On Mon, 2012-09-17 at 19:57 +0400, Konstantin Khomoutov wrote: > The configuration snippet which used to work for me, that is, > > <IfModule mod_fcgid.c> > AddHandler fcgid-script .php > FCGIWrapper /usr/bin/php-cgi .php > </IfModule> > > does not mention any MIME types, I mean there's nothing referring to > things like "application/x-httpd-php" Well...
1) The relation to MIME-Types is only a _previous_ one... when the MIME type definition from the mime-support package was used to get php files interpreted. 2) Ondrej, I've already planned to suggest you... to change the _handler_ name "application/x-httpd-php" that we now use throughout the packages to someting like "php-script"... It easily confuses people that this would be a MIME type,... while it is actually a handler. > To me, it seems that the newly added snippet > > <FilesMatch ".+\.ph(p[345]?|t|tml)$"> > SetHandler application/x-httpd-php > </FilesMatch> > > somehow has higher priority (or gets parsed later maybe?) than my > FastCGI config so that my AddHandler directive is effectively cancelled. > Is that correct? 3) Yes, that's the case... In principle we tried to explain in the NEWS file what has happened,... obviously we cannot cover _any_ possible setup where this could occur somehow; there are simply way too much possible and complex configurations In principle "you" as an administrator are expected to understand how your own setup works,... raise your head when you read that NEWS file.... and realise that you could be affected. > To me, it looks like the handler name "fcgid-script" is builtin to > mod_fcgid, so the answer is "no". Yeah... that seems to be the case... > <FilesMatch ".+\.ph(p[345]?|t|tml)$"> > SetHandler fcgid-script > </FilesMatch> Seems so... > In the latter case, I think the README.Debian file could just include > an entry on changing the default configuration to accomodate CGI or > FastCGI setups and the NEWS file could just redirect the user there. Mhh... well... perhaps as a small hint; in principle this is rather the duty of the libapache2-mod-fcgid package. The best thing would be obviously if one could make everything work out of the box,... but I guess that's not really possibly... as one can imagine setups where a mixture of CGI/FCGID/mod_php/FastCGI is used. Further I would vote against an automatically installed config snippet which globally sets SetHandler fcgid-script, as this (AFAIU) already enables PHP/FCGID interpretation. Has anyone an idea whether mod_fastcgi (!= mod_fcgid) is also affected? Cheers, Chris. btw: This: FCGIWrapper /usr/bin/php-cgi .php may (I haven't checked) be vulnerable to the foo.php.jpeg issue.
smime.p7s
Description: S/MIME cryptographic signature
