php-windows Digest 4 Aug 2003 14:45:12 -0000 Issue 1853
Topics (messages 21007 through 21011):
Security Alert when trying to access a php file
21007 by: Jack
21009 by: Duane Lakoduk
Re: [PHP-INST] Security Alert when trying to access a php file
21008 by: Bob G
Re: Notice: Undefined variable: link in
21010 by: sven
unable to delete php created files in php
21011 by: John Yu
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Dear all
I had install PHP to my Win2k Server which running IIS 5.0.
I had copied the 'php.ini-dist' to c:\winnt, php4ts.dll to
c:\winnt\system32.
Also had configurated the App Tab inside Internet Service manager.
Now when i try to access the php file through intranet, it keep prompts me
the following error :
Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means
that a page will only be served up if the REDIRECT_STATUS CGI variable is
set, e.g. via an Apache Action directive.
For more information as to why this behaviour exists, see the manual page
for CGI security <http://php.net/security.cgi-bin>.
For more information about changing this behaviour or re-enabling this
webserver, consult the installation file that came with this distribution,
or visit the manual page <http://php.net/install.windows>."
I had check the php.ini which inside the c:\winnt, and turn the
cgi.force_redirection from 1 to 0, but still showing the same warning
again!!!
Can someone please tell me what to do?
Thx
Jack
--- End Message ---
--- Begin Message ---
If you read the php.ini file where the cgi.force_redirect variable is set,
it states that this MUST be turned off when running under IIS.
Try this
; cgi.force_redirect is necessary to provide security running PHP as a CGI
under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
; cgi.force_redirect = 1
cgi.force_redirect = 0
hth, Duane
-----Original Message-----
From: Jack [mailto:[EMAIL PROTECTED]
Sent: Monday, August 04, 2003 3:25 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [PHP-WIN] Security Alert when trying to access a php file
Dear all
I had install PHP to my Win2k Server which running IIS 5.0.
I had copied the 'php.ini-dist' to c:\winnt, php4ts.dll to
c:\winnt\system32.
Also had configurated the App Tab inside Internet Service manager.
Now when i try to access the php file through intranet, it keep prompts me
the following error :
Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means
that a page will only be served up if the REDIRECT_STATUS CGI variable is
set, e.g. via an Apache Action directive.
For more information as to why this behaviour exists, see the manual page
for CGI security <http://php.net/security.cgi-bin>.
For more information about changing this behaviour or re-enabling this
webserver, consult the installation file that came with this distribution,
or visit the manual page <http://php.net/install.windows>."
I had check the php.ini which inside the c:\winnt, and turn the
cgi.force_redirection from 1 to 0, but still showing the same warning
again!!!
Can someone please tell me what to do?
Thx
Jack
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Jack. I had exactly the same problem for weeks. Eventually I installed
Apache and the problem went away.
Regards
Bob
-----Original Message-----
From: Jack [mailto:[EMAIL PROTECTED]
Sent: Monday, August 04, 2003 9:25 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [PHP-INST] Security Alert when trying to access a php file
Dear all
I had install PHP to my Win2k Server which running IIS 5.0.
I had copied the 'php.ini-dist' to c:\winnt, php4ts.dll to
c:\winnt\system32.
Also had configurated the App Tab inside Internet Service manager.
Now when i try to access the php file through intranet, it keep prompts me
the following error :
Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means
that a page will only be served up if the REDIRECT_STATUS CGI variable is
set, e.g. via an Apache Action directive.
For more information as to why this behaviour exists, see the manual page
for CGI security <http://php.net/security.cgi-bin>.
For more information about changing this behaviour or re-enabling this
webserver, consult the installation file that came with this distribution,
or visit the manual page <http://php.net/install.windows>."
I had check the php.ini which inside the c:\winnt, and turn the
cgi.force_redirection from 1 to 0, but still showing the same warning
again!!!
Can someone please tell me what to do?
Thx
Jack
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
hi david,
although you can supress those notices in your php.ini, you can correct your
syntax errors like this:
AdminMain.php (line 7 and 8)
old: $tpl->define(array(main => "main.html", middle => "AdminScreen.html",
...
new: $tpl->define(array('main' => "main.html", 'middle' =>
"AdminScreen.html", ...
main.php (line 2)
be sure, that $link is defined before your switch (i.e. if (isset($link))
...)
ciao SVEN
--- End Message ---
--- Begin Message ---
It seems that when I try to unlink a file in php which has been created by
php on a winxp machine I always get a unable to delete file, permission
denied error...
This seems to me to be very strange since the file was created by php and
yet php doesn't have the rights to delete it.
Anyone else ran into this and any suggestions at all?
thanks in advance.
John
--- End Message ---
