On Tue, 2003-03-18 at 08:20, Juho Heikkurinen wrote:
As I checked where it put the test file I noticed the the png I had uploaded had permissions set to -rwxr-xr-x
Hmm, that would be a PHP issue I suppose. We don't touch the permissions as far as I know.
Upload whack_the_database.php
Point your browser to uploadpath/whack_the_database.php assuming it
has access to LocalSettigs.php
This should probably be in the documentation:
*** FOR THE LOVE OF WIKI, CONFIGURE YOUR WEB SERVER TO DISABLE EXECUTION OF PHP SCRIPTS AND OTHER SUCH THINGS IN THE UPLOAD DIRECTORY! ***
The simplest way to do this of course is to only _enable_ php for the directories where your scripts are stored. What we use is a global option to turn it off: <IfModule mod_php4.c> php_admin_flag engine off </IfModule>
then each wiki's business directory is explicitly turned on: <Directory "/usr/local/apache/htdocs/w"> <IfModule mod_php4.c> php_admin_flag engine on </IfModule> # other options... </Directory>
This is in no way related to the executable bit, since php is usually run as an apache module.
-- brion vibber (brion @ pobox.com)