ID: 30849 Comment by: grange at club-internet dot fr Reported By: xuefer at 21cn dot com Status: Open Bug Type: CGI related Operating System: win PHP Version: 4.3.9 New Comment:
I added a note on http://www.php.net/manual/en/security.cgi-bin.php to achieve the same results with mod_rewrite. Previous Comments: ------------------------------------------------------------------------ [2004-12-13 10:10:04] xuefer at 21cn dot com the bug is, "force_redirect" is not implemented by fastcgi sapi, maybe this is a feature request? this lead to same issue as CGI, because both of them use ScriptAlias afaik, ScriptAlias is good for normal cgi program, but bad for scripting-language without "force_redirect" using ScriptAlias http://your-server/fcgi/php-fcgi/abc.php have same issue as: http://your-server/cgi-bin/php-cgi/abc.php the only thing i can do is to use "auto_prepend_file" add a script that check $_SERVER, for REDIRECT_STATUS. this should be better done in api imho. i don't know how to explain, but it's same as cgi. just "force_redirect" don't work and i need it ------------------------------------------------------------------------ [2004-11-20 14:22:23] xuefer at 21cn dot com Description: ------------ sapi/cgi/README.FastCGI (with apache mod_fastcgi) both ScriptAlias(dynserver) or Alias(static server) method issue a security problem. force_redirect is not done for fastcgi, only for cgi this have same problem as cgi with no force_redirect i guess redirect checking can be done after $_SERVER is ready, while cgi use getenv. separate php is not affected by this problem. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30849&edit=1