Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.
Forgot Password?
Navigation
  1. Home
  2. Discussion Forum
  3. The Chill Out Zone
  4. Announcements & Security Issues
  5. PHPFusion 9 and 7 Security Announcements regarding ImageMime Exploits.

PHPFusion 9 and 7 Security Announcements regarding ImageMime Exploits.

Last updated on 8 years ago
Track threadPrint
C
ChanSuper Admin
Posted 8 years ago
#1
I'm strongly advising all sites on Fusion 7 and 9 to immediately update on these values to your .htaccess file soonest possible.
Code Download source


ForceType application/octet-stream

<FilesMatch "(?i).jpe?g$">

    ForceType image/jpeg

</FilesMatch>

<FilesMatch "(?i).gif$">

    ForceType image/gif

</FilesMatch>

<FilesMatch "(?i).png$">

    ForceType image/png

</FilesMatch>
Z
zizubMember
Posted 8 years ago
#2
Chan - Thanks for the advice.
R
Anonymous UserVeteran Member
Posted 8 years ago
#3
Without this code
Code Download source
ForceType application/octet-stream


Only this
Code Download source


<FilesMatch "(?i).jpe?g$">

    ForceType image/jpeg

</FilesMatch>

<FilesMatch "(?i).gif$">

    ForceType image/gif

</FilesMatch>

<FilesMatch "(?i).png$">

    ForceType image/png

</FilesMatch>
W
WanaboSenior Member
Posted 8 years ago
#4
With ForceType application/octet-stream in .htaccess it seems to block css. Site looks like no css is loaded.
Without ForceType application/octet-stream site is OK.

Does the rest of the htaccess work correctly without ForceType application/octet-stream in htaccess?
www.probemyip.com/probe-my-ip-80x15.png
 pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.
Z
zizubMember
Posted 8 years ago
#5
My htaccess with ForceType application / octet-stream and my site is OK. Css working.
W
WanaboSenior Member
Posted 8 years ago
#6
Double check with browser cache emptied! Initially I didn't notice because css was cached, after flushing cache I noticed.
K
KvidoSenior Member
Posted 8 years ago
#7
Writing in my .htaccess works. OK.
H
HarlekinMember
Posted 8 years ago
#8
1. .htaccess do not work on Windows Server, what can i do
2 . i found no .htaccess in PHP Fusion 7.02.07
R
Anonymous UserVeteran Member
Posted 8 years ago
#9
.htaccess does not work on Windows Server because is only for servers based on Apache. You must convert .htaccess to Web.config.
You can view all discussion threads in this forum.
You cannot start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
Moderator: Support Team
Users who participated in discussion: Wanabo, Kvido, Chan, Harlekin, zizub, RobiNN