mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-16 00:48:54 +00:00
.php3 -> .php
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@39892 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
parent
980364095d
commit
1e7e134c7d
2 changed files with 60 additions and 60 deletions
|
@ -83,15 +83,15 @@
|
|||
Usually some web server configuration directives (Apache:
|
||||
Action) are used to redirect requests to documents like
|
||||
<filename
|
||||
role="url">http://my.host/secret/script.php3</filename> to the
|
||||
role="url">http://my.host/secret/script.php</filename> to the
|
||||
PHP interpreter. With this setup, the web server first checks
|
||||
the access permissions to the directory <filename
|
||||
role="uri">/secret</filename>, and after that creates the
|
||||
redirected request <filename
|
||||
role="url">http://my.host/cgi-bin/php/secret/script.php3</filename>.
|
||||
role="url">http://my.host/cgi-bin/php/secret/script.php</filename>.
|
||||
Unfortunately, if the request is originally given in this form,
|
||||
no access checks are made by web server for file <filename
|
||||
role="uri">/secret/script.php3</filename>, but only for the
|
||||
role="uri">/secret/script.php</filename>, but only for the
|
||||
<filename role="uri">/cgi-bin/php</filename> file. This way
|
||||
any user able to access <filename
|
||||
role="uri">/cgi-bin/php</filename> is able to access any
|
||||
|
@ -125,9 +125,9 @@
|
|||
to the configure script. You still have to make sure your PHP
|
||||
scripts do not rely on one or another way of calling the script,
|
||||
neither by directly <filename
|
||||
role="php">http://my.host/cgi-bin/php/dir/script.php3</filename>
|
||||
role="php">http://my.host/cgi-bin/php/dir/script.php</filename>
|
||||
nor by redirection <filename
|
||||
role="php">http://my.host/dir/script.php3</filename>.
|
||||
role="php">http://my.host/dir/script.php</filename>.
|
||||
</simpara>
|
||||
<simpara>
|
||||
Redirection can be configured in Apache by using AddHandler and
|
||||
|
@ -140,7 +140,7 @@
|
|||
<simpara>
|
||||
This compile-time option prevents anyone from calling PHP
|
||||
directly with a url like <filename
|
||||
role="php">http://my.host/cgi-bin/php/secretdir/script.php3</filename>.
|
||||
role="php">http://my.host/cgi-bin/php/secretdir/script.php</filename>.
|
||||
Instead, PHP will only parse in this mode if it has gone through
|
||||
a web server redirect rule.
|
||||
</simpara>
|
||||
|
@ -149,8 +149,8 @@
|
|||
the following directives:
|
||||
</simpara>
|
||||
<programlisting role="apache-conf">
|
||||
Action php3-script /cgi-bin/php
|
||||
AddHandler php3-script .php3
|
||||
Action php-script /cgi-bin/php
|
||||
AddHandler php-script .php
|
||||
</programlisting>
|
||||
<simpara>
|
||||
This option has only been tested with the Apache web server, and
|
||||
|
@ -199,21 +199,21 @@ AddHandler php3-script .php3
|
|||
linkend="ini.user-dir">user_dir</link>. When user_dir is unset,
|
||||
only thing controlling the opened file name is
|
||||
<parameter>doc_root</parameter>. Opening an url like <filename
|
||||
role="url">http://my.host/~user/doc.php3</filename> does not
|
||||
role="url">http://my.host/~user/doc.php</filename> does not
|
||||
result in opening a file under users home directory, but a file
|
||||
called <filename role="uri">~user/doc.php3</filename> under
|
||||
called <filename role="uri">~user/doc.php</filename> under
|
||||
doc_root (yes, a directory name starting with a tilde
|
||||
[<literal>~</literal>]).
|
||||
</simpara>
|
||||
<simpara>
|
||||
If user_dir is set to for example <filename
|
||||
role="dir">public_php</filename>, a request like <filename
|
||||
role="url">http://my.host/~user/doc.php3</filename> will open a
|
||||
file called <filename>doc.php3</filename> under the directory
|
||||
role="url">http://my.host/~user/doc.php</filename> will open a
|
||||
file called <filename>doc.php</filename> under the directory
|
||||
named <filename role="dir">public_php</filename> under the home
|
||||
directory of the user. If the home of the user is <filename
|
||||
role="dir">/home/user</filename>, the file executed is
|
||||
<filename>/home/user/public_php/doc.php3</filename>.
|
||||
<filename>/home/user/public_php/doc.php</filename>.
|
||||
</simpara>
|
||||
<simpara>
|
||||
<parameter>user_dir</parameter> expansion happens regardless of
|
||||
|
@ -254,22 +254,6 @@ AddHandler php3-script .php3
|
|||
|
||||
</sect1>
|
||||
|
||||
<sect1 id="security.current">
|
||||
<title>Keeping Current</title>
|
||||
<simpara>
|
||||
PHP, like any other large system, is under constant scrutiny and
|
||||
improvement. Each new version will often include both major and
|
||||
minor changes to enhance and repair security flaws, configuration
|
||||
mishaps, and other issues that will affect the overall security
|
||||
and stability of your system.
|
||||
</simpara>
|
||||
<simpara>
|
||||
Like other system-level scripting languages and programs, the best
|
||||
approach is to update often, and maintain awareness of the latest
|
||||
versions and their changes.
|
||||
</simpara>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="security.apache">
|
||||
<title>Installed as an Apache module</title>
|
||||
<simpara>
|
||||
|
@ -406,7 +390,7 @@ echo "$file_to_delete has been deleted!";
|
|||
<title>More secure file name checking</title>
|
||||
<programlisting role="php">
|
||||
<?php
|
||||
$username = get_env("REMOTE_USER");
|
||||
$username = getenv("REMOTE_USER");
|
||||
$homedir = "/home/$username";
|
||||
|
||||
if (!ereg('^[^./][^/]*$', $userfile))
|
||||
|
@ -601,6 +585,22 @@ exec ($evil_var);
|
|||
become one.
|
||||
</simpara>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="security.current">
|
||||
<title>Keeping Current</title>
|
||||
<simpara>
|
||||
PHP, like any other large system, is under constant scrutiny and
|
||||
improvement. Each new version will often include both major and
|
||||
minor changes to enhance and repair security flaws, configuration
|
||||
mishaps, and other issues that will affect the overall security
|
||||
and stability of your system.
|
||||
</simpara>
|
||||
<simpara>
|
||||
Like other system-level scripting languages and programs, the best
|
||||
approach is to update often, and maintain awareness of the latest
|
||||
versions and their changes.
|
||||
</simpara>
|
||||
</sect1>
|
||||
</chapter>
|
||||
|
||||
<!-- Keep this comment at the end of the file
|
||||
|
|
|
@ -83,15 +83,15 @@
|
|||
Usually some web server configuration directives (Apache:
|
||||
Action) are used to redirect requests to documents like
|
||||
<filename
|
||||
role="url">http://my.host/secret/script.php3</filename> to the
|
||||
role="url">http://my.host/secret/script.php</filename> to the
|
||||
PHP interpreter. With this setup, the web server first checks
|
||||
the access permissions to the directory <filename
|
||||
role="uri">/secret</filename>, and after that creates the
|
||||
redirected request <filename
|
||||
role="url">http://my.host/cgi-bin/php/secret/script.php3</filename>.
|
||||
role="url">http://my.host/cgi-bin/php/secret/script.php</filename>.
|
||||
Unfortunately, if the request is originally given in this form,
|
||||
no access checks are made by web server for file <filename
|
||||
role="uri">/secret/script.php3</filename>, but only for the
|
||||
role="uri">/secret/script.php</filename>, but only for the
|
||||
<filename role="uri">/cgi-bin/php</filename> file. This way
|
||||
any user able to access <filename
|
||||
role="uri">/cgi-bin/php</filename> is able to access any
|
||||
|
@ -125,9 +125,9 @@
|
|||
to the configure script. You still have to make sure your PHP
|
||||
scripts do not rely on one or another way of calling the script,
|
||||
neither by directly <filename
|
||||
role="php">http://my.host/cgi-bin/php/dir/script.php3</filename>
|
||||
role="php">http://my.host/cgi-bin/php/dir/script.php</filename>
|
||||
nor by redirection <filename
|
||||
role="php">http://my.host/dir/script.php3</filename>.
|
||||
role="php">http://my.host/dir/script.php</filename>.
|
||||
</simpara>
|
||||
<simpara>
|
||||
Redirection can be configured in Apache by using AddHandler and
|
||||
|
@ -140,7 +140,7 @@
|
|||
<simpara>
|
||||
This compile-time option prevents anyone from calling PHP
|
||||
directly with a url like <filename
|
||||
role="php">http://my.host/cgi-bin/php/secretdir/script.php3</filename>.
|
||||
role="php">http://my.host/cgi-bin/php/secretdir/script.php</filename>.
|
||||
Instead, PHP will only parse in this mode if it has gone through
|
||||
a web server redirect rule.
|
||||
</simpara>
|
||||
|
@ -149,8 +149,8 @@
|
|||
the following directives:
|
||||
</simpara>
|
||||
<programlisting role="apache-conf">
|
||||
Action php3-script /cgi-bin/php
|
||||
AddHandler php3-script .php3
|
||||
Action php-script /cgi-bin/php
|
||||
AddHandler php-script .php
|
||||
</programlisting>
|
||||
<simpara>
|
||||
This option has only been tested with the Apache web server, and
|
||||
|
@ -199,21 +199,21 @@ AddHandler php3-script .php3
|
|||
linkend="ini.user-dir">user_dir</link>. When user_dir is unset,
|
||||
only thing controlling the opened file name is
|
||||
<parameter>doc_root</parameter>. Opening an url like <filename
|
||||
role="url">http://my.host/~user/doc.php3</filename> does not
|
||||
role="url">http://my.host/~user/doc.php</filename> does not
|
||||
result in opening a file under users home directory, but a file
|
||||
called <filename role="uri">~user/doc.php3</filename> under
|
||||
called <filename role="uri">~user/doc.php</filename> under
|
||||
doc_root (yes, a directory name starting with a tilde
|
||||
[<literal>~</literal>]).
|
||||
</simpara>
|
||||
<simpara>
|
||||
If user_dir is set to for example <filename
|
||||
role="dir">public_php</filename>, a request like <filename
|
||||
role="url">http://my.host/~user/doc.php3</filename> will open a
|
||||
file called <filename>doc.php3</filename> under the directory
|
||||
role="url">http://my.host/~user/doc.php</filename> will open a
|
||||
file called <filename>doc.php</filename> under the directory
|
||||
named <filename role="dir">public_php</filename> under the home
|
||||
directory of the user. If the home of the user is <filename
|
||||
role="dir">/home/user</filename>, the file executed is
|
||||
<filename>/home/user/public_php/doc.php3</filename>.
|
||||
<filename>/home/user/public_php/doc.php</filename>.
|
||||
</simpara>
|
||||
<simpara>
|
||||
<parameter>user_dir</parameter> expansion happens regardless of
|
||||
|
@ -254,22 +254,6 @@ AddHandler php3-script .php3
|
|||
|
||||
</sect1>
|
||||
|
||||
<sect1 id="security.current">
|
||||
<title>Keeping Current</title>
|
||||
<simpara>
|
||||
PHP, like any other large system, is under constant scrutiny and
|
||||
improvement. Each new version will often include both major and
|
||||
minor changes to enhance and repair security flaws, configuration
|
||||
mishaps, and other issues that will affect the overall security
|
||||
and stability of your system.
|
||||
</simpara>
|
||||
<simpara>
|
||||
Like other system-level scripting languages and programs, the best
|
||||
approach is to update often, and maintain awareness of the latest
|
||||
versions and their changes.
|
||||
</simpara>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="security.apache">
|
||||
<title>Installed as an Apache module</title>
|
||||
<simpara>
|
||||
|
@ -406,7 +390,7 @@ echo "$file_to_delete has been deleted!";
|
|||
<title>More secure file name checking</title>
|
||||
<programlisting role="php">
|
||||
<?php
|
||||
$username = get_env("REMOTE_USER");
|
||||
$username = getenv("REMOTE_USER");
|
||||
$homedir = "/home/$username";
|
||||
|
||||
if (!ereg('^[^./][^/]*$', $userfile))
|
||||
|
@ -601,6 +585,22 @@ exec ($evil_var);
|
|||
become one.
|
||||
</simpara>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="security.current">
|
||||
<title>Keeping Current</title>
|
||||
<simpara>
|
||||
PHP, like any other large system, is under constant scrutiny and
|
||||
improvement. Each new version will often include both major and
|
||||
minor changes to enhance and repair security flaws, configuration
|
||||
mishaps, and other issues that will affect the overall security
|
||||
and stability of your system.
|
||||
</simpara>
|
||||
<simpara>
|
||||
Like other system-level scripting languages and programs, the best
|
||||
approach is to update often, and maintain awareness of the latest
|
||||
versions and their changes.
|
||||
</simpara>
|
||||
</sect1>
|
||||
</chapter>
|
||||
|
||||
<!-- Keep this comment at the end of the file
|
||||
|
|
Loading…
Reference in a new issue