On 4.5.2012 18:50, Sebastian Marsching wrote:
So suPHP is safe or I'm missing something?
suPHP should be safe, because, unlike the Apache CGI implementation, it
will never pass any command-line arguments to the PHP interpreter.
Hi,
Ok. Sounds assuring. I was trying to understand how this happens as
QUERY_STRING is supposed to be passed in CGI to program in environmental
variable, not in command line arguments.
So to me this problem sounds to be in Apache CGI implementation not in PHP.
So probably Apache has something as idiotic as this:
https://issues.apache.org/bugzilla/show_bug.cgi?id=41008
Ok, found:
https://issues.apache.org/bugzilla/show_bug.cgi?id=13914
I can't understand the idea of passing query string as command line
arguments as CGI has QUERY_STRING, but that's totally off-topic here.
_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp
