Skip to content

Commit 42bb3ed

Browse files
author
Sander Roobol
committed
MFH
1 parent e88d05b commit 42bb3ed

File tree

1 file changed

+9
-16
lines changed

1 file changed

+9
-16
lines changed

sapi/cgi/cgi_main.c

Lines changed: 9 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -497,23 +497,16 @@ int main(int argc, char *argv[])
497497
in case some server does something different than above */
498498
&& (!redirect_status_env || !getenv(redirect_status_env))
499499
) {
500-
PUTS("<b>Security Alert!</b> PHP CGI cannot be accessed directly.\n\
501-
\n\
502-
<P>This PHP CGI binary was compiled with force-cgi-redirect enabled. This\n\
500+
PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\
501+
<p>This PHP CGI binary was compiled with force-cgi-redirect enabled. This\n\
503502
means that a page will only be served up if the REDIRECT_STATUS CGI variable is\n\
504-
set. This variable is set, for example, by Apache's Action directive redirect.\n\
505-
<P>You may disable this restriction by recompiling the PHP binary with the\n\
506-
--disable-force-cgi-redirect switch. If you do this and you have your PHP CGI\n\
507-
binary accessible somewhere in your web tree, people will be able to circumvent\n\
508-
.htaccess security by loading files through the PHP parser. A good way around\n\
509-
this is to define doc_root in your php.ini file to something other than your\n\
510-
top-level DOCUMENT_ROOT. This way you can separate the part of your web space\n\n\
511-
which uses PHP from the normal part using .htaccess security. If you do not have\n\
512-
any .htaccess restrictions anywhere on your site you can leave doc_root undefined.\n\n\n\
513-
If you are running IIS, you may safely set cgi.force_redirect=0 in php.ini.\n\
514-
\n");
515-
516-
/* remove that detailed explanation some time */
503+
set, e.g. via an Apache Action directive.</p>\n\
504+
<p>For more information as to <i>why</i> this behaviour exists, see the <a href=\"http://php.net/security.cgi-bin\">\
505+
manual page for CGI security</a>.</p>\n\
506+
<p>For more information about changing this behaviour or re-enabling this webserver,\n\
507+
consult the installation file that came with this distribution, or visit \n\
508+
<a href=\"http://php.net/install.windows\">the manual page</a>.</p>\n");
509+
517510
#ifdef ZTS
518511
tsrm_shutdown();
519512
#endif

0 commit comments

Comments
 (0)