Brett Parker wrote:
Can I make the simple assumption that in this case, by "script" you mean a chunk of php?
Yes, although in practise anything that's being run via an Apache Handler would qualify, for the following reason:
If it was a "real" script then ExecCGI would have needed to be turned on, and it'd have needed to be marked as executable... so I'm fairly confident that it won't have been that...
:-)
Anyways - what you want is...
<Directory /path/to/the/upload/directory> RemoveType .php .phtml .php3 .phps
</Directory>
Sorry, I should have been clearer: I'm looking for a way to do it automatically by virtue of the fact that the directory is writeable, otherwise it's relying on me (and other site admins who tend to worry more about "does it work" than "is it secure", as I've discovered to my cost!) to not screw things up.
Presumably, now I thing about it, it would be possible to do this via .htaccess files? At least that way a script could be written* that searched for writeable directories which did not contain .htaccess files and alerted me (or created them).
[*] The script sounds simple but I can't quite work out how to do it.
Mark Rogers