Re: php config security concern for c5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Joe Pruett wrote on Wed, 18 Nov 2009 09:39:30 -0800 (PST):

> i think that directory context is not just <Directory>, and the text at 
> the url says the directive may be placed in <directory>,
> <location>, or 
> <files> which i assume means <filesmatch> as well.

Right. I was getting the German version of this page and I swear it didn't 
include the <Files> thing last time I looked. Now it does. And it looks like it 
has been added during the last days as it is still missing an "or".
So, you are right, yes.

> i did some more testing and i was able to override the forcetype (if it 
> truly is working) via header('content-type'), like you'd do for serving 
> images via php.  i guess i haven't tested without forcetype yet...

Thanks for the info. Still, I think you can keep the AddType directive and not 
use ForceType because the problem is only the AddHandler directive that 
overrides the mime-type for the image.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux