半亩塘闲话

来源: BlogBus 原始链接: http://www.blogbus.com:80/blogbus/blog/diary.php?diaryid=51029 存档链接: https://web.archive.org/web/20040601061741id_/http://www.blogbus.com:80/blogbus/blog/diary.php?diaryid=51029

半亩方塘一鉴开 天光云影共徘徊 问渠哪得清如许 为有源头活水来 <<<中国数字图书馆标准规范建设小组的rss | 主页 | 沉默>>> MediaWiki stable release 2003-11-17 Release notes: http://sourceforge.net/project/shownotes.php?release_id=198060 Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-20031117.tar.gz? download 唉...始终无法安装在我的操作系统上（winxp） Previous versions of MediaWiki contained a flaw that could be exploited in some configurations to execute arbitrary PHP code on the server if the *.php files are located in a web-accessible directory and are runnable through the PHP interpreter. This likely includes most installations. If you can't upgrade immediately, you should be able to easily substantially reduce the risk by doing one or more of the following:

• Leave just LocalSettings.php and the *.phtml files exposed to the web, moving the other *.php files into a directory that's not exposed to the web; set $IP to point to this directory in LocalSettings.php. -or-
• Remove the "$IP/" or "{$IP}/" from all include() and include_once() statements, keeping the *.php and *.phtml files in one place.
• Explicitly disallow access to all the *.php files in the web server.
• Configure the server to run only *.phtml files through PHP, and not *.php. (If you do this, be sure your database passwords are not exposed through LocalSettings.php!) shizhao 发表于 2003-11-17 15:06 引用(Trackback0) Comments 如果最近没有什么变化，它应该是在Linux上运行的，在 http://sourceforge.net/projects/wikipedia/ 有说明： Operating System: Linux xyb ( http://xyblog.blogone.net ) 发表于 2003-12-01 09:29 发表评论 最近更新 wikipedia升级，提供rss和atom blog与wiki 维基百科网络杂志 gmail使用的一点心得 大家�����S基百科全�� 注意：关于Gmail 维基百科获得电子艺术大奖 中国军事实力 我有Gmail了！ 求助：public domain 北京天气 Referrer About Me and Site