Module Name: src
Committed By: tls
Date: Tue Dec 14 13:27:39 UTC 2010
Modified Files:
src/libexec/httpd: cgi-bozo.c
Log Message:
When invoking a content handler specified via -C, set the REDIRECT_STATUS
CGI variable to "200". This approximates the Apache behavior which is
required by phpcgi in PHP 5.3 (and by some compilations of older PHP
versions).
I have a revolutionary idea. Perhaps instead of imposing bizarre
requirements on other programs in the name of "security", the PHP
developers should make their own code compile with oh, I don't know,
maybe -Wuninitialized. That might have an effect on the security of
systems using PHP rather than on the "security" of such systems...
...excuse me, got to go now, I think my airquotes just wore out.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/cgi-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.18 src/libexec/httpd/cgi-bozo.c:1.19
--- src/libexec/httpd/cgi-bozo.c:1.18 Mon Sep 20 23:11:38 2010
+++ src/libexec/httpd/cgi-bozo.c Tue Dec 14 13:27:39 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: cgi-bozo.c,v 1.18 2010/09/20 23:11:38 mrg Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.19 2010/12/14 13:27:39 tls Exp $ */
/* $eterna: cgi-bozo.c,v 1.38 2010/09/20 22:25:00 mrg Exp $ */
@@ -408,6 +408,12 @@
if (request->hr_remoteaddr && *request->hr_remoteaddr)
bozo_setenv(httpd, "REMOTE_ADDR", request->hr_remoteaddr,
curenvp++);
+ /*
+ * XXX Apache does this when invoking content handlers, and PHP
+ * XXX 5.3 requires it as a "security" measure.
+ */
+ if (cgihandler)
+ bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++);
bozo_auth_cgi_setenv(request, &curenvp);
free(file);
