Hai guys, I have a small and un-caughtable exception in one of my websites. The problem is, I put the .htaccess code inside a directory similar to, ../dload/temp/ Inside this directory I put the .htaccess code look like this, #All files considered as PHP ForceType application/x-httpd-php Also created one file (example.jpg) inside I coded like this, <?php header("Content-Type: image/jpg"); $downfile="location1/page2/somefile.jpg"; readfile($downfile); PHP: -> I expected all the file extensions are considered as PHP(Its a tweaking trick found on some websites) Its woking on my Windows system (localhost). -> But I never expect its not really working on Remote server(hosting space), Note: They already given AllowOverRide options to all the subdirectories from ROOT(/) itself. -> I need some help about this problem. Is there any Apache Experts ?
you'' find out yourself where and how for the meantime be happy it does NOT work why? keep in mind that this php enforced for ALL file types will open FULL doors to hackers any file EVER now or in far future uploaded may contain malicious php code - even inside another wise clean looking image, gif or avatar ... ALL filetypes as php is straight guaranteed suicide ! sooner or later when you expect it least. anyone giving you by email an image and YOU upload that image or graphic or anything - MAY contain php to cause damage to your server/site there is plenty of space in files to hide php code. possibly even exif data in jpg.