[src/trunk]: src/libexec/httpd When invoking a content handler specified via ...

[tls <tls%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/ad9a90a70394
branches:  trunk
changeset: 759651:ad9a90a70394
user:      tls <tls%NetBSD.org@localhost>
date:      Tue Dec 14 13:27:39 2010 +0000

description:
When invoking a content handler specified via -C, set the REDIRECT_STATUS
CGI variable to "200".  This approximates the Apache behavior which is
required by phpcgi in PHP 5.3 (and by some compilations of older PHP
versions).

I have a revolutionary idea.  Perhaps instead of imposing bizarre
requirements on other programs in the name of "security", the PHP
developers should make their own code compile with oh, I don't know,
maybe -Wuninitialized.  That might have an effect on the security of
systems using PHP rather than on the "security" of such systems...

...excuse me, got to go now, I think my airquotes just wore out.

diffstat:

 libexec/httpd/cgi-bozo.c |  8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diffs (22 lines):

diff -r ffbb5e9dc491 -r ad9a90a70394 libexec/httpd/cgi-bozo.c
--- a/libexec/httpd/cgi-bozo.c  Tue Dec 14 13:00:34 2010 +0000
+++ b/libexec/httpd/cgi-bozo.c  Tue Dec 14 13:27:39 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cgi-bozo.c,v 1.18 2010/09/20 23:11:38 mrg Exp $        */
+/*     $NetBSD: cgi-bozo.c,v 1.19 2010/12/14 13:27:39 tls Exp $        */
 
 /*     $eterna: cgi-bozo.c,v 1.38 2010/09/20 22:25:00 mrg Exp $        */
 
@@ -408,6 +408,12 @@
        if (request->hr_remoteaddr && *request->hr_remoteaddr)
                bozo_setenv(httpd, "REMOTE_ADDR", request->hr_remoteaddr,
                                curenvp++);
+       /*
+        * XXX Apache does this when invoking content handlers, and PHP
+        * XXX 5.3 requires it as a "security" measure.
+        */
+       if (cgihandler)
+               bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++);
        bozo_auth_cgi_setenv(request, &curenvp);
 
        free(file);