MFH: Fixed bug #22127 (Invalid response code when force-cgi-redirect safety

mechanism is triggered).

diff --git a/NEWS b/NEWS
index 51bcf19afc565f84df86e61a768c7a2019cf8154..a58a563b00ce5eb4ab5583ccbe6bbf464b593e60 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,8 @@ PHP 4                                                                      NEWS
   (Jani, Markus dot Lidel at shadowconnect dot com)
 - Fixed bug #26005 (Random "cannot change the session ini settings" errors).
   (Jani, jsnajdr at kerio dot com)
+- Fixed bug #22127 (Invalid response code when force-cgi-redirect safety 
+  mechanism is triggered). (Ilia, scottmacvicar at ntlworld dot com)
 - Fixed bug #21760 (Use of uninitialized pointer inside php_read()). (Ilia, 
   uce at ftc dot gov)
 - Fixed bug #21070 (ftp_genlist/ANSI-tmpfile() fail w/ some platform). (Sara)

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 4bfbd75e58b539f9e73ee3c1eda43d307fd5f74f..d929c83f4390dd7409702aaa847ef8485d071d38 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1106,6 +1106,7 @@ int main(int argc, char *argv[])
                            in case some server does something different than above */
                        && (!redirect_status_env || !getenv(redirect_status_env))
                        ) {
+                       SG(sapi_headers).http_response_code = 400;
                        PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\
 <p>This PHP CGI binary was compiled with force-cgi-redirect enabled.  This\n\
 means that a page will only be served up if the REDIRECT_STATUS CGI variable is\n\