ID: 14883 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Closed Bug Type: Other web server Operating System: Windows NT (all Win32) PHP Version: 4.1.1 New Comment:
It's still not a full solution. PHP is going out by default with a big hole, and most users will not read that part of the docs to figure out that PHP CGI has that hole. The patch I've now submitted turns on FORCE_REDIRECT by default, but it can be turned off (IIS for example needs it off) in the php.ini file. Previous Comments: ------------------------------------------------------------------------ [2002-02-28 20:53:54] [EMAIL PROTECTED] Shane has already commited the fix to CVS :) ------------------------------------------------------------------------ [2002-02-28 20:32:12] [EMAIL PROTECTED] I just would like to make sure if document in source is ok also. Could anyone check it? And I would like to open this report since [EMAIL PROTECTED] is willing to write patch for this :) Could you change Category to Apache problem after checking doc in source? ------------------------------------------------------------------------ [2002-02-28 20:04:08] [EMAIL PROTECTED] Not a doc prob...RTFM http://www.php.net/manual/en/security.cgi-bin.php ------------------------------------------------------------------------ [2002-02-28 19:59:34] [EMAIL PROTECTED] The problem can be avoided by setting doc_root in php.ini. Meanwhile, I've submitted a quick patch to cvs. Working right now on a full patch. Shane ------------------------------------------------------------------------ [2002-02-28 19:54:24] [EMAIL PROTECTED] I think document is updated so that users can set up Apache corretly, right? (Not yet?) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/14883 -- Edit this bug report at http://bugs.php.net/?id=14883&edit=1
