ID: 33801 User updated by: stephen dot ball at gmail dot com Reported By: stephen dot ball at gmail dot com Status: Bogus Bug Type: Apache2 related Operating System: Windows/Linux PHP Version: 4.4.0 New Comment:
Makes sense, however # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # and on both servers Options MultiViews is *not* set Previous Comments: ------------------------------------------------------------------------ [2005-07-21 12:16:34] [EMAIL PROTECTED] Turn Off option MultiViews in your httpd.conf. Your problem has nothing to do with PHP. ------------------------------------------------------------------------ [2005-07-21 12:11:11] stephen dot ball at gmail dot com Description: ------------ On Apache you can upload a PHP file with random characters at the end of the file name and provided it has .php in there it runs as PHP. I have tested this on several different servers, including IIS in which it doesn't occur and also with different files on Apache such as .cgi.123 but it only appears to be PHP which runs. Likely an Apache bug but thought I'd better report it here also just to be on the safe side Reproduce code: --------------- <?php phpinfo(); ?> Filename: info.php.123/info.php.abc/info.php.ccc etc Expected result: ---------------- <?php phpinfo(); ?> sent to browser or browser attempts to save the file Actual result: -------------- PHPs information page is output. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33801&edit=1
