unrelenting.technology

In reply to How I hacked my own site by feeding it a profile picture via webmention by https://seblog.nl on

Yeah, this is the one of the big problems with PHP, and Apache mod_php specifically. You can implement various mitigations (drop an .htaccess into the uploads directory that turns off any script execution?) but the fact that you have to is kinda ridiculous. Pretty much all other web development environments are not based around just running scripts from the same directories where static files are. Heck, Apache’s CGI implementation was better, it only ran code from the /cgi-bin/ subdirectory!

Published

Categories and tags

Replies

Using

micropublish.net

Post your response

If you write a response on your website, mark it up with h-entry and let me know the URL: