[pmwiki-users] OpenOffice.org file uploads
H. Fox
haganfox at users.sourceforge.net
Mon Nov 13 19:31:22 CST 2006
On 11/13/06, Robin Sheat <robin at kallisti.net.nz> wrote:
> On Tuesday 14 November 2006 12:56, Algis Kabaila wrote:
> > server (how else would one run "Mailman"?), IMHO security based on file
> > extensions is very weak indeed - almost meaningless. Why? Python will run
> > "scripts" (programs) without any extensions of their name. This is a
> > problem for security, is it not?
> I'd expect not. While Python (and Perl, and PHP) can run files without a
> particular extension, when part of a website, it's Apache that decides who
> gets to run it. And typically (as I understand it), it gives it to PHP if
> it's a .php file, Perl if it's a .pl file, and so on.
Put another way, the file extensions are "MIME-type extensions". The
server uses them to determine the type of content the file contains.
http://httpd.apache.org/docs/1.3/mod/mod_mime.html#addtype
http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addtype
The reason this line
AddType text/plain phtml pht php phps php3 php3p php4 pl pm py
is in the .htaccess file of your uploads/ directory is to cause the
server to deliver them files with those extensions to the browser as
plain text from that directory (and directories below it).
Hagan
More information about the pmwiki-users
mailing list