ID: 22127 Updated by: [EMAIL PROTECTED] Reported By: zlo at canada dot com -Status: Open +Status: Verified Bug Type: CGI related -Operating System: windows, linux +Operating System: * -PHP Version: php4-STABLE-200303302030 +PHP Version: 4.3.3RC4-dev, 5.0.0b2-dev New Comment:
Still a problem with both PHP4/PHP5. Previous Comments: ------------------------------------------------------------------------ [2003-03-30 15:45:43] zlo at canada dot com using the latest build: # HEAD http://mysite/cgi-bin/php/pi.php 500 Bad response code: 'HTTP/1.1 0' ------------------------------------------------------------------------ [2003-03-30 06:44:32] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2003-02-08 14:46:41] zlo at canada dot com When php is used in cgi mode with force-cgi-redirect enabled, and the safety mechanism is triggered, PHP produces a bogus http response line: HTTP/1.1 0 this is invalid and browsers fail to display the output. it happens for PHP 4.3.0 and a fresh PHP 4.3.1-dev snapshot under both Windows and Linux. AFAIK 0 is not a valid response code, and unless one uses a non-compliant browser or accesses the page through a raw telnet session, the warning page cannot be seen. it would be desirable for PHP to produce a meaningful response code, such as 200, 403 or 500. for example: GET /cgi-bin/php/pi.php HTTP/1.1 HOST: mysite HTTP/1.1 0 Date: Sat, 08 Feb 2003 20:32:46 GMT Server: Apache/1.3.27 (Unix) PHP/4.3.0 Transfer-Encoding: chunked Content-Type: text/html; charset=windows-1251 283 <b>Security Alert!</b> The PHP CGI cannot be accessed directly. <p>This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.</p> <p>For more information as to <i>why</i> this behaviour exists, see the <a href="http://php.net/security.cgi-bin";>manual page for CGI security</a>.</p> <p>For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit <a href="http://php.net/install.windows";>the manual page</a>.</p> 0 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=22127&edit=1
