On Mon, Sep 17, 2012 at 8:48 PM, Matthias Urlichs matth...@urlichs.de wrote:
Thus an upgrade to wheezy which kills that setup by undoing the second
step, i.e. re-enabling php5_cgi, is contrary to expectations, NEWS file or
no NEWS file.
JFTR there was NO php5_cgi in squeeze, so the update does
Hi,
Ondřej Surý:
On Mon, Sep 17, 2012 at 8:48 PM, Matthias Urlichs matth...@urlichs.de wrote:
Thus an upgrade to wheezy which kills that setup by undoing the second
step, i.e. re-enabling php5_cgi, is contrary to expectations, NEWS file or
no NEWS file.
JFTR there was NO php5_cgi in
On Mon, 17 Sep 2012 19:57:57 +0400
Konstantin Khomoutov flatw...@users.sourceforge.net wrote:
[...]
Or is the correct thing for me is to just change
FilesMatch .+\.ph(p[345]?|t|tml)$
SetHandler application/x-httpd-php
/FilesMatch
to
FilesMatch .+\.ph(p[345]?|t|tml)$
On Mon, 17 Sep 2012 17:28:44 +0200
Ondřej Surý ond...@debian.org wrote:
I'm by no means an expert in setting up this sort of complicated
stuff in Apache, so I can't really tell if this new change in php5
packaging introduces a regression or it's just a misconfiguration
on my part. In the
On Mon, 17 Sep 2012 18:53:50 +0200
Christoph Anton Mitterer cales...@scientia.net wrote:
[...]
Sorry for skipping the rest -- will come back to it later.
btw:
This:
FCGIWrapper /usr/bin/php-cgi .php
may (I haven't checked) be vulnerable to the foo.php.jpeg issue.
Yes, seems vulnerable:
On Mon, 2012-09-17 at 22:11 +0400, Konstantin Khomoutov wrote:
FilesMatch .+\.ph(p[345]?|t|tml)$
SetHandler fcgid-script
FcgidWrapper /usr/bin/php-cgi
/FilesMatch
snippet, all works sensibly: test.php.jpeg is sent as-is and is not
tried to be interpreted.
Yeah,... perhaps someone
Hi,
Christoph Anton Mitterer:
2) Ondrej, I've already planned to suggest you... to change the
_handler_ name application/x-httpd-php that we now use throughout the
packages to someting like php-script...
It easily confuses people that this would be a MIME type,... while it is
actually a
On Mon, 2012-09-17 at 20:48 +0200, Matthias Urlichs wrote:
2) Ondrej, I've already planned to suggest you... to change the
_handler_ name application/x-httpd-php that we now use throughout the
packages to someting like php-script...
It easily confuses people that this would be a MIME
Hi,
Christoph Anton Mitterer:
In fact, this should not happen regardless of whether such re-enabling
breaks anything. It might even introduce a security hole; imagine
re-enabling mod_dirindex. :-(
AFAIU, it doesn't really enable anything... it just sets a different
handler, which may
On Mon, 2012-09-17 at 22:50 +0200, Matthias Urlichs wrote:
AFAIU, it doesn't really enable anything... it just sets a different
handler, which may take away handling from what you've set up.
Your understanding is incomplete.
The postinst script specifically calls a2enable.
It does,... but
Hi,
Christoph Anton Mitterer:
1) So you have both, php5-cgi AND libapache2-mod-fcgid installed, right?
fastcgi, but yes.
2) Then what happens is, the Handler from php5_cgi.conf overrides the
way (whatever you did) to get .php files interpreted, right?
Right.
3) Obviously, .php files are
On Tue, 2012-09-18 at 00:00 +0200, Matthias Urlichs wrote:
fastcgi, but yes.
Well... we have to expect both causing troubles...
Big problem though is, are the files then served as normal files by
Apache?
Yes. The file gets served as-is, with a mimetype of
application/x-whatever-php.
This
On Mon, Sep 17, 2012 at 11:30:46PM +0200, Christoph Anton Mitterer wrote:
[...]
Questions for those who are affected by this bug:
1) So you have both, php5-cgi AND libapache2-mod-fcgid installed, right?
Yes.
2) Then what happens is, the Handler from php5_cgi.conf overrides the
way (whatever
13 matches
Mail list logo