Hi all, I've got a client that needs a directory writable for his clients. The main website is in PHP, so disabling PHP for this client is not an option. I've created a .htaccess file within the writable directory with the following in it. Code: RemoveType application/x-httpd-php php php3 AddType text/html php php3 The above .htaccess file does work, and when a client uploads php or php3 file, and runs it, it will show the file as text. Problem is that when he uploads it with extention php4 or php5 etc etc it will still run the php code! I could add a lot of extentions (php5, php6 ..), but this is not really an option. I will also need to stop .pl, /cgi and any other server side scripting language in this open writable directory! Anyone here who might have a good tip on how to do this?
When you talk of running do you mean by the web server ? thats for the php code, as for the cgi scripts they will not run unless the directory is script aliased.
Yes, by running it I'm talking about the web server (Apache) I really do not want clients to upload PHP code, and be able to execute it. The files that are uploaded to the "writable" directory are all owned by "www-data", so accessing the PHP files in the writable directory will be executed (run) by the Apache webserver. I need to stop this some way.
I have not tested but i thought if you are running php as a module and have it configured with Code: AddHandler php5-script .php it will not run index.php5 as a php file correct me if am wrong.
