#27 add .php at last in the extension

open
nobody
5
2002-12-18
2002-12-18
No

Hi

Some time we put the the phplib the web directory so
when we call the phplib folder .. file names are .inc
will show the contents.

Please change the extensions of the file as

file.inc -> file.inc.php

Hope you will consider this.

Prachait Saxena

Discussion

  • Layne Weathers

    Layne Weathers - 2002-12-19

    Logged In: YES
    user_id=278685

    You need to configure your web server a bit more securely.

    Even if you put the PHPLib directory within a web directory,
    the PHPLib directory should not be servable. Use a simple
    .htaccess file to block all requests:
    <Limit GET POST>
    Order allow,deny
    Deny from all
    Satisfy All
    </Limit>

    In addition, you should have Apache configured to ignore all
    requests for .inc files:
    <Files ~"\.inc$">
    Order allow,deny
    Deny from all
    Satisfy All
    </Files>

     
  • Jan Ptacek

    Jan Ptacek - 2003-02-19

    Logged In: YES
    user_id=217316

    yes, everybody can make this for himself alone
    but the request was probably ment in way more like:
    it would be nice to have .php suffix as of nature =
    in the package you download, so even not configured server
    will not show you your db passwords and so on

    at least IMHO :)

     

Log in to post a comment.