savannah-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-dev] [Bug #1070] User can run php scripts via file uploading?

From: nobody
Subject: [Savannah-dev] [Bug #1070] User can run php scripts via file uploading?
Date: Thu, 19 Sep 2002 04:00:17 -0400 
=================== BUG #1070: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1070&group_id=11

Changes by: Mathieu Roy <address@hidden>
Date: 2002-Sep-19 10:00 (Europe/Paris)

            What     | Removed                   | Added
---------------------------------------------------------------------------
         Assigned to | loic                      | yeupou
              Status | Open                      | Closed


------------------ Additional Follow-up Comments ----------------------------
I finally fixed it by myself. See /etc/apache-ssl/access.conf

I added an AllowOverride clause, to prevent for someone overriding ours rules 
and executing php scripts or anything else.





=================== BUG #1070: FULL BUG SNAPSHOT ===================


Submitted by: chedong                   Project: Savannah                       
Submitted on: 2002-Aug-24 18:26
Category:  Apache                       Severity:  7 - Major                    
Priority:  High                         Bug Group:  None                        
Resolution:  Fixed                      Assigned to:  yeupou                    
Status:  Closed                         Effort:  0.00                           

Summary:  User can run php scripts via file uploading?

Original Submission:  http://freesoftware.fsf.org/download/phpman/test.php

Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Sep-19 10:00             By: yeupou
I finally fixed it by myself. See /etc/apache-ssl/access.conf

I added an AllowOverride clause, to prevent for someone overriding ours rules 
and executing php scripts or anything else.



-------------------------------------------------------
Date: 2002-Aug-24 20:12             By: yeupou
I made a dirty hack (.htaccess) to fix this.

Can someone, as Loic, very familiar with the apache-ssl configuration, fix this 
directly the in the system wide configuration file?


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1070&group_id=11
reply via email to
[Prev in Thread] Current Thread [Next in Thread]