Ask a Question related to PHP Development, Design and Development.
-
sniper@php.net #1
#22127 [Opn->Ver]: bogus http response when force-cgi-redirect safety mechanism triggered
ID: 22127
Updated by: [email]sniper@php.net[/email]
Reported By: zlo at canada dot com
-Status: Open
+Status: Verified
Bug Type: CGI related
-Operating System: windows, linux
+Operating System: *
-PHP Version: php4-STABLE-200303302030
+PHP Version: 4.3.3RC4-dev, 5.0.0b2-dev
New Comment:
Still a problem with both PHP4/PHP5.
Previous Comments:
------------------------------------------------------------------------
[2003-03-30 15:45:43] zlo at canada dot com
using the latest build:
# HEAD [url]http://mysite/cgi-bin/php/pi.php[/url]
500 Bad response code: 'HTTP/1.1 0'
------------------------------------------------------------------------
[2003-03-30 06:44:32] [email]moriyoshi@php.net[/email]
Please try using this CVS snapshot:
[url]http://snaps.php.net/php4-STABLE-latest.tar.gz[/url]
For Windows:
[url]http://snaps.php.net/win32/php4-win32-STABLE-latest.zip[/url]
------------------------------------------------------------------------
[2003-02-08 14:46:41] zlo at canada dot com
When php is used in cgi mode with force-cgi-redirect enabled, and the
safety mechanism is triggered, PHP produces a bogus http response
line:
HTTP/1.1 0
this is invalid and browsers fail to display the output.
it happens for PHP 4.3.0 and a fresh PHP 4.3.1-dev snapshot under both
Windows and Linux.
AFAIK 0 is not a valid response code, and unless one uses a
non-compliant browser or accesses the page through a raw telnet
session, the warning page cannot be seen.
it would be desirable for PHP to produce a meaningful response code,
such as 200, 403 or 500.
for example:
GET /cgi-bin/php/pi.php HTTP/1.1
HOST: mysite
HTTP/1.1 0
Date: Sat, 08 Feb 2003 20:32:46 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.0
Transfer-Encoding: chunked
Content-Type: text/html; charset=windows-1251
283
<b>Security Alert!</b> The PHP CGI cannot be accessed directly.
<p>This PHP CGI binary was compiled with force-cgi-redirect enabled.
This
means that a page will only be served up if the REDIRECT_STATUS CGI
variable is
set, e.g. via an Apache Action directive.</p>
<p>For more information as to <i>why</i> this behaviour exists, see the
<a href="http://php.net/security.cgi-bin">manual page for CGI
security</a>.</p>
<p>For more information about changing this behaviour or re-enabling
this webserver,
consult the installation file that came with this distribution, or
visit
<a href="http://php.net/install.windows">the manual page</a>.</p>
0
------------------------------------------------------------------------
--
Edit this bug report at [url]http://bugs.php.net/?id=22127&edit=1[/url]
sniper@php.net Guest
-
Response.Flush / Response.Redirect
Hi, I've had a good google and can't find anything already on this so : I'm currently trying to have a 'Page Loading' page on a site. The way... -
#25232 [Opn->Bgs]: --enable-force-cgi-redirect gives Warnings
ID: 25232 Updated by: derick@php.net Reported By: alex at della dot com dot ua -Status: Open +Status: ... -
response.redirect give error http 404
Hi All, IIS.4 After I installed the latest windows update MS03- 026, MS03-024, MS03-023, Q811114, Q815021, Q816093, 814078, 811493, q329414 and... -
Response.Write and Response.Redirect
On my Page_Load event, i need to do some validation and then either let them proceed, or display a error message and boot them back to the previous... -
Redirect to New Browser Window like Response.Redirect
That worked just fine for me as long as you put that open statement on one line rather than 2. "michel" <michely3k@yahoo.com> wrote in...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
