From: James Cox <imajes@php.net>
Date: Tue, 2 Apr 2002 01:34:15 +0000 (+0000)
Subject: updated the alert sent to the browser. removed the verbosity, and linked to more... 
X-Git-Tag: php-4.3.0dev-ZendEngine2-Preview1~918
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f3d107a1809ca15ff58a612e03389e83f602872c;p=php

updated the alert sent to the browser. removed the verbosity, and linked to more info.
---

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index a94b26669d..5f012bacb3 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -594,21 +594,13 @@ int main(int argc, char *argv[])
 			    in case some server does something different than above */
 			&& (!redirect_status_env || !getenv(redirect_status_env))
 			) {
-			PUTS("<b>Security Alert!</b>  PHP CGI cannot be accessed directly.\n\
-\n\
-<P>This PHP CGI binary was compiled with force-cgi-redirect enabled.  This\n\
+			PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\
+<p>This PHP CGI binary was compiled with force-cgi-redirect enabled.  This\n\
 means that a page will only be served up if the REDIRECT_STATUS CGI variable is\n\
-set.  This variable is set, for example, by Apache's Action directive redirect.\n\
-<P>You may disable this restriction by recompiling the PHP binary with the\n\
---disable-force-cgi-redirect switch.  If you do this and you have your PHP CGI\n\
-binary accessible somewhere in your web tree, people will be able to circumvent\n\
-.htaccess security by loading files through the PHP parser.  A good way around\n\
-this is to define doc_root in your php.ini file to something other than your\n\
-top-level DOCUMENT_ROOT.  This way you can separate the part of your web space\n\n\
-which uses PHP from the normal part using .htaccess security.  If you do not have\n\
-any .htaccess restrictions anywhere on your site you can leave doc_root undefined.\n\n\n\
-If you are running IIS, you may safely set cgi.force_redirect=0 in php.ini.\n\
-\n");
+set, eg via an Apache Action directive.</p>\n\
+<p>For more information about changing this behaviour or re-enabling this webserver,\n\
+consult the installation file that came with this distribution, or visit \n\
+<a href="http://php.net/install.windows">the manual page</a></p>\n");
 
 			/* remove that detailed explanation some time */
 #ifdef ZTS