From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 12 Mar 2004 14:07:14 +0000 (+0000)
Subject: MFH: Fixed bug #22127 (Invalid response code when force-cgi-redirect safety
X-Git-Tag: php-4.3.5RC4~33
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a9674113d129b9b4c0a346c64c4d60712801c72a;p=php

MFH: Fixed bug #22127 (Invalid response code when force-cgi-redirect safety
mechanism is triggered).
---

diff --git a/NEWS b/NEWS
index 51bcf19afc..a58a563b00 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,8 @@ PHP 4                                                                      NEWS
   (Jani, Markus dot Lidel at shadowconnect dot com)
 - Fixed bug #26005 (Random "cannot change the session ini settings" errors).
   (Jani, jsnajdr at kerio dot com)
+- Fixed bug #22127 (Invalid response code when force-cgi-redirect safety 
+  mechanism is triggered). (Ilia, scottmacvicar at ntlworld dot com)
 - Fixed bug #21760 (Use of uninitialized pointer inside php_read()). (Ilia, 
   uce at ftc dot gov)
 - Fixed bug #21070 (ftp_genlist/ANSI-tmpfile() fail w/ some platform). (Sara)
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 4bfbd75e58..d929c83f43 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1106,6 +1106,7 @@ int main(int argc, char *argv[])
 			    in case some server does something different than above */
 			&& (!redirect_status_env || !getenv(redirect_status_env))
 			) {
+			SG(sapi_headers).http_response_code = 400;
 			PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\
 <p>This PHP CGI binary was compiled with force-cgi-redirect enabled.  This\n\
 means that a page will only be served up if the REDIRECT_STATUS CGI variable is\n\