PHP :: Bug #16039 :: File access is not limits by .htaccess for includes

Bug #16039	File access is not limits by .htaccess for includes
Submitted:	2002-03-13 07:17 UTC	Modified:	2002-03-13 07:28 UTC
From:	mark at fregat dot net	Assigned:
Status:	Not a bug	Package:	Apache related
PHP Version:	4.1.2	OS:	FreeBSD 4.3
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 37 + 46 = ?
Subscribe to this entry?

[2002-03-13 07:17 UTC] mark at fregat dot net

I have PHP installed as an Apache module. When I try to
<? include /aaa/bbb/ccc.xxx ?>, access to /aaa/bbb/ccc.xxx
is granted without prompting for the login/password despite
the directory /aaa/bbb/ is password-protected by .htaccess
To my mind, any attempts of Apache access to .htaccess'ed
files should be limited according to .htaccess

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-13 07:28 UTC] eru@php.net

This is not a bug. Please double-check the documentation available
at http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

When you include a file, it is not processed through the 
server, but it gets directly opened by PHP.
You might want to take a look at the safe-mode.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Jun 02 08:01:31 2024 UTC