From: Sander Roobol Date: Thu, 2 May 2002 17:20:41 +0000 (+0000) Subject: MFH X-Git-Tag: php-4.2.1RC2~9 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=42bb3ed03512c6996665d0db4f8a546d859b4299;p=php MFH --- diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index f649421bbb..667007cd3e 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -497,23 +497,16 @@ int main(int argc, char *argv[]) in case some server does something different than above */ && (!redirect_status_env || !getenv(redirect_status_env)) ) { - PUTS("Security Alert! PHP CGI cannot be accessed directly.\n\ -\n\ -

This PHP CGI binary was compiled with force-cgi-redirect enabled. This\n\ + PUTS("Security Alert! The PHP CGI cannot be accessed directly.\n\n\ +

This PHP CGI binary was compiled with force-cgi-redirect enabled. This\n\ means that a page will only be served up if the REDIRECT_STATUS CGI variable is\n\ -set. This variable is set, for example, by Apache's Action directive redirect.\n\ -

You may disable this restriction by recompiling the PHP binary with the\n\ ---disable-force-cgi-redirect switch. If you do this and you have your PHP CGI\n\ -binary accessible somewhere in your web tree, people will be able to circumvent\n\ -.htaccess security by loading files through the PHP parser. A good way around\n\ -this is to define doc_root in your php.ini file to something other than your\n\ -top-level DOCUMENT_ROOT. This way you can separate the part of your web space\n\n\ -which uses PHP from the normal part using .htaccess security. If you do not have\n\ -any .htaccess restrictions anywhere on your site you can leave doc_root undefined.\n\n\n\ -If you are running IIS, you may safely set cgi.force_redirect=0 in php.ini.\n\ -\n"); - - /* remove that detailed explanation some time */ +set, e.g. via an Apache Action directive.

\n\ +

For more information as to why this behaviour exists, see the \ +manual page for CGI security.

\n\ +

For more information about changing this behaviour or re-enabling this webserver,\n\ +consult the installation file that came with this distribution, or visit \n\ +the manual page.

\n"); + #ifdef ZTS tsrm_shutdown(); #endif