ID: 14909 Updated by: goba Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Documentation problem Operating System: Windows PHP Version: 4.1.1 Assigned To: [EMAIL PROTECTED] New Comment:
Georg, our security section has a link to that CERT advisory for quite a long time now. I have added a warning and a link to the particular security page to that setup instruction page for Apache windows. Please give better instructions for CGI setups under windows if you can. A setup, where PHP sritps are portable, so no #!c:\php\php.exe type of method is doable... Maybe James can find another way. The Apache doc only documents the methods we have in the install and security chapters... --- Goba Previous Comments: ------------------------------------------------------------------------ [2002-01-07 09:46:58] [EMAIL PROTECTED] Actually, our documentation tells win32 users to install that way. I'm investigating a better method right now, and will patch the documentation in a short while. I knew i forgot to do something after i updated my win32 last week! ------------------------------------------------------------------------ [2002-01-07 09:41:20] [EMAIL PROTECTED] Unbelievable, why do you set your cgi-binary in the document root tree!? See http://www.cert.org/advisories/CA-1996-11.html ------------------------------------------------------------------------ [2002-01-07 09:34:04] [EMAIL PROTECTED] Well you should have already heard about this but I'll report it anyway becoz we all need a fix very fast! Well when you do this: http://www.example.com/php/php.exe?c:\winnt\repair\sam (this is an example, you can view any file) it will return the files contents! This happens with ANY windows versions...i don't think it affects linux. Also this will return the install path of PHP: http://www.example.com/php/php4ts.dll could you please get a path/new vesion out ASAP! This is extremly serious! ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=14909&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
