Re: Bug with .php extension?

[Ron <iago () valhallalegends com>]

Simon Richter wrote:
> I would think this is related to "Options MultiViews", where a file
> generally has many suffixes (file type, language, compression, ...).
> Does this also happen to you (yes, I'm too lazy to try right now) if you
> turn MultiViews off?
>
> Nevertheless, good idea that script authors should possibly be aware
> that any suffix, not just the last, is interpreted.
>
>    Simon

Thanks for the response,

That was a good idea, I hadn't thought of it; however, I turned off 
MultiViews, and it still behaves the same way.

I also tried adding more extensions, just out of curiosity.  The 
following files also run as .php files:
  http://www.javaop.com/~iago/test.php.cpp.java
  http://www.javaop.com/~iago/test.php.a.a.a.a.b.b.b.b.c.d.e.f

Interestingly, these files are NOT affected, and don't parse the .php:
  http://www.javaop.com/~iago/test.php.jpeg.bmp.rar
  http://www.javaop.com/~iago/test.php.jpeg.rar

The first of those two behaves as a .bmp, and the second one behaves as 
a .jpeg.

It seems that it uses the last recognized extension when parsing files, 
ignoring everything after it.

Any other ideas?  At this point, I'm unsure whether to call it a bug or 
a feature, and whether to alert Apache about it.  Unless somebody posts 
soon, I'll send a bug report to Apache.

Ron

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/