php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #5028 incorrect security config url
Submitted: 2000-06-14 12:31 UTC Modified: 2000-06-14 13:56 UTC
From: pgl at instinct dot org Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4.0.0 Release OS: FreeBSD
Private report: No CVE-ID: None
View Developer Edit
 [2000-06-14 12:31 UTC] pgl at instinct dot org 
after a make install on php4, I got the following message:

+--------------------------------------------------------------------+
| Warning:                                                           |
| You will be compiling the CGI version of PHP without any           |
| redirection checking.  By putting this cgi binary somewhere in     |
| your web space, users may be able to circumvent existing .htaccess |
| security by loading files directly through the parser.  See        |
| http://www.php.net/manual/config-security.php3 for more details.   |
+--------------------------------------------------------------------+


(I hope that paste isn't as screwed up on your screen)

www.php.net/manual/config-security.php(3?) doesn't exist, and you also get a 404 error trying to find the ErrorDocument.

cheers,

Peter.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-06-14 13:21 UTC] eschmid at cvs dot php dot net 
That's not a bug, it is a feature.
 [2000-06-14 13:25 UTC] pgl at instinct dot org 
htf is that a feature? you mean by saying "you've got a security problem, go
to this page to see why" and that page doesn't exist, that's a feature? can't
someone just change the url in the config script?

or am I just the victim of my own gullibility (again)?
 [2000-06-14 13:56 UTC] eschmid at cvs dot php dot net 
It's now corrected in CVS.  Read http://www.php.net/manual/security.php.
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Sun Jun 14 21:00:02 2026 UTC