.php3 -> .php

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@39892 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Gabor Hojtsy 2001-01-20 19:13:22 +00:00
parent 980364095d
commit 1e7e134c7d
2 changed files with 60 additions and 60 deletions

View file

@ -83,15 +83,15 @@
Usually some web server configuration directives (Apache:
Action) are used to redirect requests to documents like
<filename
role="url">http://my.host/secret/script.php3</filename> to the
role="url">http://my.host/secret/script.php</filename> to the
PHP interpreter. With this setup, the web server first checks
the access permissions to the directory <filename
role="uri">/secret</filename>, and after that creates the
redirected request <filename
role="url">http://my.host/cgi-bin/php/secret/script.php3</filename>.
role="url">http://my.host/cgi-bin/php/secret/script.php</filename>.
Unfortunately, if the request is originally given in this form,
no access checks are made by web server for file <filename
role="uri">/secret/script.php3</filename>, but only for the
role="uri">/secret/script.php</filename>, but only for the
<filename role="uri">/cgi-bin/php</filename> file. This way
any user able to access <filename
role="uri">/cgi-bin/php</filename> is able to access any
@ -125,9 +125,9 @@
to the configure script. You still have to make sure your PHP
scripts do not rely on one or another way of calling the script,
neither by directly <filename
role="php">http://my.host/cgi-bin/php/dir/script.php3</filename>
role="php">http://my.host/cgi-bin/php/dir/script.php</filename>
nor by redirection <filename
role="php">http://my.host/dir/script.php3</filename>.
role="php">http://my.host/dir/script.php</filename>.
</simpara>
<simpara>
Redirection can be configured in Apache by using AddHandler and
@ -140,7 +140,7 @@
<simpara>
This compile-time option prevents anyone from calling PHP
directly with a url like <filename
role="php">http://my.host/cgi-bin/php/secretdir/script.php3</filename>.
role="php">http://my.host/cgi-bin/php/secretdir/script.php</filename>.
Instead, PHP will only parse in this mode if it has gone through
a web server redirect rule.
</simpara>
@ -149,8 +149,8 @@
the following directives:
</simpara>
<programlisting role="apache-conf">
Action php3-script /cgi-bin/php
AddHandler php3-script .php3
Action php-script /cgi-bin/php
AddHandler php-script .php
</programlisting>
<simpara>
This option has only been tested with the Apache web server, and
@ -199,21 +199,21 @@ AddHandler php3-script .php3
linkend="ini.user-dir">user_dir</link>. When user_dir is unset,
only thing controlling the opened file name is
<parameter>doc_root</parameter>. Opening an url like <filename
role="url">http://my.host/~user/doc.php3</filename> does not
role="url">http://my.host/~user/doc.php</filename> does not
result in opening a file under users home directory, but a file
called <filename role="uri">~user/doc.php3</filename> under
called <filename role="uri">~user/doc.php</filename> under
doc_root (yes, a directory name starting with a tilde
[<literal>~</literal>]).
</simpara>
<simpara>
If user_dir is set to for example <filename
role="dir">public_php</filename>, a request like <filename
role="url">http://my.host/~user/doc.php3</filename> will open a
file called <filename>doc.php3</filename> under the directory
role="url">http://my.host/~user/doc.php</filename> will open a
file called <filename>doc.php</filename> under the directory
named <filename role="dir">public_php</filename> under the home
directory of the user. If the home of the user is <filename
role="dir">/home/user</filename>, the file executed is
<filename>/home/user/public_php/doc.php3</filename>.
<filename>/home/user/public_php/doc.php</filename>.
</simpara>
<simpara>
<parameter>user_dir</parameter> expansion happens regardless of
@ -254,22 +254,6 @@ AddHandler php3-script .php3
</sect1>
<sect1 id="security.current">
<title>Keeping Current</title>
<simpara>
PHP, like any other large system, is under constant scrutiny and
improvement. Each new version will often include both major and
minor changes to enhance and repair security flaws, configuration
mishaps, and other issues that will affect the overall security
and stability of your system.
</simpara>
<simpara>
Like other system-level scripting languages and programs, the best
approach is to update often, and maintain awareness of the latest
versions and their changes.
</simpara>
</sect1>
<sect1 id="security.apache">
<title>Installed as an Apache module</title>
<simpara>
@ -406,7 +390,7 @@ echo "$file_to_delete has been deleted!";
<title>More secure file name checking</title>
<programlisting role="php">
&lt;?php
$username = get_env("REMOTE_USER");
$username = getenv("REMOTE_USER");
$homedir = "/home/$username";
if (!ereg('^[^./][^/]*$', $userfile))
@ -601,6 +585,22 @@ exec ($evil_var);
become one.
</simpara>
</sect1>
<sect1 id="security.current">
<title>Keeping Current</title>
<simpara>
PHP, like any other large system, is under constant scrutiny and
improvement. Each new version will often include both major and
minor changes to enhance and repair security flaws, configuration
mishaps, and other issues that will affect the overall security
and stability of your system.
</simpara>
<simpara>
Like other system-level scripting languages and programs, the best
approach is to update often, and maintain awareness of the latest
versions and their changes.
</simpara>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file

View file

@ -83,15 +83,15 @@
Usually some web server configuration directives (Apache:
Action) are used to redirect requests to documents like
<filename
role="url">http://my.host/secret/script.php3</filename> to the
role="url">http://my.host/secret/script.php</filename> to the
PHP interpreter. With this setup, the web server first checks
the access permissions to the directory <filename
role="uri">/secret</filename>, and after that creates the
redirected request <filename
role="url">http://my.host/cgi-bin/php/secret/script.php3</filename>.
role="url">http://my.host/cgi-bin/php/secret/script.php</filename>.
Unfortunately, if the request is originally given in this form,
no access checks are made by web server for file <filename
role="uri">/secret/script.php3</filename>, but only for the
role="uri">/secret/script.php</filename>, but only for the
<filename role="uri">/cgi-bin/php</filename> file. This way
any user able to access <filename
role="uri">/cgi-bin/php</filename> is able to access any
@ -125,9 +125,9 @@
to the configure script. You still have to make sure your PHP
scripts do not rely on one or another way of calling the script,
neither by directly <filename
role="php">http://my.host/cgi-bin/php/dir/script.php3</filename>
role="php">http://my.host/cgi-bin/php/dir/script.php</filename>
nor by redirection <filename
role="php">http://my.host/dir/script.php3</filename>.
role="php">http://my.host/dir/script.php</filename>.
</simpara>
<simpara>
Redirection can be configured in Apache by using AddHandler and
@ -140,7 +140,7 @@
<simpara>
This compile-time option prevents anyone from calling PHP
directly with a url like <filename
role="php">http://my.host/cgi-bin/php/secretdir/script.php3</filename>.
role="php">http://my.host/cgi-bin/php/secretdir/script.php</filename>.
Instead, PHP will only parse in this mode if it has gone through
a web server redirect rule.
</simpara>
@ -149,8 +149,8 @@
the following directives:
</simpara>
<programlisting role="apache-conf">
Action php3-script /cgi-bin/php
AddHandler php3-script .php3
Action php-script /cgi-bin/php
AddHandler php-script .php
</programlisting>
<simpara>
This option has only been tested with the Apache web server, and
@ -199,21 +199,21 @@ AddHandler php3-script .php3
linkend="ini.user-dir">user_dir</link>. When user_dir is unset,
only thing controlling the opened file name is
<parameter>doc_root</parameter>. Opening an url like <filename
role="url">http://my.host/~user/doc.php3</filename> does not
role="url">http://my.host/~user/doc.php</filename> does not
result in opening a file under users home directory, but a file
called <filename role="uri">~user/doc.php3</filename> under
called <filename role="uri">~user/doc.php</filename> under
doc_root (yes, a directory name starting with a tilde
[<literal>~</literal>]).
</simpara>
<simpara>
If user_dir is set to for example <filename
role="dir">public_php</filename>, a request like <filename
role="url">http://my.host/~user/doc.php3</filename> will open a
file called <filename>doc.php3</filename> under the directory
role="url">http://my.host/~user/doc.php</filename> will open a
file called <filename>doc.php</filename> under the directory
named <filename role="dir">public_php</filename> under the home
directory of the user. If the home of the user is <filename
role="dir">/home/user</filename>, the file executed is
<filename>/home/user/public_php/doc.php3</filename>.
<filename>/home/user/public_php/doc.php</filename>.
</simpara>
<simpara>
<parameter>user_dir</parameter> expansion happens regardless of
@ -254,22 +254,6 @@ AddHandler php3-script .php3
</sect1>
<sect1 id="security.current">
<title>Keeping Current</title>
<simpara>
PHP, like any other large system, is under constant scrutiny and
improvement. Each new version will often include both major and
minor changes to enhance and repair security flaws, configuration
mishaps, and other issues that will affect the overall security
and stability of your system.
</simpara>
<simpara>
Like other system-level scripting languages and programs, the best
approach is to update often, and maintain awareness of the latest
versions and their changes.
</simpara>
</sect1>
<sect1 id="security.apache">
<title>Installed as an Apache module</title>
<simpara>
@ -406,7 +390,7 @@ echo "$file_to_delete has been deleted!";
<title>More secure file name checking</title>
<programlisting role="php">
&lt;?php
$username = get_env("REMOTE_USER");
$username = getenv("REMOTE_USER");
$homedir = "/home/$username";
if (!ereg('^[^./][^/]*$', $userfile))
@ -601,6 +585,22 @@ exec ($evil_var);
become one.
</simpara>
</sect1>
<sect1 id="security.current">
<title>Keeping Current</title>
<simpara>
PHP, like any other large system, is under constant scrutiny and
improvement. Each new version will often include both major and
minor changes to enhance and repair security flaws, configuration
mishaps, and other issues that will affect the overall security
and stability of your system.
</simpara>
<simpara>
Like other system-level scripting languages and programs, the best
approach is to update often, and maintain awareness of the latest
versions and their changes.
</simpara>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file