[wp-trac] [WordPress Trac] #11122: Sanitize filenames with multiple extensions
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 12 17:23:13 UTC 2009
#11122: Sanitize filenames with multiple extensions
--------------------------+-------------------------------------------------
Reporter: ryan | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 2.8.6
Component: Security | Version: 2.8.5
Severity: normal | Resolution: fixed
Keywords: health-check |
--------------------------+-------------------------------------------------
Comment(by Otto42):
Better fix for people with vulnerable hosts. Add this to the top of the
root .htaccess file:
{{{
RemoveHandler application/x-httpd-php .php
<FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
}}}
This will remove the problem. Verified on a vulnerable shared web host
(which shall remain nameless for now).
Tip that we should tell all web hosts: Don't use AddHandler.
This (or similar) is the vulnerability:
{{{
AddHandler application/x-httpd-php .php
}}}
This is the correct way to do it:
{{{
<FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
}}}
Reference step 15 of the install instructions here:
http://php.net/manual/en/install.unix.apache2.php
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11122#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list