diff options
| author | Shane Caraveo <shane@php.net> | 2002-03-01 00:19:01 +0000 |
|---|---|---|
| committer | Shane Caraveo <shane@php.net> | 2002-03-01 00:19:01 +0000 |
| commit | e2b1161ea6511406657ec7c8986af2802077e942 (patch) | |
| tree | 8865fb3c8be598b866125e660c254c454d485473 /sapi/cgi/cgi_main.c | |
| parent | a9fcfb133cf9a060703d844288eacc01ead16b4c (diff) | |
| download | php-git-e2b1161ea6511406657ec7c8986af2802077e942.tar.gz | |
fix force redirect crash under multithreaded compile
should be discused: fix redirect detection to only work with apache or netscape,
where we know they set an environment variable regarding redirect. IIS has
no security issue here. Don't know about other windows web servers.
Diffstat (limited to 'sapi/cgi/cgi_main.c')
| -rw-r--r-- | sapi/cgi/cgi_main.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 7ec927bcab..64a6333f24 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -453,8 +453,20 @@ int main(int argc, char *argv[]) ap_php_optarg = orig_optarg; } + +#ifdef ZTS + compiler_globals = ts_resource(compiler_globals_id); + executor_globals = ts_resource(executor_globals_id); + core_globals = ts_resource(core_globals_id); + sapi_globals = ts_resource(sapi_globals_id); + tsrm_ls = ts_resource(0); +#endif + /* startup after we get the above ini override se we get things right */ if (php_module_startup(&cgi_sapi_module)==FAILURE) { +#ifdef ZTS + tsrm_shutdown(); +#endif return FAILURE; } @@ -467,7 +479,13 @@ int main(int argc, char *argv[]) * http://www.koehntopp.de/php. * -- kk@netuse.de */ - if (!getenv("REDIRECT_STATUS") && !getenv ("HTTP_REDIRECT_STATUS")) { + if (!getenv("REDIRECT_STATUS") && !getenv ("HTTP_REDIRECT_STATUS") +#ifdef PHP_WIN32 + /* IIS doesn't set anything, look to see if php.exe is in the script_name */ + && (strstr(getenv("SERVER_SOFTWARE"),"Apache") || + strstr(getenv("SERVER_SOFTWARE"),"iPlanet")) +#endif + ) { PUTS("<b>Security Alert!</b> PHP CGI cannot be accessed directly.\n\ \n\ <P>This PHP CGI binary was compiled with force-cgi-redirect enabled. This\n\ @@ -484,19 +502,15 @@ any .htaccess restrictions anywhere on your site you can leave doc_root undefine \n"); /* remove that detailed explanation some time */ +#ifdef ZTS + tsrm_shutdown(); +#endif return FAILURE; } } #endif /* FORCE_CGI_REDIRECT */ -#ifdef ZTS - compiler_globals = ts_resource(compiler_globals_id); - executor_globals = ts_resource(executor_globals_id); - core_globals = ts_resource(core_globals_id); - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); -#endif zend_first_try { if (!cgi) { |