php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73813 Access to php.net through a company firewall
Submitted: 2016-12-26 09:24 UTC Modified: 2017-01-16 04:44 UTC
From: julien dot w dot dev at gmail dot com Assigned: levim (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: Linux Fedora 20, Windows 10
Private report: No CVE-ID: None
View Developer Edit
 [2016-12-26 09:24 UTC] julien dot w dot dev at gmail dot com 
Description:
------------
Hello,

I have a problem accessing 'http://www.php.net/' from my company network.
A colleague of mine found that we could still access the secure version of the website (https://secure.php.net/).

We told our Sys Admin about that, he took a look and he thinks the cause is 'the HTML structure of the page'.

The company firewall raises an error saying:

"Web 2.0: Php script loaded through an img HTML tag." and there seems to be is a filter rule about that, that is not set for secure connection, thus the fact that we can still access the secure version.

Any idea what might cause that on your page?
Any other words from such a problem?

Have a nice day!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-27 12:19 UTC] cmb@php.net 
> "Web 2.0: Php script loaded through an img HTML tag." […]
>
> Any idea what might cause that on your page?

Apparently, your firewall doesn't like:

  <img src="/images/logo.php" width="48" height="24" alt="php">
 [2016-12-28 09:22 UTC] julien dot w dot dev at gmail dot com 
Thank you for looking into this and for the lead, I'll forward it to our Sys Admin!

Why does this PNG image have a 'php' extension anyway?
 [2016-12-28 15:55 UTC] levim@php.net 
This file is changed from time to time dynamically. I'd prefer to get rid of it myself especially since the elphpants caused complaints, which was the only other major change aside from it wearing a hat during the winter season.

Anyone opposed to always serving a PNG or SVG?
 [2016-12-28 16:07 UTC] maggus dot staab at gmail dot com 
Souldnt php.net be https only (so redirect all unencrypted traffic to a encrypted equvialent)?

That way firewalls also cannot mess with the contents..
 [2016-12-28 17:10 UTC] levim@php.net 
Perhaps we can work towards https on everything; historically this would have been cost prohibitive but perhaps we could use Let's Encrypt.
 [2017-01-06 23:50 UTC] cmb@php.net 
> Anyone opposed to always serving a PNG or SVG?

What about changing the attribute value from logo.php to
logo.(png|svg)? If we want to serve dynamic content, we could
rewrite the URL to point to an actual PHP script. Guess the
firewall would be fine with this.
 [2017-01-16 04:42 UTC] krakjoe@php.net
-Assigned To: +Assigned To: levim
 [2017-01-16 04:42 UTC] krakjoe@php.net 
Assigning to you Levi, do as you think is best please.
 [2017-01-16 04:44 UTC] levim@php.net
-Status: Assigned +Status: Closed
 [2017-01-16 04:44 UTC] levim@php.net 
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php
 [2017-01-16 04:44 UTC] levim@php.net 
Meh, I didn't know what the text of that quick option would be; but this is fixed on live websites.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 06:01:27 2025 UTC