php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18371 --enable-discard-path breaks php-cgi
Submitted: 2002-07-16 10:57 UTC Modified: 2003-07-23 10:25 UTC
Votes:32
Avg. Score:4.8 ± 0.5
Reproduced:19 of 19 (100.0%)
Same Version:15 (78.9%)
Same OS:16 (84.2%)
From: janus at area319 dot de Assigned:
Status: Closed Package: CGI/CLI related
PHP Version: 4.3.2 OS: ALL
Private report: No CVE-ID: None
 [2002-07-16 10:57 UTC] janus at area319 dot de
If i compile PHP (4.x incl. CVS) as CGI (with --enable-discard-path) and want to run it with Apache2.0.39 PHP allways displays an parse error.
I tried it without --enable-discard-path and it works.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-16 14:53 UTC] sniper@php.net
Does this happen with Apache 1.3.26 ? And what is the script like this parse error comes with?

 [2002-07-16 16:28 UTC] janus at area319 dot de
I didn't tried it with Apache1.3.26.
The Script that produces the error is: "<? phpinfo() ?>", but all other scripts return the same.
 [2002-07-17 03:41 UTC] sniper@php.net
exactly how did you configure Apache2? (what lines you added/modified in httpd.conf)

 [2002-07-17 04:24 UTC] janus at area319 dot de
Action php-script /cgi-bin/php
AddHandler php-script .php
-- or --
ScriptAlias /x-mod-httpd-php4 "/here/is/my/bindir"
Action php-script /x-mod-httpd-php4/php
AddHandler php-script .php
 [2002-07-24 08:06 UTC] janus at area319 dot de
I tried it with Apache1.3.26, same error.
 [2002-08-20 09:35 UTC] janus at area319 dot de
I've set up Apache 1.3.26 with php and suexec.

php: ./configure --enable-force-cgi-redirect

This works if it's configured as i said... but this one is wrong:
_ENV["SCRIPT_NAME"]  =   /x-mod-httpd-php4/php
 [2002-12-03 01:09 UTC] shane@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

don't use discard path.

but really, fixed in cvs.
 [2003-06-03 02:52 UTC] shane@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


I do beleive you should not have any configuration for PHP in httpd.conf when you use --enable-discard-path?  See http://www.php.net/manual/en/security.cgi-bin.php Case 4.  If properly configured in this situation, you should not see the self parsing bug.  If --enable-discard-path is not what you really want, use --enable-force-cgi-redirect with the configuration you provided a long time ago.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 07:01:29 2024 UTC