ID: 18582 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Feedback Bug Type: Apache related Operating System: freebsd PHP Version: 4.2.2 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip Previous Comments: ------------------------------------------------------------------------ [2002-07-29 06:02:26] [EMAIL PROTECTED] I'm experiencing the same problem on GNU/Linux with PHP 4.1.2 (From Debian Woody) and Apache 1.3.26. It seems that unprocessed PHP is being served in the following situation: 1. References to the directory name rather than the index.php file in the get request. 2. Access is through a proxy server. Also: (3. I have a hunch that it may be connected with PHP session cookies, although I don't really have any evidence other than the fact that the page I've experienced this on makes heavy use of them) I should also add that as PHP scripts can potentially contain (eg) plain text database passwords, this is potentially a security issue. I shall investigate this evening when I have a little more time and try and work out exactly what is going wrong. ------------------------------------------------------------------------ [2002-07-26 16:19:58] [EMAIL PROTECTED] I've had the same problem described here. The config of my server is: OS: Red Hat 7.3 Arch: Intel 32bit PHP: 4.2.2 (DSO) Apache: 1.3.26 PHP Configure line: './configure' '--prefix=/usr/local/php' '--with-apxs=/usr/local/apache/bin/apxs' '--with-openssl' '--with-pcre-regex' '--with-mysql' '--with-pgsql' '--with-ldap' '--with-zlib' '--enable-calendar' '--with-java=/usr/java/j2sdk1.4.0_01' '--enable-wddx' '--with-bz2' '--enable-ctype' '--with-curl' '--with-cybercash' '--with-db' '--with-dom' '--enable-exif' '--with-gd' '--with-gettext' '--with-hyperwave' '--with-iconv' '--with-imap' '--with-yaz' '--with-xmlrpc' '--with-kerberos=/usr/kerberos' '--with-pear=/usr/local/php/pear' '--with-imap-ssl' Interestingly, it happens with Mozilla 1.0 under linux and does not happen with the version of Konqueror that comes with KDE 3.0. If I choose to download the URL (e.g. http://www.mydomain.com/stuff/) with mozilla I get the PHP source! This leads me to believe it is bug in PHP. My apache config does not contain the x-httpd-php-source AddType directive. ------------------------------------------------------------------------ [2002-07-26 10:05:00] [EMAIL PROTECTED] './configure' '--with-mysql' '--with-imap' '--with-xml' '--enable-dbase' '--enable-sockets' '--enable-safe-mode' '--with-apxs=/usr/local/apache/bin/apxs' '--with-gd=/usr/local/' '--with-jpeg-dir=/usr/local/' '--with-png-dir=/usr/local/' '--with-zlib-dir=/usr/local/' Apache/1.3.22 PHP as module The site was working ok, we were using urls like 'directory/' and no 'directory/index.xxx' (php, htm,html), and it worked ok, including the connections using the internet providers that now show the error. Now, when updated 4.2.2, 'directory/ like' links doesn't work and sometimes show crucial information, as confs path's, and the script code. Please explain how using .htaccess can fix it, in apache.conf I'm using <IfModule mod_dir.c> DirectoryIndex index.php index.html default.htm default.php default.html index.htm </IfModule> If I use .htaccess it means that I will have to create a .htaccess for every directory of my site? Using .htaccess is common for me, but for tasks as restricting access or hidden some files. ------------------------------------------------------------------------ [2002-07-26 06:19:59] [EMAIL PROTECTED] Apache version? configure line for PHP ? PHP as module/cgi? ------------------------------------------------------------------------ [2002-07-25 23:35:26] [EMAIL PROTECTED] Umm well I'd **think** that thats a problem with thier browsers, have you tried adding: DirectoryIndex index.php index.html index.htm To .htaccess. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/18582 -- Edit this bug report at http://bugs.php.net/?id=18582&edit=1