I just installed phpdocumentor, but received strange errors. I finally tracked down the problem.
Phpdocumentor creates various files such as someFile.php.txt which contains PHP code, but aren't meant to be parsed. Turns out, my server is parsing them. I've also tested a file name called someFile.txt, and it isn't being parsed.
How do I prevent my PHP server from parsing files such as someFile.php.txt?
My server is PHP Version 5.4.20, Apache 2.2.15, and CentOS 6.4. My /etc/httpd/conf.d/php.conf file is as follows:
#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
<IfModule worker.c>
LoadModule php5_module modules/libphp5-zts.so
</IfModule>
#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php5-script .php
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php
#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps
It turns out that the default settings of CentOS Apache actually allow this and it is a known vulnerability. In order to fix it, you will need to edit your Apache config settings. Your PHP settings are typically in /etc/httpd/conf.d/php.conf. The default looks like this
AddHandler php5-script .php
AddType text/html .php
We need to change it to
#AddHandler php5-script .php
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
AddType text/html .php
Restart Apache and that should be the end of parsing any file with an extension after .php
Now, that $ is very important because this is using regex and within regex a $ means "end of string". So that means the file has to END with .php (i.e. no .php.txt) to be parsed by PHP.
I'm having the same problem on CentOS 6.5, and I needed to fix this in a virtual environment where I don't have access to php.conf.
I used the following in a .htaccess file.
# Match anything that ends with .php.txt
<FilesMatch \.php\.txt$>
RemoveHandler .php
ForceType text/plain
</FilesMatch>
I don't allow uploads by users, so I'm not worried about any security implications. I just wanted to get the .php.txt extension working. This did the trick.
Related
I need to run all of my .html files as .php files and I don't have time to change all of the links before our presentation tomorrow. Is there any way to "hack" this with my Apache server?
Create a .htaccess file at the root of your website and add this line:
[Apache2 # Ubuntu/Debian: use this directive]
AddType application/x-httpd-php .html .htm
Or, from comment below:
AddType application/x-httpd-php5 .html .htm
If your are running PHP as CGI (probably not the case), you should write instead:
AddHandler application/x-httpd-php .html .htm
In My Godaddy Server the following code worked
Options +ExecCGI
AddType application/x-httpd-php .php .html
AddHandler x-httpd-php5 .php .html
This is in edition to all other right answers:
If you are not able to find the correct Handler, Simply create a .php file with the following contents:
<?php echo $_SERVER['REDIRECT_HANDLER']; ?>
and run/open this file in browser.
Use this output in .htaccess file
Create a .htaccess file at the root of your website(usually a folder named public_html or htdocs on linux servers) and add this line:
AddType [[THE OUTPUT FROM ABOVE FILE]] .html .htm
Example
AddType application/x-httpd-php70 .html .htm
Important Note:
If you see blank page or Notice: Undefined index: REDIRECT_HANDLER
Try default in .htaccess
AddHandler application/x-httpd-php .html
You may also use the H or T flag of mod_rewrite to force all .html files to be parsed by php handler :
using H (Handler) flag:
RewriteEngine on
RewriteRule \.(html|htm)$ - [H=application/x-httpd-php5]
using T (Type) flag :
RewriteEngine on
RewriteRule \.(html|htm)$ - [T=application/x-httpd-php5]
Or you can add more extensions to the rule pattern seprated by a pipe | that you want to be parsed by php handler
ex :
RewriteRule \.(html|htm|txt|foo)$ - [T=application/x-httpd-php5]
the example above will change the mime type of files that end with .html , .htm , .txt , .foo to php.
Note : on some servers you will have to change php5 to php to get this example to work in handler string:
Change it
[T=application/x-httpd-php5]
to
[T=application/x-httpd-php]
You need to add the following line into your Apache config file:
AddType application/x-httpd-php .htm .html
You also need two other things:
Allow Overridding
In your_site.conf file (e.g. under /etc/apache2/mods-available in my case), add the following lines:
<Directory "<path_to_your_html_dir(in my case: /var/www/html)>">
AllowOverride All
</Directory>
Enable Rewrite Mod
Run this command on your machine:
sudo a2enmod rewrite
After any of those steps, you should restart apache:
sudo service apache2 restart
For anyone out there still having trouble,
try this (my hosting was from Godaddy and this is the only thing that worked for me among all the answers out there.
AddHandler x-httpd-php5-cgi .html
I think this is the best way to run php script on html and htm pages:
AddType application/x-httpd-php5 .html .htm
Normally you should add:
Options +ExecCGI
AddType application/x-httpd-php .php .html
AddHandler x-httpd-php5 .php .html
However for GoDaddy shared hosting (php-cgi), you need to add also these lines:
AddHandler fcgid-script .html
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .html
Source: Parse HTML As PHP Using HTACCESS File On Godaddy.
Running .html files as php stopped working all of a sudden in my .htaccess file.
Godaddy support had me change it to:
AddHandler application/x-httpd-lsphp .html
here put this in your .htaccess
AddType application/x-httpd-php .php .htm .html
more info on this page
Using #Marc-François approach Firefox prompted me to download the html file
Finally the following is working for me (using both):
AddType application/x-httpd-php .htm .html
AddHandler x-httpd-php .htm .html
AddHandler application/x-httpd-php .php .html .htm
// or
AddType application/x-httpd-php .php .htm .html
I'm using PHP7.1 running in my Raspberry Pi 3.
In the file /etc/apache2/mods-enabled/php7.1.conf I added at the end:
AddType application/x-httpd-php .html .htm .png .jpg .gif
On Dreamhost Servers you can refer to this page that at time of writing indicates you may use the following for php 7.2 with FastCGI:
AddHandler fcgid-script .html
FcgidWrapper "/dh/cgi-system/php72.cgi" .html
Or if you are using php5 cgi (not FastCGI):
AddHandler php5-cgi .html
None of the answers posted here worked for me.
In my case the problem was, by the one hand, that the .conf file (/etc/apache2/sites-available/default-ssl.conf or /etc/apache2/sites-available/000-default.conf) did not contain the directive AllowOverride All for the site directory, which caused the .htaccess to not been processed. To solve this, add:
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
On the other hand, the problem was that the .htaccess was created by the root user, and therefore the apache user could not read it. So, changing the file owner solved definitely the problem:
chown www-data:www-data .htaccess
First, read this: https://httpd.apache.org/docs/current/howto/htaccess.html#when
Then read my post here: https://stackoverflow.com/a/59868481/10664600
sudo vim /etc/httpd/conf/httpd.conf
Sometimes it doesn't work, if you just add the .htaccess file to the directory. In my case, I also changed an entry in the apache2 configuration.
sudo nano /etc/apache2/apache2.conf
...
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Modification:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
After that you only must restart the apache2-service:
sudo systemctl restart apache2
This worked for me.
This would help anyone,
RewriteEngine on
RewriteRule ^(.+)\.html$ $1.php [L]
Digitalocean
Thanks #FlamberHansen.
If you're on Plesk running PHP as an FPM application served by Apache this article worked for me:
Go to Domains > example.com > PHP Settings and add the following lines into the field Additional configuration directives:
[php-fpm-pool-settings]
security.limit_extensions = .php .phar .html .inc
.htaccess
<Files ~ .(?i:inc|html|htm)$>
SetHandler proxy:unix:///var/www/vhosts/system/EXAMPLE.com/php-fpm.sock|fcgi://127.0.0.1:9000
</Files>
I need to run all of my .html files as .php files and I don't have time to change all of the links before our presentation tomorrow. Is there any way to "hack" this with my Apache server?
Create a .htaccess file at the root of your website and add this line:
[Apache2 # Ubuntu/Debian: use this directive]
AddType application/x-httpd-php .html .htm
Or, from comment below:
AddType application/x-httpd-php5 .html .htm
If your are running PHP as CGI (probably not the case), you should write instead:
AddHandler application/x-httpd-php .html .htm
In My Godaddy Server the following code worked
Options +ExecCGI
AddType application/x-httpd-php .php .html
AddHandler x-httpd-php5 .php .html
This is in edition to all other right answers:
If you are not able to find the correct Handler, Simply create a .php file with the following contents:
<?php echo $_SERVER['REDIRECT_HANDLER']; ?>
and run/open this file in browser.
Use this output in .htaccess file
Create a .htaccess file at the root of your website(usually a folder named public_html or htdocs on linux servers) and add this line:
AddType [[THE OUTPUT FROM ABOVE FILE]] .html .htm
Example
AddType application/x-httpd-php70 .html .htm
Important Note:
If you see blank page or Notice: Undefined index: REDIRECT_HANDLER
Try default in .htaccess
AddHandler application/x-httpd-php .html
You may also use the H or T flag of mod_rewrite to force all .html files to be parsed by php handler :
using H (Handler) flag:
RewriteEngine on
RewriteRule \.(html|htm)$ - [H=application/x-httpd-php5]
using T (Type) flag :
RewriteEngine on
RewriteRule \.(html|htm)$ - [T=application/x-httpd-php5]
Or you can add more extensions to the rule pattern seprated by a pipe | that you want to be parsed by php handler
ex :
RewriteRule \.(html|htm|txt|foo)$ - [T=application/x-httpd-php5]
the example above will change the mime type of files that end with .html , .htm , .txt , .foo to php.
Note : on some servers you will have to change php5 to php to get this example to work in handler string:
Change it
[T=application/x-httpd-php5]
to
[T=application/x-httpd-php]
You need to add the following line into your Apache config file:
AddType application/x-httpd-php .htm .html
You also need two other things:
Allow Overridding
In your_site.conf file (e.g. under /etc/apache2/mods-available in my case), add the following lines:
<Directory "<path_to_your_html_dir(in my case: /var/www/html)>">
AllowOverride All
</Directory>
Enable Rewrite Mod
Run this command on your machine:
sudo a2enmod rewrite
After any of those steps, you should restart apache:
sudo service apache2 restart
For anyone out there still having trouble,
try this (my hosting was from Godaddy and this is the only thing that worked for me among all the answers out there.
AddHandler x-httpd-php5-cgi .html
I think this is the best way to run php script on html and htm pages:
AddType application/x-httpd-php5 .html .htm
Normally you should add:
Options +ExecCGI
AddType application/x-httpd-php .php .html
AddHandler x-httpd-php5 .php .html
However for GoDaddy shared hosting (php-cgi), you need to add also these lines:
AddHandler fcgid-script .html
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .html
Source: Parse HTML As PHP Using HTACCESS File On Godaddy.
Running .html files as php stopped working all of a sudden in my .htaccess file.
Godaddy support had me change it to:
AddHandler application/x-httpd-lsphp .html
here put this in your .htaccess
AddType application/x-httpd-php .php .htm .html
more info on this page
Using #Marc-François approach Firefox prompted me to download the html file
Finally the following is working for me (using both):
AddType application/x-httpd-php .htm .html
AddHandler x-httpd-php .htm .html
AddHandler application/x-httpd-php .php .html .htm
// or
AddType application/x-httpd-php .php .htm .html
I'm using PHP7.1 running in my Raspberry Pi 3.
In the file /etc/apache2/mods-enabled/php7.1.conf I added at the end:
AddType application/x-httpd-php .html .htm .png .jpg .gif
On Dreamhost Servers you can refer to this page that at time of writing indicates you may use the following for php 7.2 with FastCGI:
AddHandler fcgid-script .html
FcgidWrapper "/dh/cgi-system/php72.cgi" .html
Or if you are using php5 cgi (not FastCGI):
AddHandler php5-cgi .html
None of the answers posted here worked for me.
In my case the problem was, by the one hand, that the .conf file (/etc/apache2/sites-available/default-ssl.conf or /etc/apache2/sites-available/000-default.conf) did not contain the directive AllowOverride All for the site directory, which caused the .htaccess to not been processed. To solve this, add:
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
On the other hand, the problem was that the .htaccess was created by the root user, and therefore the apache user could not read it. So, changing the file owner solved definitely the problem:
chown www-data:www-data .htaccess
First, read this: https://httpd.apache.org/docs/current/howto/htaccess.html#when
Then read my post here: https://stackoverflow.com/a/59868481/10664600
sudo vim /etc/httpd/conf/httpd.conf
Sometimes it doesn't work, if you just add the .htaccess file to the directory. In my case, I also changed an entry in the apache2 configuration.
sudo nano /etc/apache2/apache2.conf
...
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Modification:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
After that you only must restart the apache2-service:
sudo systemctl restart apache2
This worked for me.
This would help anyone,
RewriteEngine on
RewriteRule ^(.+)\.html$ $1.php [L]
Digitalocean
Thanks #FlamberHansen.
If you're on Plesk running PHP as an FPM application served by Apache this article worked for me:
Go to Domains > example.com > PHP Settings and add the following lines into the field Additional configuration directives:
[php-fpm-pool-settings]
security.limit_extensions = .php .phar .html .inc
.htaccess
<Files ~ .(?i:inc|html|htm)$>
SetHandler proxy:unix:///var/www/vhosts/system/EXAMPLE.com/php-fpm.sock|fcgi://127.0.0.1:9000
</Files>
I've set up a local server with Vagrant via Cyberduck on my Mac. There seems to be no problem with running a file in general (I guess?) except for php file for some reason. It simply shows what I typed in, which is
<?php
echo "hello from Vagrant";
instead of saying hello from Vagrant
I also did sudo vi /etc/httpd/conf.d/php.conf and see what seems to be the problem that's causing this.
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
<IfModule !prefork.c>
LoadModule php5_module modules/libphp5-zts.so
</IfModule>
#
# The following lines prevent .user.ini files from being viewed by Web clients.
#
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
Satisfy All
</IfModule>
</Files>
#
# Allow php to handle Multiviews
#
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php
# mod_php options
<IfModule mod_php5.c>
#
# Cause the PHP interpreter to handle files with a .php extension.
#
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
#
# Uncomment the following lines to allow PHP to pretty-print .phps
# files as PHP source code:
#
#<FilesMatch \.php$>
# SetHandler application/x-httpd-php-source
#</FilesMatch>
Also here's some quick info about my software version that I've used so far.
PHP 5.6.15
Apache 2.2.15
CentOS 6.7
Cyberduck 4.7.3
Anyone knows any solution to this? Thank you in advance!
I need to run all of my .html files as .php files and I don't have time to change all of the links before our presentation tomorrow. Is there any way to "hack" this with my Apache server?
Create a .htaccess file at the root of your website and add this line:
[Apache2 # Ubuntu/Debian: use this directive]
AddType application/x-httpd-php .html .htm
Or, from comment below:
AddType application/x-httpd-php5 .html .htm
If your are running PHP as CGI (probably not the case), you should write instead:
AddHandler application/x-httpd-php .html .htm
In My Godaddy Server the following code worked
Options +ExecCGI
AddType application/x-httpd-php .php .html
AddHandler x-httpd-php5 .php .html
This is in edition to all other right answers:
If you are not able to find the correct Handler, Simply create a .php file with the following contents:
<?php echo $_SERVER['REDIRECT_HANDLER']; ?>
and run/open this file in browser.
Use this output in .htaccess file
Create a .htaccess file at the root of your website(usually a folder named public_html or htdocs on linux servers) and add this line:
AddType [[THE OUTPUT FROM ABOVE FILE]] .html .htm
Example
AddType application/x-httpd-php70 .html .htm
Important Note:
If you see blank page or Notice: Undefined index: REDIRECT_HANDLER
Try default in .htaccess
AddHandler application/x-httpd-php .html
You may also use the H or T flag of mod_rewrite to force all .html files to be parsed by php handler :
using H (Handler) flag:
RewriteEngine on
RewriteRule \.(html|htm)$ - [H=application/x-httpd-php5]
using T (Type) flag :
RewriteEngine on
RewriteRule \.(html|htm)$ - [T=application/x-httpd-php5]
Or you can add more extensions to the rule pattern seprated by a pipe | that you want to be parsed by php handler
ex :
RewriteRule \.(html|htm|txt|foo)$ - [T=application/x-httpd-php5]
the example above will change the mime type of files that end with .html , .htm , .txt , .foo to php.
Note : on some servers you will have to change php5 to php to get this example to work in handler string:
Change it
[T=application/x-httpd-php5]
to
[T=application/x-httpd-php]
You need to add the following line into your Apache config file:
AddType application/x-httpd-php .htm .html
You also need two other things:
Allow Overridding
In your_site.conf file (e.g. under /etc/apache2/mods-available in my case), add the following lines:
<Directory "<path_to_your_html_dir(in my case: /var/www/html)>">
AllowOverride All
</Directory>
Enable Rewrite Mod
Run this command on your machine:
sudo a2enmod rewrite
After any of those steps, you should restart apache:
sudo service apache2 restart
For anyone out there still having trouble,
try this (my hosting was from Godaddy and this is the only thing that worked for me among all the answers out there.
AddHandler x-httpd-php5-cgi .html
I think this is the best way to run php script on html and htm pages:
AddType application/x-httpd-php5 .html .htm
Normally you should add:
Options +ExecCGI
AddType application/x-httpd-php .php .html
AddHandler x-httpd-php5 .php .html
However for GoDaddy shared hosting (php-cgi), you need to add also these lines:
AddHandler fcgid-script .html
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .html
Source: Parse HTML As PHP Using HTACCESS File On Godaddy.
Running .html files as php stopped working all of a sudden in my .htaccess file.
Godaddy support had me change it to:
AddHandler application/x-httpd-lsphp .html
here put this in your .htaccess
AddType application/x-httpd-php .php .htm .html
more info on this page
Using #Marc-François approach Firefox prompted me to download the html file
Finally the following is working for me (using both):
AddType application/x-httpd-php .htm .html
AddHandler x-httpd-php .htm .html
AddHandler application/x-httpd-php .php .html .htm
// or
AddType application/x-httpd-php .php .htm .html
I'm using PHP7.1 running in my Raspberry Pi 3.
In the file /etc/apache2/mods-enabled/php7.1.conf I added at the end:
AddType application/x-httpd-php .html .htm .png .jpg .gif
On Dreamhost Servers you can refer to this page that at time of writing indicates you may use the following for php 7.2 with FastCGI:
AddHandler fcgid-script .html
FcgidWrapper "/dh/cgi-system/php72.cgi" .html
Or if you are using php5 cgi (not FastCGI):
AddHandler php5-cgi .html
None of the answers posted here worked for me.
In my case the problem was, by the one hand, that the .conf file (/etc/apache2/sites-available/default-ssl.conf or /etc/apache2/sites-available/000-default.conf) did not contain the directive AllowOverride All for the site directory, which caused the .htaccess to not been processed. To solve this, add:
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
On the other hand, the problem was that the .htaccess was created by the root user, and therefore the apache user could not read it. So, changing the file owner solved definitely the problem:
chown www-data:www-data .htaccess
First, read this: https://httpd.apache.org/docs/current/howto/htaccess.html#when
Then read my post here: https://stackoverflow.com/a/59868481/10664600
sudo vim /etc/httpd/conf/httpd.conf
Sometimes it doesn't work, if you just add the .htaccess file to the directory. In my case, I also changed an entry in the apache2 configuration.
sudo nano /etc/apache2/apache2.conf
...
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Modification:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
After that you only must restart the apache2-service:
sudo systemctl restart apache2
This worked for me.
This would help anyone,
RewriteEngine on
RewriteRule ^(.+)\.html$ $1.php [L]
Digitalocean
Thanks #FlamberHansen.
If you're on Plesk running PHP as an FPM application served by Apache this article worked for me:
Go to Domains > example.com > PHP Settings and add the following lines into the field Additional configuration directives:
[php-fpm-pool-settings]
security.limit_extensions = .php .phar .html .inc
.htaccess
<Files ~ .(?i:inc|html|htm)$>
SetHandler proxy:unix:///var/www/vhosts/system/EXAMPLE.com/php-fpm.sock|fcgi://127.0.0.1:9000
</Files>
I just installed phpdocumentor, but received strange errors. I finally tracked down the problem.
Phpdocumentor creates various files such as someFile.php.txt which contains PHP code, but aren't meant to be parsed. Turns out, my server is parsing them. I've also tested a file name called someFile.txt, and it isn't being parsed.
How do I prevent my PHP server from parsing files such as someFile.php.txt?
My server is PHP Version 5.4.20, Apache 2.2.15, and CentOS 6.4. My /etc/httpd/conf.d/php.conf file is as follows:
#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
<IfModule worker.c>
LoadModule php5_module modules/libphp5-zts.so
</IfModule>
#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php5-script .php
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php
#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps
It turns out that the default settings of CentOS Apache actually allow this and it is a known vulnerability. In order to fix it, you will need to edit your Apache config settings. Your PHP settings are typically in /etc/httpd/conf.d/php.conf. The default looks like this
AddHandler php5-script .php
AddType text/html .php
We need to change it to
#AddHandler php5-script .php
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
AddType text/html .php
Restart Apache and that should be the end of parsing any file with an extension after .php
Now, that $ is very important because this is using regex and within regex a $ means "end of string". So that means the file has to END with .php (i.e. no .php.txt) to be parsed by PHP.
I'm having the same problem on CentOS 6.5, and I needed to fix this in a virtual environment where I don't have access to php.conf.
I used the following in a .htaccess file.
# Match anything that ends with .php.txt
<FilesMatch \.php\.txt$>
RemoveHandler .php
ForceType text/plain
</FilesMatch>
I don't allow uploads by users, so I'm not worried about any security implications. I just wanted to get the .php.txt extension working. This did the trick.