ID: 22127
Updated by: [email]sniperphp.net[/email]
Reported By: zlo at canada dot com
-Status: Open
+Status: Verified
Bug Type: CGI related
-Operating System: windows, linux
+Operating System: *
-PHP Version: php4-STABLE-200303302030
+PHP Version: 4.3.3RC4-dev, 5.0.0b2-dev
New Comment:

Still a problem with both PHP4/PHP5.



Previous Comments:
------------------------------------------------------------------------

[2003-03-30 15:45:43] zlo at canada dot com

using the latest build:
# HEAD [url]http://mysite/cgi-bin/php/pi.php[/url]
500 Bad response code: 'HTTP/1.1 0'

------------------------------------------------------------------------

[2003-03-30 06:44:32] [email]moriyoshiphp.net[/email]

Please try using this CVS snapshot:

[url]http://snaps.php.net/php4-STABLE-latest.tar.gz[/url]

For Windows:

[url]http://snaps.php.net/win32/php4-win32-STABLE-latest.zip[/url]



------------------------------------------------------------------------

[2003-02-08 14:46:41] zlo at canada dot com

When php is used in cgi mode with force-cgi-redirect enabled, and the
safety mechanism is triggered, PHP produces a bogus http response
line:
HTTP/1.1 0
this is invalid and browsers fail to display the output.
it happens for PHP 4.3.0 and a fresh PHP 4.3.1-dev snapshot under both
Windows and Linux.
AFAIK 0 is not a valid response code, and unless one uses a
non-compliant browser or accesses the page through a raw telnet
session, the warning page cannot be seen.
it would be desirable for PHP to produce a meaningful response code,
such as 200, 403 or 500.
for example:

GET /cgi-bin/php/pi.php HTTP/1.1
HOST: mysite

HTTP/1.1 0
Date: Sat, 08 Feb 2003 20:32:46 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.0
Transfer-Encoding: chunked
Content-Type: text/html; cht=windows-1251

283
<b>Security Alert!</b> The PHP CGI cannot be accessed directly.

<p>This PHP CGI binary was compiled with force-cgi-redirect enabled.
This
means that a page will only be served up if the REDIRECT_STATUS CGI
variable is
set, e.g. via an Apache Action directive.</p>
<p>For more information as to <i>why</i> this behaviour exists, see the
<a href="http://php.net/security.cgi-bin">manual page for CGI
security</a>.</p>
<p>For more information about changing this behaviour or re-enabling
this webserver,
consult the installation file that came with this distribution, or
visit
<a href="http://php.net/install.windows">the manual page</a>.</p>

0


------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=22127&edit=1[/url]