Bug 4986 - Add access restrictions for clipart incoming directory
Summary: Add access restrictions for clipart incoming directory
Status: RESOLVED FIXED
Alias: None
Product: freedesktop.org
Classification: Unclassified
Component: Website (show other bugs)
Version: unspecified
Hardware: Other Linux (All)
: high normal
Assignee: fd.o Admin Massive
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-07 15:05 UTC by Bryce Harrington
Modified: 2005-11-20 19:29 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Bryce Harrington 2005-11-07 15:05:33 UTC 
Hi,  
  
Can you add the following restrictions to the Apache configuration for the  
openclipart site?  It appears that .htaccess does not allow adding these  
parameters locally.  
  
<Directory "/srv/clipart.freedesktop.org/clipart_web/incoming*">  
    AllowOverride None  
  
    # Serve HTML as plaintext  
    AddType text/plain .html .htm .shtml  
       
    # Don't run arbitrary PHP code.  
    php_admin_flag engine off  
  
    # Disable other script types  
    <Files ~ "\.(php|php3|php4|phps|phtml|shtm|shtml|cgi|pl|pm|asp|cfm|js|jse| 
jsp|jar|py|exe|com|bat|dll|pif|scr|reg|inf|htaccess)$">  
        order allow,deny  
        deny from all  
    </Files>  
  
</Directory>  
  
While we check that uploaded files are .svg's during upload, this would give a  
stronger measure of security by preventing them from being executed.  
 
To test the change, this URL:  http://openclipart.org/incoming/contact.php 
should return the php as non-executed plain text, not as a web page. 
 
Thanks,  
Bryce
Comment 1 Daniel Stone 2005-11-21 14:29:46 UTC 
done, thanks

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.