1

I am looking for a way to let the apache server know that my .txt contains php executable code and that it should be executed. I want that to trick browsers and users into thinking that the file is a .txt while in fact it is a php file.

example:

http://example.com/test.txt

test.txt

<?php echo "Hello World"; ?>
Improve this question
2

2 Answers 2

Reset to default
5

To run this on a specific file only, the following AddType would work:

<Files test.txt> 
    AddType application/x-httpd-php .txt
</Files>

For a file without an extension:

<Files test> 
    ForceType application/x-httpd-php
</Files>

If this gives you issues, you may need to use application/x-httpd-php5 (notice the "5") depending on your environment setup.

Simply place in your server/virtual host config, or within a .htaccess file.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

what if it would be of no extension?
@user2789433 In that situation (but why?) you'll need to ForceType the file. I've updated my answer.
Is forcetype unsafe or problematic?
@user2789433 No, it's fine. The only security issue would be if you change the relevant apache config, .htaccess is deleted, then the file will be served to the user as a plain-text file. Thus exposing your PHP code. But this is no different to the risk you'd face if apache was to stop serving php altogether (client will download the raw PHP files).
2

If you want to run other file extensions as PHP, Edit your .htaccess to specify the file type. For example, to run .txt as PHP:

AddType application/x-httpd-php .txt
Improve this answer

2 Comments

how about for a specific test.txt?
@user2789433 See my reply, my solution will work for a specific file only.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.