Apache delivers PHP source code for vim backup files

[Jens Winter]

Hi,

I wonder which rules are used to decide if a file is processed by PHP. 
For example x.php, x.php.bak and x.php.x~ are all processed, but x.php~ 
is not (at least by default). This could be an issue if you use vim or 
similar editors to edit the config files of e.g. WordPress or MediaWiki 
(containing DB passwords) directly in the server directory (which you 
shouldn't do, but we all know that some people will do anyway...).


So if so many filename schemes result in processing the PHP code, why 
are these critical files delivered as source code (again talking about 
default behavior)?


Jens

Re: Apache delivers PHP source code for vim backup files

[Eric Covener]

On Tue, Jul 14, 2009 at 11:54 AM, Jens Winterice...@uni-paderborn.de wrote:
 Hi,

 I wonder which rules are used to decide if a file is processed by PHP. For
 example x.php, x.php.bak and x.php.x~ are all processed, but x.php~ is not
 (at least by default). This could be an issue if you use vim or similar
 editors to edit the config files of e.g. WordPress or MediaWiki (containing
 DB passwords) directly in the server directory (which you shouldn't do, but
 we all know that some people will do anyway...).

 So if so many filename schemes result in processing the PHP code, why are
 these critical files delivered as source code (again talking about default
 behavior)?

Directives that accept filename extensions treat foo.bar.baz as
having two distinct extensions.

http://httpd.apache.org/docs/2.2/mod/mod_mime.html
http://httpd.apache.org/userslist.html

-- 
Eric Covener
cove...@gmail.com