On Tue, 2003-03-18 at 08:20, Juho Heikkurinen wrote:
As I checked where it put the test file I noticed the
the png I had
uploaded had permissions set to -rwxr-xr-x
Hmm, that would be a PHP issue I suppose. We don't touch the permissions
as far as I know.
1. Upload whack_the_database.php
2. Point your browser to uploadpath/whack_the_database.php assuming it
has access to LocalSettigs.php
This should probably be in the documentation:
*** FOR THE LOVE OF WIKI, CONFIGURE YOUR WEB SERVER TO DISABLE EXECUTION
OF PHP SCRIPTS AND OTHER SUCH THINGS IN THE UPLOAD DIRECTORY! ***
The simplest way to do this of course is to only _enable_ php for the
directories where your scripts are stored. What we use is a global
option to turn it off:
<IfModule mod_php4.c>
php_admin_flag engine off
</IfModule>
then each wiki's business directory is explicitly turned on:
<Directory "/usr/local/apache/htdocs/w">
<IfModule mod_php4.c>
php_admin_flag engine on
</IfModule>
# other options...
</Directory>
This is in no way related to the executable bit, since php is usually
run as an apache module.
-- brion vibber (brion @
pobox.com)