Get started with PHP-Fusion

Start a New Thread

Users Participated

  • Wanabo
    Post made: 2
  • Kvido
    Post made: 1
  • Chan
    Post made: 1
  • zizub
    Post made: 2
  • robo123
    Post made: 1

  1. PHP-Fusion Support Forums
  2. PHP-Fusion 7 Support
  3. Security Issues & Announcements

PHP-Fusion 9 and 7 Security Announcements regarding ImageMime Exploits.

All information related to security, patches, hacked sites, tips, goes here

6 Replies 532 Views Last Updated on 4 months ago

Chan


Super Admin

#1

Posted 4 months ago

I'm strongly advising all sites on Fusion 7 and 9 to immediately update on these values to your .htaccess file soonest possible.
Code Gist: Download source  


ForceType application/octet-stream
<FilesMatch "(?i).jpe?g$">
    ForceType image/jpeg
</FilesMatch>
<FilesMatch "(?i).gif$">
    ForceType image/gif
</FilesMatch>
<FilesMatch "(?i).png$">
    ForceType image/png
</FilesMatch>

Posts: 3397

Joined: 25/09/2007

zizub


Member

#2

Posted 4 months ago

Chan - Thanks for the advice.

Posts: 90

Joined: 02/05/2012

robo123


Junior Member

#3

Posted 4 months ago

Without this code
Code Gist: Download source  

ForceType application/octet-stream


Only this
Code Gist: Download source  


<FilesMatch "(?i).jpe?g$">
    ForceType image/jpeg
</FilesMatch>
<FilesMatch "(?i).gif$">
    ForceType image/gif
</FilesMatch>
<FilesMatch "(?i).png$">
    ForceType image/png
</FilesMatch>

Posts: 38

Joined: 10/11/2014

Wanabo


Senior Member

#4

Posted 4 months ago

With ForceType application/octet-stream in .htaccess it seems to block css. Site looks like no css is loaded.
Without ForceType application/octet-stream site is OK.

Does the rest of the htaccess work correctly without ForceType application/octet-stream in htaccess?
pHp-Fusion.Org, mods to enhance php-fusion.
pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.

Posts: 488

Joined: 06/02/2006

zizub


Member

#5

Posted 4 months ago

My htaccess with ForceType application / octet-stream and my site is OK. Css working.

Posts: 90

Joined: 02/05/2012

Wanabo


Senior Member

#6

Posted 4 months ago

Double check with browser cache emptied! Initially I didn't notice because css was cached, after flushing cache I noticed.

Posts: 488

Joined: 06/02/2006

Kvido


Senior Member

#7

Posted 4 months ago

Writing in my .htaccess works. OK.

Posts: 446

Joined: 01/08/2007

Jump to Forum:
8 users are online
0 member and 8 guests