RedEnchilada (notice the lack of a space) (redenchilada)'s status on Sunday, 28-Jul-13 01:53:40 UTC

RedEnchilada (notice the lack of a space) Dale Cooper

@dalecooper The method I used was editing php.ini and setting cgi.fix_pathinfo=0; it means it'll error out if the exact requested file isn't found. Otherwise they could do /uploaded_file.txt/blah.php and execute PHP code included in the text file. Just check http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP real quick.

Sunday, 28-Jul-13 01:53:40 UTC from web in context

Rainbow Dash Network is a microblogging service brought to you by Cerulean Spark. It runs the StatusNet microblogging software, version 1.0.1, available under the GNU Affero General Public License.

Content and data of Rainbow Dash Network are private and confidential.