Apache delivers PHP source code for vim backup files

[Jens Winter <ic...@uni-paderborn.de>]

Hi,

I wonder which rules are used to decide if a file is processed by PHP. 
For example x.php, x.php.bak and x.php.x~ are all processed, but x.php~ 
is not (at least by default). This could be an issue if you use vim or 
similar editors to edit the config files of e.g. WordPress or MediaWiki 
(containing DB passwords) directly in the server directory (which you 
shouldn't do, but we all know that some people will do anyway...).

So if so many filename schemes result in processing the PHP code, why 
are these critical files delivered as source code (again talking about 
default behavior)?

Jens

Re: Apache delivers PHP source code for vim backup files

[Eric Covener <co...@gmail.com>]

On Tue, Jul 14, 2009 at 11:54 AM, Jens Winter<ic...@uni-paderborn.de> wrote:
> Hi,
>
> I wonder which rules are used to decide if a file is processed by PHP. For
> example x.php, x.php.bak and x.php.x~ are all processed, but x.php~ is not
> (at least by default). This could be an issue if you use vim or similar
> editors to edit the config files of e.g. WordPress or MediaWiki (containing
> DB passwords) directly in the server directory (which you shouldn't do, but
> we all know that some people will do anyway...).
>
> So if so many filename schemes result in processing the PHP code, why are
> these critical files delivered as source code (again talking about default
> behavior)?

Directives that accept "filename extensions" treat "foo.bar.baz" as
having two distinct extensions.

http://httpd.apache.org/docs/2.2/mod/mod_mime.html
http://httpd.apache.org/userslist.html

-- 
Eric Covener
covener@gmail.com