[pmwiki-users] Disallow scripts in upload directories
5ko at 5ko.fr
Wed Mar 13 15:19:22 CDT 2013
I'd like to read some opinions from different people about this question -
if you can do some tests on your own servers, please find out what .htaccess
settings disallow script execution for the uploaded files on your wiki, and
Oliver Betz writes:
> In addition, I suggest to completely disallow execution of scripts in
> upload directories.
> For Apache .htaccess I found:
> "Options -ExecCGI" - that's very effective in usual virtual hosting
> environments but doesn't help for languages running as module.
> "SetHandler default-handler" works also for script languages running
> as module.
> Before I add this information to the PmWiki documentation, I would
> appreciate comments from people with better Apache knowledge.
More information about the pmwiki-users