diff options
| author | James Cox <imajes@php.net> | 2002-04-02 01:34:15 +0000 |
|---|---|---|
| committer | James Cox <imajes@php.net> | 2002-04-02 01:34:15 +0000 |
| commit | f3d107a1809ca15ff58a612e03389e83f602872c (patch) | |
| tree | 2582c42ddd3e6ef040b07f961f15e7c3d1131ec2 /sapi/cgi/cgi_main.c | |
| parent | da56fd7624764550eb94c66d645fe9f6ca859bfa (diff) | |
| download | php-git-f3d107a1809ca15ff58a612e03389e83f602872c.tar.gz | |
updated the alert sent to the browser. removed the verbosity, and linked to more info.
Diffstat (limited to 'sapi/cgi/cgi_main.c')
| -rw-r--r-- | sapi/cgi/cgi_main.c | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index a94b26669d..5f012bacb3 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -594,21 +594,13 @@ int main(int argc, char *argv[]) in case some server does something different than above */ && (!redirect_status_env || !getenv(redirect_status_env)) ) { - PUTS("<b>Security Alert!</b> PHP CGI cannot be accessed directly.\n\ -\n\ -<P>This PHP CGI binary was compiled with force-cgi-redirect enabled. This\n\ + PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\ +<p>This PHP CGI binary was compiled with force-cgi-redirect enabled. This\n\ means that a page will only be served up if the REDIRECT_STATUS CGI variable is\n\ -set. This variable is set, for example, by Apache's Action directive redirect.\n\ -<P>You may disable this restriction by recompiling the PHP binary with the\n\ ---disable-force-cgi-redirect switch. If you do this and you have your PHP CGI\n\ -binary accessible somewhere in your web tree, people will be able to circumvent\n\ -.htaccess security by loading files through the PHP parser. A good way around\n\ -this is to define doc_root in your php.ini file to something other than your\n\ -top-level DOCUMENT_ROOT. This way you can separate the part of your web space\n\n\ -which uses PHP from the normal part using .htaccess security. If you do not have\n\ -any .htaccess restrictions anywhere on your site you can leave doc_root undefined.\n\n\n\ -If you are running IIS, you may safely set cgi.force_redirect=0 in php.ini.\n\ -\n"); +set, eg via an Apache Action directive.</p>\n\ +<p>For more information about changing this behaviour or re-enabling this webserver,\n\ +consult the installation file that came with this distribution, or visit \n\ +<a href="http://php.net/install.windows">the manual page</a></p>\n"); /* remove that detailed explanation some time */ #ifdef ZTS |