Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

Forums
Forums

Quick Links
- Search Forums
- New Posts
Search titles only

Posted by Member:

Separate names with a comma.

Newer Than:

Search this thread only

Search this forum only

Display results as threads

More...

Useful Searches

Recent Posts
Resources
Resources

Quick Links
Feature Requests
Defects
Menu

Preventing .php.jpg files from being executed

Discussion in 'Security' started by canfone, Apr 3, 2011.

canfone Active Member

Joined:

Aug 15, 2003

Messages:

26

Likes Received:

0

Trophy Points:

151

Location:

Montreal

We are looking into how to prevent php from executing filename.php.jpg files

per this issue here:

#11122 (Sanitize filenames with multiple extensions)

In the :

/usr/local/apache/conf/php.conf

Instead of using

AddType application/x-httpd-php .php4 .php .php3 .php2 .phtml

Is it prefferiable to do this:?

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

Should this be standardized with cPanel's auto generated php.conf file?

#1 canfone, Apr 3, 2011
cPanelTristan Quality Assurance Analyst
Staff Member

Joined:

Oct 2, 2010

Messages:

7,608

Likes Received:

32

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator
What set handler are you using on the machine? I tested this on a machine using suPHP and the page called php.php.jpg didn't return the PHP content. As such, have you confirmed this behavior on the newest PHP 5.3 on your machine as happening? You can determine your handler with the following command:

Code:

/usr/local/cpanel/bin/rebuild_phpconf --current | grep -i 'php4\|php5'
cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

#2 cPanelTristan, Apr 4, 2011

(You must log in or sign up to post here.)

Loading...

Similar Threads - Preventing files being

Htaccess preventing file uploads?

bugetarul, May 19, 2018, in forum: Security

Replies:

3

Views:

138

cPanelMichael

May 21, 2018
Preventing reply for an email account

toplisek, Jan 13, 2018, in forum: E-mail Discussion

Replies:

1

Views:

164

cPanelMichael

Jan 18, 2018
Preventing users viewing system information

Chris H, May 5, 2017, in forum: Security

Replies:

2

Views:

482

Chris H

May 5, 2017
Preventing xlmrpc.php server-side?

Arkaic, Aug 29, 2016, in forum: Security

Replies:

8

Views:

1,833

cPanelMichael

Sep 1, 2016
SOLVED PHP-FPM and excluding files from opcache

APatchworkBoy, Aug 16, 2018 at 7:41 AM, in forum: EasyApache

Replies:

2

Views:

32

APatchworkBoy

Aug 17, 2018 at 7:49 AM

Share This Page

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...

Dismiss Notice