ID: 22127
Updated by: [email][/email]
Reported By: zlo at canada dot com
-Status: Open
+Status: Verified
Bug Type: CGI related
-Operating System: windows, linux
+Operating System: *
-PHP Version: php4-STABLE-200303302030
+PHP Version: 4.3.3RC4-dev, 5.0.0b2-dev
New Comment:

Still a problem with both PHP4/PHP5.

Previous Comments:

[2003-03-30 15:45:43] zlo at canada dot com

using the latest build:
# HEAD [url]http://mysite/cgi-bin/php/pi.php[/url]
500 Bad response code: 'HTTP/1.1 0'


[2003-03-30 06:44:32] [email][/email]

Please try using this CVS snapshot:


For Windows:



[2003-02-08 14:46:41] zlo at canada dot com

When php is used in cgi mode with force-cgi-redirect enabled, and the
safety mechanism is triggered, PHP produces a bogus http response
HTTP/1.1 0
this is invalid and browsers fail to display the output.
it happens for PHP 4.3.0 and a fresh PHP 4.3.1-dev snapshot under both
Windows and Linux.
AFAIK 0 is not a valid response code, and unless one uses a
non-compliant browser or accesses the page through a raw telnet
session, the warning page cannot be seen.
it would be desirable for PHP to produce a meaningful response code,
such as 200, 403 or 500.
for example:

GET /cgi-bin/php/pi.php HTTP/1.1
HOST: mysite

HTTP/1.1 0
Date: Sat, 08 Feb 2003 20:32:46 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.0
Transfer-Encoding: chunked
Content-Type: text/html; cht=windows-1251

<b>Security Alert!</b> The PHP CGI cannot be accessed directly.

<p>This PHP CGI binary was compiled with force-cgi-redirect enabled.
means that a page will only be served up if the REDIRECT_STATUS CGI
variable is
set, e.g. via an Apache Action directive.</p>
<p>For more information as to <i>why</i> this behaviour exists, see the
<a href="">manual page for CGI
<p>For more information about changing this behaviour or re-enabling
this webserver,
consult the installation file that came with this distribution, or
<a href="">the manual page</a>.</p>



Edit this bug report at [url][/url]