.phtml .pht extensions passed to php interpreter

Larry W. Cashdollar

Notifed Debian: 4/15/2015
Resolved mods-available/php5.conf contains:

<FilesMatch ".+\.ph(p[345]?|t|tml)$">

SetHandler application/x-httpd-php

Summary: The .pht and .phtml file extensions are interpreted by the php processor for default installations of debain and ubuntu. These two extensions are commented out of /etc/mime.types and yet are valid for executing php code.
This also works under Ubuntu systems as well.

I'm using debian 7.0 with apache,php5 installed:

Linux lab01 3.2.0-4-686-pae #1 SMP Debian 3.2.65-1+deb7u2 i686 GNU/Linux

lab01:/home/larry# dpkg -l |grep apache

ii  apache2                                        2.2.22-13+deb7u4                   i386         Apache HTTP Server metapackage
ii  apache2-doc                                    2.2.22-13+deb7u4                   all          Apache HTTP Server documentation
ii  apache2-mpm-prefork                            2.2.22-13+deb7u4                   i386         Apache HTTP Server - traditional non-threaded model
ii  apache2-utils                                  2.2.22-13+deb7u4                   i386         utility programs for webservers
ii  apache2.2-bin                                  2.2.22-13+deb7u4                   i386         Apache HTTP Server common binary files
ii  apache2.2-common                               2.2.22-13+deb7u4                   i386         Apache HTTP Server common files
ii  libapache2-mod-perl2                           2.0.7-3                            i386         Integration of perl with the Apache2 web server
ii  libapache2-mod-php5                            5.4.39-0+deb7u2                    i386         server-side, HTML-embedded scripting language (Apache 2 module)
ii  libapache2-mod-python                          3.3.1-9+b3                         i386         Python-embedding module for Apache 2

I noticed in /etc/mime.types the handlers are commented out:

lab01:/home/larry> grep "#app" /etc/mime.types

#application/vnd.ms-pki.stl                                                     stl
#application/x-httpd-eruby                      rhtml
#application/x-httpd-php                        phtml pht php
#application/x-httpd-php-source                 phps
#application/x-httpd-php3                       php3
#application/x-httpd-php3-preprocessed          php3p
#application/x-httpd-php4                       php4
#application/x-httpd-php5                       php5
#chemical/x-daylight-smiles                     smi
#chemical/x-mif                                 mif

but these extensions are passed to the php handler and executed:

lab01:/var/www# cat 1.pht



lab01:/var/www# curl -v http://localhost/1.pht * About to connect() to localhost port 80 (#0) * Trying ::1...
* connected
* Connected to localhost (::1) port 80 (#0) GET /1.pht HTTP/1.1
User-Agent: curl/7.26.0
Host: localhost
Accept: */*

HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 200 OK < Date: Thu, 16 Apr 2015 17:38:17 GMT < Server: Apache/2.2.22 (Debian) < X-Powered-By: PHP/5.4.39-0+deb7u2 < Transfer-Encoding: chunked < Content-Type: text/html < <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head> <style type="text/css"> body {background-color: #ffffff; color: #000000;} body, td, th, h1, h2 {font-family: sans-serif;} pre {margin: 0px; font-family: monospace;} a:link {color: #000099; text-decoration: none; background-color: #ffffff;} a:hover {text-decoration: underline;} table {border-collapse: collapse;} .center {text-align: center;} .center table { margin-left: auto; margin-right: auto; text-align: left;} .center th { text-align: center !important; } td, th { border: 1px solid #000000; font-size: 75%; vertical-align: baseline;} h1 {font-size: 150%;} h2 {font-size: 125%;} .p {text-align: left;} .e {background-color: #ccccff; font-weight: bold; color: #000000;} .h {background-color: #9999cc; font-weight: bold; color: #000000;} .v {background-color: #cccccc; color: #000000;} .vr {background-color: #cccccc; text-align: right; color: #000000;} img {float: right; border: 0px;}
. . .


I wouldn't expect this to be the proper behavior, I would assume based on the extensions not being defined in /etc/mime.types you'd just get text/plain back. It seems to be on other Linux distributions I've tested like CentOS and Oracle Linux.

Apache is configured to use /etc/mime.types:

lab01:/etc/apache2# grep mime.types mods-available/mime.conf TypesConfig /etc/mime.types
# file mime.types for specific file types.