Bastian Venthur wrote: > On 02.11.2006 20:16 schrieb sean finney: >> On Thu, 2006-11-02 at 19:20 +0100, Mike Hommey wrote: >>> Auto-indexes are enabled only in /var/www/apache2-default and >>> /usr/share/apache2/icons by default, so it is not likely to leak any >>> unexpected file list. >>> >>> So no, that doesn't grant an RC bug for these reasons. >>> >>> On the other hand, it breaks configurations that used to work... (sites >>> relying on this index.php setting will get 403 errors after upgrade from >>> 2.0) >> i imagine the apache maintainers will argue that it should be either (a) >> the webapp package or (b) the php apache module's repsonsibility >> to specify the additional DirectoryIndex. >> >> iirc DirectoryIndex does/can append to the list of index files, right? >> if so i'd have no problem slipping this into the php/apache module >> configuration files if that's the agreed course of action. but whether >> or not this makes it to etch is an open question. > > Is it possible that adding an updated DirectoryIndex does not fix the > whole bug? Although it fixes the problem that index.php files are not > recognized when entering a certain directory, I noticed that accessing a > php file directly like > > http://somedomain.tld/index.php > > The file does not get executed as expected, but the browser wants to > download it (which might be a security issue).
Damn. The problem was my browser, still caching the old page. Clearing the browserchache solved this problem. Sorry :/ But the DirectoryIndex problem should be fixed nevertheless. Cheers, Bastian -- Bastian Venthur http://venthur.de Debian Developer venthur at debian org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
