[CentOS] php config security concern for c5
maillists at conactive.com
Wed Nov 18 18:31:23 UTC 2009
Joe Pruett wrote on Wed, 18 Nov 2009 09:39:30 -0800 (PST):
> i think that directory context is not just <Directory>, and the text at
> the url says the directive may be placed in <directory>,
> <location>, or
> <files> which i assume means <filesmatch> as well.
Right. I was getting the German version of this page and I swear it didn't
include the <Files> thing last time I looked. Now it does. And it looks like it
has been added during the last days as it is still missing an "or".
So, you are right, yes.
> i did some more testing and i was able to override the forcetype (if it
> truly is working) via header('content-type'), like you'd do for serving
> images via php. i guess i haven't tested without forcetype yet...
Thanks for the info. Still, I think you can keep the AddType directive and not
use ForceType because the problem is only the AddHandler directive that
overrides the mime-type for the image.
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the CentOS