tomclegg.net


Diary
Examples
    256-router
    adzap
    apache-double-reverse
    cacti-adodb-php4
    debian-quota
    diskonmodule
    dollarsperbyte
    dynip
    ezmlm-linux
    fbsdhabits
    freebsdclone
    macbook-quantal-sound
    maildirpop3d-awfulhak
    mandy
    md
    mrtg
    net-snmp
    nodefaultroute
    oracle9i
    oracle9i-bsd5
    oracle9i-client
    oracle9i-nat
  >php-cgi<
    php-commandline
    php-image
    php-kics
    php-mini_httpd
    pinouts
    pizzaperdollar
    plesk-symlink-php
    pxe
    qmail-linux
    qmail-qfilter
    racoon-sonicwall
    redundant-vpn
    rewriterule
    seahorse-workaround
    setting-locale-failed
    smalldog
    snmpv3-cacti
    spamassassin
    squid-tproxy
    supfile
    suse73
    svc-nmbd
    svc-smbd
    svc-smtpd
    switch-virtualbox-virsh
    toyotastereo
    vm
    vn-file
    wmp-invalid
    xcode-remote-install
    xen-eth0-renamed
    xen-monowall
    xen3-ubuntu-dapper
    zz-update-grub-fail
Hire Tom
Mostly Mozart
Patches
School
Scrapbook
Software
Telephones




colocation
comments
davidireland
edsgranola
faq
funsites
goodlooking
goodmovies
google-earth-saucy-amd64
houserules
liberating
resume
resume2
scratch
shopping
snacks
todo
university
warisbogus

Installing PHP 4.3.3 as a CGI with #! support
Posted August 22, 2003

You want some sites ("foo.dom") to use "Action ... /php.cgi":

-rw-r--r-- foo foo /home/foo/docroot/.htaccess
-rwx------ foo foo /home/foo/docroot/php.cgi
-rw-r--r-- foo foo /home/foo/docroot/example.php

You want some other sites ("bar.dom") to use "#!/usr/local/bin/php":

-rwx------ bar  bar   /home/bar/docroot/example.php
-rwxr-xr-x root wheel /usr/local/bin/php

You don't want this security hole.

http://foo.dom/php.cgi/.htaccess

Or this one.

http://bar.dom/example.php/.htaccess

(http://bar.dom/example.php/.htaccess should execute example.php with /.htaccess in $_ENV[PATH_INFO]. Without a patch, PHP executes /home/bar/docroot/.htaccess as a PHP program, which means sending it to the client.)

Build two versions of PHP, one with "force_cgi_redirect" disabled. (If you don't enable this during ./configure when you build PHP, then the setting in php.ini has no effect.)

  1. extract source code
  2. apply php433-hashbang-pathinfo patch
  3. configure with --disable-path-info-check and without --enable-force-cgi-redirect
  4. make
  5. make install
  6. strip /usr/local/bin/php
  7. delete build dir and extract source code again
  8. apply "check script owner" and "path info" patches
  9. configure with --enable-force-cgi-redirect
  10. make
  11. cp -p sapi/cgi/php /usr/local/bin/php.cgi
  12. strip /usr/local/bin/php.cgi
  13. ensure cgi.force_redirect = 1 in /usr/local/lib/php.ini