Why are you using cgiwrap? seriously? Are you using an old httpd server and not apache?
CGIWRAp from my perling experiences was good for firewalling, keeping users out of areas of your server. But cgiwrap is a pain in the ass for your users. If you have your/their permissions set up right, why bother? Seriously, I'm curious. Why use cgiwrap at all? John Frank wrote: > Dear List, > > I have been using cgiwrap for many years, always with the .php extension > added like an AddType like this. > > httpd.conf: > Action application/php-script /cgi-bin/php.cgi > AddHandler application/php-script .php4 .php3 .php > > Works perfectly. > > But in this case I don't want to serve the .php-extension in general. I > have also moved the executable binary php out of the web tree, compiled it > with "--enable-discard-path" and added #!/usr/local/bin/php in the scripts. > > So instead of above, httpd.conf has > > ScriptAlias /cgi-bin/ "/usr/home/httpd/bin/" > > and scripts can be invoked in the browser like: > > http://www.myname.com/myscript1.cgi > > E.g. "myscript1.cgi" could be > > #/usr/local/bin/php > <?php phpinfo() ?> > > This works fine. > > And cgiwrap works fine. I can call other scripts as intended - e.g. I can > call this script > > #!/bin/sh > echo "Content-type: text/html\n\n" > ls / > > or Perl > > #!/usr/bin/perl > print("Content-type: text/html\n\n"); > print("Hello, World!"); > > as http://www.myname.com/cgi-bin/cgiwrapd/frank/myscript2.cgi > > So everything as expected. > > But with PHP something very strange happen: The above script > "myscript1.php" seems to output the cgi-wrap's code when I load it in the > browser as > > http://www.myname.com/cgi-bin/cgiwrapd/frank/myscript1.cgi > > and not info about PHP. > > Why is that? Since scripts with #!/bin/sh worked I have even tried to call > php from such a script and output the result to a file: > > #/bin/sh > /usr/local/bin/php /somepath/testphp.php > /somepath/testphp.htm > ls / > > Same result. testphp.htm contains nice phpinfo when the script is called > from the command line - and lots of binary code when the script called by > cgiwrap. But the result of "ls /" reaches the browser correctly! > > What is special about PHP in combination with cgiwrap here? What can > cgiwrap "do" to php to make it output unintended code where sh and Perl > behaves normally? Is something missing in the environment when called from > cgiwrap? If so what? > > I am completely clueless, despite spending 10 hours on the problem. > > Oh. and one more thing: When PHP is compiled wrongly for this purpose - > like with "--enable-force-cgi-redirect" - then there's suddenly nothing > strange - the script correctly outputs an error-message from PHP, also when > called over cgiwrap! > > If anyone can point me in the right direction or suggest some good things > to try I'd me more than grateful - I'd be impressed! :-) > > Best regards > > Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
