[Issue 11365] Allow D source file names to have no extension
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Sat Oct 26 15:06:10 PDT 2013
http://d.puremagic.com/issues/show_bug.cgi?id=11365
--- Comment #2 from Vladimir Panteleev <thecybershadow at gmail.com> 2013-10-27 01:06:08 EEST ---
One thing I forgot to mention regarding name auto-correction. Perhaps, the most
famous security problem caused by such a mis-feature, is the "MultiViews"
feature in the Apache web server. When enabled, a request for foo.php could
execute foo.php.txt if foo.php was not found. This allowed bypassing upload
script validation checks. Search the web for "MultiViews vulnerability" for
more details.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
More information about the Digitalmars-d-bugs
mailing list