阻止PHP解析非PHP文件,例如someFile.php.txt

我刚刚安装了phpdocumentor,但收到了奇怪的错误.我终于找到了问题所在.

Phpdocumentor创建了各种文件,例如someFile.php.txt,它包含PHP代码,但不打算进行解析.事实证明,我的服务器正在解析它们.我还测试了一个名为someFile.txt的文件名,但它没有被解析.

如何防止PHP服务器解析someFile.php.txt等文件？

我的服务器是PHP版本5.4.20,Apache 2.2.15和CentOS 6.4.我的/etc/httpd/conf.d/php.conf文件如下:

#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#

  LoadModule php5_module modules/libphp5.so


  LoadModule php5_module modules/libphp5-zts.so


#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php5-script .php
AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps

Machavity.. 8

事实证明,CentOS Apache的默认设置实际上允许这个,它是一个已知的漏洞.要修复它,您需要编辑Apache配置设置.您的PHP设置通常是/etc/httpd/conf.d/php.conf.默认看起来像这样

AddHandler php5-script .php
AddType text/html .php

我们需要改变它

#AddHandler php5-script .php

    SetHandler application/x-httpd-php

AddType text/html .php

重新启动Apache,这应该是解析任何带扩展名的文件的结束 .php

现在,这$非常重要,因为这是regex在"字符串结束" regex的$意思中使用.这意味着文件必须由END 解析.php(即没有.php.txt)由PHP解析.