A Brief Warning to KATE users

Depending on how many people use KATE (KDE Advanced Text Editor) this many not be a widespread problem however, it could be a potentially serious one. If you use this you’ll notice that it creates backup files every time you edit a file, these backup files are the same filename with a ~ appended to the end i.e bob.php = bob.php~

I’m sure you’re now wondering, “so what?” well I’ll tell you. Because the backup file’s file extension is not recognised as a php script by a web server, if you where to upload it by mistake take a look what happens:
http://blog.rupert-sharp.co.uk/wp-content/uploads2/kate-test.php
(original PHP file)
http://blog.rupert-sharp.co.uk/wp-content/uploads2/kate-test.php~
(secondary backup file made by KATE)
UPDATE: Second link doesn’t work anymore because I’ve added the .htaccess file to my site ;) the original text was:

<?php
//BLAH BLAH BLAH (this is your really important secret php backend)

echo(‘HELLO WORLD!!’);

?>

Boom! instant security risk, you’re entire source code is outputted as plain text for every man and his dog to see. To stop KATE creating these backup files, in KATE go to Settings > Configure Kate > Open/Save > Advanced and uncheck all the tick boxes. There ya go.

However if you wish KATE to continue creating backup files (for whatever reason) and want to ensure this security risk is removed then add an .htaccess file to your home directory with the following code.

AddType application/x-httpd-php .php~

This will treat all PHP files with the tilda (~) extension as normal php files. There ya have it, Rupert’s PHP security top tip.