ID: 7822 Updated by: cynic Reported By: [EMAIL PROTECTED] Old-Status: Feedback Status: Open Bug Type: Apache related Operating system: PHP Version: 4.0.4 Assigned To: Comments: I guess the point is to prevent malicious users from crashing the server. Previous Comments: --------------------------------------------------------------------------- [2001-05-07 12:35:23] [EMAIL PROTECTED] I don't see the point in accessing http://localhost/php/php.exe. So, why do you want to do that? --------------------------------------------------------------------------- [2001-05-04 03:41:23] [EMAIL PROTECTED] Now I use Apache/1.3.19 with PHP/4.0.5 for Windows 98 this problem still exists. Default setting will make system crash in Windows 98 if accessing something like http://localhost/php/php.exe I guess PHP at least should announce this problem (and I've made two of my friends crashed, sorry if they see this.). --------------------------------------------------------------------------- [2001-01-12 12:27:08] [EMAIL PROTECTED] cynic: This is a Great Idea! --------------------------------------------------------------------------- [2001-01-12 10:26:41] [EMAIL PROTECTED] indeed. a temporary workaround, if I may: <LocationMatch "/php/php(.exe)?"> deny from all </LocationMatch> This at least denies direct access to the executable, and thus gets you rid of the crashes. --------------------------------------------------------------------------- [2001-01-08 02:32:47] [EMAIL PROTECTED] In 4.0.4, This bug still exists. (Win32, php.ini) Conditions for this bug: safe_mode=Off doc_root=; the root of the php pages, used only if nonempty (doc_root is empty) In such configured PHP, system will crash if I type the URL: http://localhost/php/php.exe (Note: no "/" at the end of the URL) I may consult the source code if I have time later. --------------------------------------------------------------------------- The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online. ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=7822&edit=2 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
