server-executable extensions such as '.php', '.cgi', etc, the programmer would not automatically realise that the user can get around that by placing a '.' at the end.

I'd like to know is that a bug in Apache?

kae

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux