[CentOS] php config security concern for c5

Wed Nov 18 18:31:23 UTC 2009
Kai Schaetzl <maillists at conactive.com>

Joe Pruett wrote on Wed, 18 Nov 2009 09:39:30 -0800 (PST):

> i think that directory context is not just <Directory>, and the text at 
> the url says the directive may be placed in <directory>,
> <location>, or 
> <files> which i assume means <filesmatch> as well.

Right. I was getting the German version of this page and I swear it didn't 
include the <Files> thing last time I looked. Now it does. And it looks like it 
has been added during the last days as it is still missing an "or".
So, you are right, yes.

> i did some more testing and i was able to override the forcetype (if it 
> truly is working) via header('content-type'), like you'd do for serving 
> images via php.  i guess i haven't tested without forcetype yet...

Thanks for the info. Still, I think you can keep the AddType directive and not 
use ForceType because the problem is only the AddHandler directive that 
overrides the mime-type for the image.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com