Closed Bug 435578 Opened 17 years ago Closed 17 years ago

Open x-httpd-php results in full PHP source code disclosure

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jason, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 when viewing mime type x-httpd-php, it asks how to open the file, if you choose firefox it saves a copy of the file locally and shows you the complete source code to the PHP file. The url above gives an example. Reproducible: Always Steps to Reproduce: 1. Load the url sample in firefox 2. In popup, choose to load via firefox.exe 3. voila Actual Results: shows complete website source code Expected Results: execute file on server
an example is at this url - http://www.yagbu.net/
This is hardly any firefox-bug. The webserver is responsible for page generation, not the client.
The webserver is misconfigured
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.