Full Disclosure mailing list archives
Re: Bug with .php extension?
From: Ron <iago () valhallalegends com>
Date: Mon, 05 Dec 2005 17:28:10 -0600
Simon Richter wrote: > I would think this is related to "Options MultiViews", where a file > generally has many suffixes (file type, language, compression, ...). > Does this also happen to you (yes, I'm too lazy to try right now) if you > turn MultiViews off? > > Nevertheless, good idea that script authors should possibly be aware > that any suffix, not just the last, is interpreted. > > Simon Thanks for the response,That was a good idea, I hadn't thought of it; however, I turned off MultiViews, and it still behaves the same way.
I also tried adding more extensions, just out of curiosity. The following files also run as .php files:
http://www.javaop.com/~iago/test.php.cpp.java http://www.javaop.com/~iago/test.php.a.a.a.a.b.b.b.b.c.d.e.f Interestingly, these files are NOT affected, and don't parse the .php: http://www.javaop.com/~iago/test.php.jpeg.bmp.rar http://www.javaop.com/~iago/test.php.jpeg.rarThe first of those two behaves as a .bmp, and the second one behaves as a .jpeg.
It seems that it uses the last recognized extension when parsing files, ignoring everything after it.
Any other ideas? At this point, I'm unsure whether to call it a bug or a feature, and whether to alert Apache about it. Unless somebody posts soon, I'll send a bug report to Apache.
Ron _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Bug with .php extension? Ron (Dec 04)
- Re: Bug with .php extension? Chris Umphress (Dec 04)
- Re: Bug with .php extension? Stanza (Dec 05)
- Re: Bug with .php extension? Simon Richter (Dec 05)
- Re: Bug with .php extension? Michael Ligh (Dec 05)
- Re: Bug with .php extension? Ron (Dec 05)
- <Possible follow-ups>
- RE: Bug with .php extension? Krpata, Tyler (Dec 05)
- Re: Bug with .php extension? John Bond (Dec 05)
- Re: Bug with .php extension? John Bond (Dec 05)
- Re: Bug with .php extension? John Bond (Dec 05)
- Re: Bug with .php extension? z3n (Dec 06)
- Re: Bug with .php extension? Christopher Kunz (Dec 06)
- Re: Bug with .php extension? Graham Reed (Dec 06)
- Re: Bug with .php extension? Matthew Murphy (Dec 06)
- Re: Bug with .php extension? Christopher Kunz (Dec 06)
- Re: Bug with .php extension? Chris Umphress (Dec 04)