php-windows Digest 17 Mar 2005 04:58:10 -0000 Issue 2610
Topics (messages 25760 through 25764):
Security Alert! The PHP CGI cannot be accessed directly...
25760 by: Ian Matthews
Call to undefined function checkdnsrr()
25761 by: Victoria Elliott
25762 by: Mikey
25763 by: Jason Barnett
Problem with redirect
25764 by: Bunmi Akinmboni
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Good Day;
I just performed an install of PHP 4.3.10 using the "php.ini-recommended" on
IIS6 and was getting:
"Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect
enabled. This means that a page will only be served up if the
REDIRECT_STATUS CGI variable is set, e.g. via an
Apache Action directive."
After some research and talking to some php programmer buddies, the solution
seemed to be to add the following to the php.ini :
cgi.force_redirect = 0
cgi.redirect_status_env ="yes";
http://codewalkers.com/archives/phphelp/211.html
Now my server functions but I am concerned with potential security problems.
The INI file and the on-line manual state that REDIRECT_STATUS relates to
Apache only and infers that it may be a serious security risk on other web
servers.
Note that in addition to adding PHP.EXE into the "APPLICATION CONFIGURATION"
of a specific virtual server, I also had to add it into the WEB SERVER
EXTENTIONS on the IIS6 server. This step was not documented in the PHP
manuals I reviewed but it was required.
Any explaination as to what these settings do and whether I have exposed my
customers systems would be appreciated.
--- End Message ---
--- Begin Message ---
I am running php5 on a win2kpro machine with apache2/mysql/phorum.
In the phorum when trying to register a new user through the site, I get
this error.
>From what I've looked up, checkdnsrr() doesn't run in Win, and yet the
function email_functions.php is calling it.
Know what I need to do here?
Thx,
v
--- End Message ---
--- Begin Message ---
> I am running php5 on a win2kpro machine with apache2/mysql/phorum.
> In the phorum when trying to register a new user through the
> site, I get this error.
> From what I've looked up, checkdnsrr() doesn't run in Win,
> and yet the function email_functions.php is calling it.
>
> Know what I need to do here?
> Thx,
> v
In the first instance you should contact the author of your application for
support as it is not the job of this list...
Mikey
--- End Message ---
--- Begin Message ---
Mikey wrote:
>>I am running php5 on a win2kpro machine with apache2/mysql/phorum.
>>In the phorum when trying to register a new user through the
>>site, I get this error.
>>From what I've looked up, checkdnsrr() doesn't run in Win,
>>and yet the function email_functions.php is calling it.
>>
>>Know what I need to do here?
>>Thx,
>>v
>
>
> In the first instance you should contact the author of your application for
> support as it is not the job of this list...
>
> Mikey
Agreed... the author of your application forgot to give you that
function. Go talk to him / her / them.
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
I develop under windows. Why will my redirect be giving this error:
Warning: Cannot modify header information - headers already sent by
(output started at
c:\inetpub\wwwroot\nacd\includes\functions.inc.php:67) in
c:\inetpub\wwwroot\nacd\includes\functions.inc.php on line 232
My code is:
$insertGoTo = "Login.php";
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
}
KT_redir($insertGoTo);
function KT_redir($url) {
global $HTTP_SERVER_VARS;
$protocol = "http://";;
$server_name = $HTTP_SERVER_VARS["HTTP_HOST"];
if ($server_name != '') {
$protocol = "http://";;;
if (isset($HTTP_SERVER_VARS['HTTPS']) &&
($HTTP_SERVER_VARS['HTTPS']
== "on")) {
$protocol = "https://";;
}
if (preg_match("#^/#", $url)) {
$url = $protocol.$server_name.$url;
} else if (!preg_match("#^[a-z]+://#", $url)) {
$url =
$protocol.$server_name.(preg_replace("#/[^/]*$#", "/",
$HTTP_SERVER_VARS["PHP_SELF"])).$url;
}
header("Location: ".$url);
}
exit;
}
--- End Message ---
