[pmwiki-users] Disallow scripts in upload directories

Oliver Betz list_ob at gmx.net
Sat Mar 23 12:57:34 CDT 2013

Petko Yotov wrote:

>One of the shared hostings I can test appears to have no way to prevent the  
>execution of a file.php.txt. They have some custom modified version of  
>Apache with PHP/FastCGI and "Options -ExecCGI" does nothing,  
>"SetHandler ...", "AddType ...", "ForceType ..." and other suggested  
>solutions cause internal server error.

server error always or only for file.php.txt? The latter would be
better than nothing.

BTW: One of the hostings I checked showed an error if the file had
more permissions than needed. Clever as an additional measure, but I
wouldn't rely on it.

>serving it as plain text. Your proposed solution for .htaccess works though.
>> BTW: I asked in the apache user mailing list about "Options -ExecCGI"
>> and "SetHandler default-handler" but didn't get any reply.
>The Apache documentation is excellent but there are a huge number of  
>configuration options. On a particular installation not every option can  

That's the problem. There are several options to configure script
execution and disabling it has to match enabling.

Asking the hosting provider is also a good idea but doesn't guarantee
a good answer (BTDT, sadly the most expensive hosting I checked).

Oliver Betz, Munich http://oliverbetz.de/

More information about the pmwiki-users mailing list