diff options
author | Derick Rethans <derick@php.net> | 2002-03-04 20:24:24 +0000 |
---|---|---|
committer | Derick Rethans <derick@php.net> | 2002-03-04 20:24:24 +0000 |
commit | a8e5e3f03001de3b880edd650722deec3e3fa33b (patch) | |
tree | a7748e67b9cdda220bcabb888658690e522f4f7e | |
parent | c5f773baf1a285b73228d418efc31b1fe435efcc (diff) | |
download | php-git-a8e5e3f03001de3b880edd650722deec3e3fa33b.tar.gz |
- MFH for:
This is much better. With FORCE_CGI_REDIRECT turned on by default for compilation,
we can now define this in the ini file. So it can be turned on for apache, turned
off for IIS which does not have a redirect issue. Alternately, a different 'REDIRECT_STATUS'
environment var can be defined in case some web server out there needs it.
new ini vars
cgi.force_redirect 0|1
cgi.redirect_status_env ENV_VAR_NAME
-rw-r--r-- | sapi/cgi/cgi_main.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index d03dffa169..7d0ac2a5f5 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -378,6 +378,8 @@ int main(int argc, char *argv[]) char *script_file=NULL; zend_llist global_vars; int interactive=0; + int force_redirect = 1; + char *redirect_status_env = NULL; /* end of temporary locals */ #ifdef ZTS zend_compiler_globals *compiler_globals; @@ -459,20 +461,25 @@ int main(int argc, char *argv[]) #if FORCE_CGI_REDIRECT /* check force_cgi after startup, so we have proper output */ - if (cgi) { + if (cfg_get_long("cgi.force_redirect", &force_redirect) == FAILURE) { + force_redirect = 1; + } + if (cgi && force_redirect) { + if (cfg_get_string("cgi.redirect_status_env", &redirect_status_env) == FAILURE) { + redirect_status_env = NULL; + } /* Apache will generate REDIRECT_STATUS, * Netscape and redirect.so will generate HTTP_REDIRECT_STATUS. * redirect.so and installation instructions available from * http://www.koehntopp.de/php. * -- kk@netuse.de */ - if (!getenv("REDIRECT_STATUS") && !getenv ("HTTP_REDIRECT_STATUS") -#ifdef PHP_WIN32 - /* IIS doesn't set anything, look to see if php.exe is in the script_name */ - && (strstr(getenv("SERVER_SOFTWARE"),"Apache") || - strstr(getenv("SERVER_SOFTWARE"),"iPlanet")) -#endif - ) { + if (!getenv("REDIRECT_STATUS") + && !getenv ("HTTP_REDIRECT_STATUS") + /* this is to allow a different env var to be configured + in case some server does something different than above */ + && (!redirect_status_env || !getenv(redirect_status_env)) + ) { PUTS("<b>Security Alert!</b> PHP CGI cannot be accessed directly.\n\ \n\ <P>This PHP CGI binary was compiled with force-cgi-redirect enabled. This\n\ |