On mar, 2003-01-14 at 17:31, Jason "Rodzilla" Rodzik wrote:
I just uploaded a test script, not even thinking it would let me. Although the script didn't run for some reason(why is that? I'd like to implement it on my own server)
Only the /w/ and /tools/ subdirectories have the PHP filter enabled in the Apache configuration, and you can't upload to them. So, you just get to download the source.
isn't this still a possible security breech? The ability to upload .php files should be stopped during script execution.
Arbitrary HTML file uploads are potentially much more dangerous than a PHP file that your browser is going to load as plaintext.
I couldn't figure out how to delete the file either... http://www.wikipedia.org/wiki/Image%3ATest.php
Seems to be already deleted.
-- brion vibber (brion @ pobox.com)