php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16039 File access is not limits by .htaccess for includes
Submitted: 2002-03-13 07:17 UTC Modified: 2002-03-13 07:28 UTC
From: mark at fregat dot net Assigned:
Status: Not a bug Package: Apache related
PHP Version: 4.1.2 OS: FreeBSD 4.3
Private report: No CVE-ID: None
 [2002-03-13 07:17 UTC] mark at fregat dot net
I have PHP installed as an Apache module. When I try to
<? include /aaa/bbb/ccc.xxx ?>, access to /aaa/bbb/ccc.xxx
is granted without prompting for the login/password despite
the directory /aaa/bbb/ is password-protected by .htaccess
To my mind, any attempts of Apache access to .htaccess'ed
files should be limited according to .htaccess

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-13 07:28 UTC] eru@php.net
This is not a bug. Please double-check the documentation available
at http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

When you include a file, it is not processed through the 
server, but it gets directly opened by PHP.
You might want to take a look at the safe-mode.

 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sat Jul 19 18:00:02 2025 UTC