ID: 42404 Updated by: [EMAIL PROTECTED] Reported By: cvitale at us dot ibm dot com -Status: Open +Status: Feedback Bug Type: Apache2 related Operating System: Linux 2.4 PHP Version: 5.2.3 New Comment:
Since you seem to know the Apache quite well, maybe you could provide us a patch to fix this issue? Previous Comments: ------------------------------------------------------------------------ [2007-08-23 21:52:31] cvitale at us dot ibm dot com Description: ------------ I've compiled php to run on Apache 2.0.59 with --with-apxs2. The function php_apache_sapi_read_post in php-5.2.3/sapi/apache2handler/sapi_apache2.c assumes that the call to ap_get_brigade will never return an error that php should give to Apache. This violates Apache best practices. An Apache2 input content filter may return an error, like APR_EGENERAL. I am working on a filter that will reject suspicious input content and return this value. I also set the Apache request_rec status to 403. The requests that are returned have a 403 Forbidden status header and the normal php output body content. If ap_get_brigade returns an apache error php should stop processing. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42404&edit=1
