When I use :
header('Location: xxx.php?a=123&b=456');

(1) use header() function
(2) the URL append GET string

then php file show the source on client's browser.
But after reload, the PHP just normal run.

Could you try compiling PHP without using ANY predefined CFLAGS?  ie. only run the configure with your options.

I compiled php without any CFLAGS, showing source still 
arisen .
My gcc version is 3.2 .

PS: but the situation doesn't arise on "APACHE 2.x + PHP" .

With which apache version it doesn't work?

apache 1.3.26

Could you please try using this line to compile:

rm config.cache && ./configure --with-apxs=/usr/local/apache/bin/apxs && make clean && make

And then try seeing if this happens with such 'pure' build?

compiling fault. I use php4-200209241800 .

/bin/sh libtool --silent --mode=link gcc -export-dynamic   -avoid-version -module -L/usr/ucblib -L/usr/local/lib/gcc-lib/i386-pc-solaris2.8/3.2  -R /usr/ucblib -R /usr/local/lib/gcc-lib/i386-pc-solaris2.8/3.2 ext/ctype/ctype.lo ext/mbstring/mbfilter_ja.lo ext/mbstring/mbfilter_cn.lo ext/mbstring/mbfilter_tw.lo ext/mbstring/mbfilter_kr.lo ext/mbstring/mbfilter_ru.lo ext/mbstring/mbfilter.lo ext/mbstring/mbstring.lo ext/mbstring/mbregex.lo ext/mbstring/php_mbregex.lo ext/mbstring/html_entities.lo ext/mysql/php_mysql.lo ext/mysql/libmysql/libmysql.lo ext/mysql/libmysql/errmsg.lo ext/mysql/libmysql/net.lo ext/mysql/libmysql/violite.lo ext/mysql/libmysql/password.lo ext/mysql/libmysql/my_init.lo ext/mysql/libmysql/my_lib.lo ext/mysql/libmysql/my_static.lo ext/mysql/libmysql/my_malloc.lo ext/mysql/libmysql/my_realloc.lo ext/mysql/libmysql/my_create.lo ext/mysql/libmysql/my_delete.lo ext/mysql/libmysql/my_tempnam.lo ext/mysql/libmysql/my_open.lo ext/mysql/libmysql/mf_casecnv.lo ext/mysql/libmysql/my_read.lo ext/mysql/libmysql/my_write.lo ext/mysql/libmysql/errors.lo ext/mysql/libmysql/my_error.lo ext/mysql/libmysql/my_getwd.lo ext/mysql/libmysql/my_div.lo ext/mysql/libmysql/mf_pack.lo ext/mysql/libmysql/my_messnc.lo ext/mysql/libmysql/mf_dirname.lo ext/mysql/libmysql/mf_fn_ext.lo ext/mysql/libmysql/mf_wcomp.lo ext/mysql/libmysql/typelib.lo ext/mysql/libmysql/safemalloc.lo ext/mysql/libmysql/my_alloc.lo ext/mysql/libmysql/mf_format.lo ext/mysql/libmysql/mf_path.lo ext/mysql/libmysql/mf_unixpath.lo ext/mysql/libmysql/my_fopen.lo ext/mysql/libmysql/mf_loadpath.lo ext/mysql/libmysql/my_pthread.lo ext/mysql/libmysql/my_thr_init.lo ext/mysql/libmysql/thr_mutex.lo ext/mysql/libmysql/mulalloc.lo ext/mysql/libmysql/string.lo ext/mysql/libmysql/default.lo ext/mysql/libmysql/my_compress.lo ext/mysql/libmysql/array.lo ext/mysql/libmysql/my_once.lo ext/mysql/libmysql/list.lo ext/mysql/libmysql/my_net.lo ext/mysql/libmysql/dbug.lo ext/mysql/libmysql/strmov.lo ext/mysql/libmysql/strxmov.lo ext/mysql/libmysql/strnmov.lo ext/mysql/libmysql/strmake.lo ext/mysql/libmysql/strend.lo ext/mysql/libmysql/strfill.lo ext/mysql/libmysql/is_prefix.lo ext/mysql/libmysql/int2str.lo ext/mysql/libmysql/str2int.lo ext/mysql/libmysql/strinstr.lo ext/mysql/libmysql/strcont.lo ext/mysql/libmysql/strcend.lo ext/mysql/libmysql/bchange.lo ext/mysql/libmysql/bmove.lo ext/mysql/libmysql/bmove_upp.lo ext/mysql/libmysql/longlong2str.lo ext/mysql/libmysql/strtoull.lo ext/mysql/libmysql/strtoll.lo ext/mysql/libmysql/charset.lo ext/mysql/libmysql/ctype.lo ext/overload/overload.lo ext/pcre/pcrelib/maketables.lo ext/pcre/pcrelib/get.lo ext/pcre/pcrelib/study.lo ext/pcre/pcrelib/pcre.lo ext/pcre/php_pcre.lo ext/posix/posix.lo ext/session/session.lo ext/session/mod_files.lo ext/session/mod_mm.lo ext/session/mod_user.lo ext/standard/array.lo ext/standard/base64.lo ext/standard/basic_functions.lo ext/standard/browscap.lo ext/standard/crc32.lo ext/standard/crypt.lo ext/standard/cyr_convert.lo ext/standard/datetime.lo ext/standard/dir.lo ext/standard/dl.lo ext/standard/dns.lo ext/standard/exec.lo ext/standard/file.lo ext/standard/filestat.lo ext/standard/flock_compat.lo ext/standard/formatted_print.lo ext/standard/fsock.lo ext/standard/head.lo ext/standard/html.lo ext/standard/image.lo ext/standard/info.lo ext/standard/iptc.lo ext/standard/lcg.lo ext/standard/link.lo ext/standard/mail.lo ext/standard/math.lo ext/standard/md5.lo ext/standard/metaphone.lo ext/standard/microtime.lo ext/standard/pack.lo ext/standard/pageinfo.lo ext/standard/parsedate.lo ext/standard/quot_print.lo ext/standard/rand.lo ext/standard/reg.lo ext/standard/soundex.lo ext/standard/string.lo ext/standard/scanf.lo ext/standard/syslog.lo ext/standard/type.lo ext/standard/uniqid.lo ext/standard/url.lo ext/standard/url_scanner.lo ext/standard/var.lo ext/standard/versioning.lo ext/standard/assert.lo ext/standard/strnatcmp.lo ext/standard/levenshtein.lo ext/standard/incomplete_class.lo ext/standard/url_scanner_ex.lo ext/standard/ftp_fopen_wrapper.lo ext/standard/http_fopen_wrapper.lo ext/standard/php_fopen_wrapper.lo ext/standard/credits.lo ext/standard/css.lo ext/standard/var_unserializer.lo ext/standard/ftok.lo ext/standard/aggregation.lo ext/standard/sha1.lo ext/tokenizer/tokenizer.lo ext/xml/xml.lo ext/xml/expat/xmlparse.lo ext/xml/expat/xmlrole.lo ext/xml/expat/xmltok.lo regex/regcomp.lo regex/regexec.lo regex/regerror.lo regex/regfree.lo TSRM/TSRM.lo TSRM/tsrm_strtok_r.lo TSRM/tsrm_virtual_cwd.lo main/main.lo main/snprintf.lo main/spprintf.lo main/php_sprintf.lo main/safe_mode.lo main/fopen_wrappers.lo main/alloca.lo main/php_ini.lo main/SAPI.lo main/rfc1867.lo main/php_content_types.lo main/strlcpy.lo main/strlcat.lo main/mergesort.lo main/reentrancy.lo main/php_variables.lo main/php_ticks.lo main/streams.lo main/network.lo main/php_open_temporary_file.lo main/php_logos.lo main/output.lo main/memory_streams.lo main/user_streams.lo Zend/zend_language_parser.lo Zend/zend_language_scanner.lo Zend/zend_ini_parser.lo Zend/zend_ini_scanner.lo Zend/zend_alloc.lo Zend/zend_compile.lo Zend/zend_constants.lo Zend/zend_dynamic_array.lo Zend/zend_execute_API.lo Zend/zend_highlight.lo Zend/zend_llist.lo Zend/zend_opcode.lo Zend/zend_operators.lo Zend/zend_ptr_stack.lo Zend/zend_stack.lo Zend/zend_variables.lo Zend/zend.lo Zend/zend_API.lo Zend/zend_extensions.lo Zend/zend_hash.lo Zend/zend_list.lo Zend/zend_indent.lo Zend/zend_builtin_functions.lo Zend/zend_sprintf.lo Zend/zend_ini.lo Zend/zend_qsort.lo Zend/zend_multibyte.lo Zend/zend_execute.lo sapi/cli/php_cli.lo sapi/cli/getopt.lo main/internal_functions_cli.lo -lcrypt -lresolv -lm -ldl -lnsl -lsocket -lgcc -lcrypt -ldl -o sapi/cli/php
Output line too long.
Output line too long.
Output line too long.
gcc: ext/stan: No such file or directory
gmake: *** [sapi/cli/php] Error 1

I downloaded php4-STABLE-200209261800 and used pure compiling . showing source still arisen . :(

Solaris' sed doesn't handle the long lines, you will have more luck with gnu sed. Can you install that and try again?

Derick

No error as php4-200209241800 when I compiled 
php4-STABLE-200209261800 .
But the running result is the same. :(

Try the latest snapshot not the stable, the 'stable' brach is likely not to have the fix you need.

I used php4-200209280000 . the running result is the same.

You dont have php_engine=off in any of your apache vhosts do you?

- James

Yes, I do. But I use <Location> tag to include it.
because I want to make PHP can't work in some directories.
Why the showing source arise randomly ?
If I can't use "php_engine=off" , how I disable PHP
in some directories, please ?

Okay, looks like an old bug resurfaced. Can you do the following test, and stick to it very precise:

1. stop apache
2. start apache in single process mode like:
   /path/to/apache/httpd -X
3. Request a page from a vhost/directory where PHP is enabled
4. Do that again :)
5. Request a page from a vhost/directory where PHP is disabled
6. Request a page from a vhost/directory where PHP is enabled (but not explicit with php_engine = on, just the 'default')
7. Request a page from a vhost/directory where PHP is enabled (implicit wirth php_engine = on)
Please tell us when you see the source and when not.

regards,
Derick

No wonder the situation never arises in Apache2 .
I haven't used "php_engine=off" in httpd.conf (Apache2
will report config error ! It doesn't know the instruct .)

So, I just use "AddType text/html .php" to replace
"php_engine=off". It's work ! No showing source arise,
and some directory can disable PHP.

Thanks your help.

Did you do the tests I asked you to do?

Derick

Will it fixed at next version?

Hi ,

I have a small question to this bug, because I have the same problem.

>1. stop apache
>2. start apache in single process mode like:
>   /path/to/apache/httpd -X
>3. Request a page from a vhost/directory where PHP is enabled
>4. Do that again :)
>5. Request a page from a vhost/directory where PHP is disabled
>6. Request a page from a vhost/directory where PHP is enabled (but not
>explicit with php_engine = on, just the 'default')
>7. Request a page from a vhost/directory where PHP is enabled (implicit
>wirth php_engine = on)
>Please tell us when you see the source and when not.

Test 3 and 4 with explicit php_engine directive or not (the same as 6)?

However, with php_engine=on in a <virtualhost><location> and also a concurrently php_engine off directive in another <virtualhost>, Apache results always the source code on my virtualhost with php_engine=on.

Regards,

-- 
Steve

3 and 4 with the "php_engine = on" directive please (explicit).

Derick

3. showing source code
4. showing source code
5. showing source code
6. no source code 
7. showing source code

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

windows 2003, iis, php 5.2.3... website loads php code in browser. Sucks big time.