ID: 14909 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed Bug Type: Apache related Operating System: Windows PHP Version: 4.1.1 Assigned To: imajes New Comment:
we have a manual chapter for securing the cgi-bin installation. http://www.php.net/manual/en/security.cgi-bin.php Previous Comments: ------------------------------------------------------------------------ [2002-02-24 03:56:30] [EMAIL PROTECTED] For emmergency, a simple check at "auto_prepend_file" whould help: <?PHP if (preg_match("/^\/php\/php.exe/i",$_SERVER["REQUEST_URI"])) { print "No Hack"; exit; } ?> ------------------------------------------------------------------------ [2002-01-09 09:56:39] [EMAIL PROTECTED] I have windows xp + apache + php 4.1 installed and the /php/ alias is also definied in my httpd.conf and therefor I am also affected by this exploit. but how can I use php WITHOUT this alias in apache conf? I tried several things but it doesn't work. chris, 15 =) ------------------------------------------------------------------------ [2002-01-09 02:17:17] [EMAIL PROTECTED] so do we have to read the documentation again on how to install PHP?? have u added a fix? ------------------------------------------------------------------------ [2002-01-08 08:03:10] [EMAIL PROTECTED] the documentation is fixed, i committed this morning/last night. there is however a bug in the way apache handles the binary -- or the way php acts when called as a binary (you can get premature end of script headers). What i would like to do is leave this open, and noticeable for some of the apache guys to take a look at and comment on it. The docs are fixed.... we just need to wait to see if this is a thing to hand off to apache. ------------------------------------------------------------------------ [2002-01-08 07:16:40] [EMAIL PROTECTED] As said by others, this is NOT a bug, but a documentation problem. (btw: assigned to only needs your username) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/14909 -- Edit this bug report at http://bugs.php.net/?id=14909&edit=1
