From: Shane Caraveo <shane@php.net>
Date: Fri, 1 Mar 2002 01:58:20 +0000 (+0000)
Subject: This is much better.  With FORCE_CGI_REDIRECT turned on by default for compilation,
X-Git-Tag: php-4.2.0RC1~236
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cd18533a101d526703169a70c1d4b05ccd108e3f;p=php

This is much better.  With FORCE_CGI_REDIRECT turned on by default for compilation,
we can now define this in the ini file.  So it can be turned on for apache, turned
off for IIS which does not have a redirect issue.  Alternately, a different 'REDIRECT_STATUS'
environment var can be defined in case some web server out there needs it.

new ini vars
cgi.force_redirect 0|1
cgi.redirect_status_env ENV_VAR_NAME
---

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 64a6333f24..9cc864e96f 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -390,6 +390,8 @@ int main(int argc, char *argv[])
 	char *script_file=NULL;
 	zend_llist global_vars;
 	int interactive=0;
+        int force_redirect = 1;
+        char *redirect_status_env = NULL;
 /* end of temporary locals */
 #ifdef ZTS
 	zend_compiler_globals *compiler_globals;
@@ -472,19 +474,24 @@ int main(int argc, char *argv[])
 
 #if FORCE_CGI_REDIRECT
 	/* check force_cgi after startup, so we have proper output */
-	if (cgi) {
+        if (cfg_get_long("cgi.force_redirect", &force_redirect) == FAILURE) {
+            force_redirect = 1;
+        }
+	if (cgi && force_redirect) {
+                if (cfg_get_string("cgi.redirect_status_env", &redirect_status_env) == FAILURE) {
+                    redirect_status_env = NULL;
+                }
 		/* Apache will generate REDIRECT_STATUS,
 		 * Netscape and redirect.so will generate HTTP_REDIRECT_STATUS.
 		 * redirect.so and installation instructions available from
 		 * http://www.koehntopp.de/php.
 		 *   -- kk@netuse.de
 		 */
-		if (!getenv("REDIRECT_STATUS") && !getenv ("HTTP_REDIRECT_STATUS")
-#ifdef PHP_WIN32
-                    /* IIS doesn't set anything, look to see if php.exe is in the script_name */
-                    && (strstr(getenv("SERVER_SOFTWARE"),"Apache") || 
-                        strstr(getenv("SERVER_SOFTWARE"),"iPlanet"))
-#endif
+		if (!getenv("REDIRECT_STATUS") 
+                    && !getenv ("HTTP_REDIRECT_STATUS")
+                    /* this is to allow a different env var to be configured
+                        in case some server does something different than above */
+                    && (!redirect_status_env || !getenv(redirect_status_env))
                     ) {
 			PUTS("<b>Security Alert!</b>  PHP CGI cannot be accessed directly.\n\
 \n\