Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

Forums
Forums

Quick Links
- Search Forums
- New Posts
Search titles only

Posted by Member:

Separate names with a comma.

Newer Than:

Search this thread only

Search this forum only

Display results as threads

More...

Useful Searches

Recent Posts
Resources
Resources

Quick Links
Feature Requests
Defects
Menu

This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Preventing .php.jpg files from being executed

Discussion in 'Security' started by canfone, Apr 3, 2011.

canfone Active Member

Joined:

Aug 15, 2003

Messages:

26

Likes Received:

0

Trophy Points:

151

Location:

Montreal

We are looking into how to prevent php from executing filename.php.jpg files

per this issue here:

#11122 (Sanitize filenames with multiple extensions)

In the :

/usr/local/apache/conf/php.conf

Instead of using

AddType application/x-httpd-php .php4 .php .php3 .php2 .phtml

Is it prefferiable to do this:?

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

Should this be standardized with cPanel's auto generated php.conf file?

#1 canfone, Apr 3, 2011
cPanelTristan Quality Assurance Analyst
Staff Member

Joined:

Oct 2, 2010

Messages:

7,609

Likes Received:

31

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator
What set handler are you using on the machine? I tested this on a machine using suPHP and the page called php.php.jpg didn't return the PHP content. As such, have you confirmed this behavior on the newest PHP 5.3 on your machine as happening? You can determine your handler with the following command:

Code:

/usr/local/cpanel/bin/rebuild_phpconf --current | grep -i 'php4\|php5'
cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

#2 cPanelTristan, Apr 4, 2011

(You must log in or sign up to post here.)

Loading...

Similar Threads - Preventing files being

Preventing reply for an email account

toplisek, Jan 13, 2018, in forum: E-mail Discussions

Replies:

1

Views:

122

cPanelMichael

Jan 18, 2018
Preventing users viewing system information

Chris H, May 5, 2017, in forum: Security

Replies:

2

Views:

406

Chris H

May 5, 2017
Preventing xlmrpc.php server-side?

Arkaic, Aug 29, 2016, in forum: Security

Replies:

8

Views:

1,532

cPanelMichael

Sep 1, 2016
Preventing WHM From altering IPTables

davez0rz, May 27, 2016, in forum: Security

Replies:

1

Views:

741

cPanelMichael

Jun 2, 2016
Uploading Files with API issue

Marani, Apr 15, 2018 at 3:57 PM, in forum: cPanel Developers

Replies:

1

Views:

38

cPanelMichael

Apr 16, 2018 at 10:59 AM

Share This Page