From: James F. <jf...@uv...> - 2004-09-01 21:19:34
|
I took a look at your changes and it looks good to me for detecting CGI. Good idea pointing to the FAQ. I think that you can detect IIS with: php_sapi_name() == 'isapi' There are a ton of other SAPI but I guess we can add them one by one to the check as we get feedback. -James Quoting Matthew Gregg <gr...@mu...>: > Just committed changes to manage.php and the FAQ that checks for PHP > running in CGI mode and auth_design enabled. I'm unsure what to look > for if IIS is being used? > Currently it displays a fatal warning message with a link to the FAQ > that describes the situation. > > I'm against disabling auth. automatically, but will add that if anyone > feels strongly for it. > > On Wed, 2004-09-01 at 10:01 -0400, Matthew Gregg wrote: > > I was planning to rip out the php "basic auth" code and replace it > with > > a form/session post 1.7. Since this is a such a pain for folks, I'll > do > > the detect and alert version this week, maybe today. Of course I > may > > not get to this if we end up doing an evac. for hurricane Frances. > > > > On Tue, 2004-08-31 at 21:59 -0600, James E. Flemer wrote: > > > Hey guys, > > > > > > Can we elimitate this stupid problem with authentication in CGI > mode > > > (and IIS) mode for good? Clearly it can be detected with code, > because > > > I wrote code for test.php to check the SAPI and such and print bad > stuff > > > in red. How about we change the admin interface to disable auth on > the > > > fly when it detects CGI or IIS? It can print out a big error > message > > > telling the user their fly is unzipped, unless it detects Apache > Basic > > > Auth (REMOTE_USER is set). > > > > > > Any takers on coding it up? I know Matthew Gregg is/was trying to > make > > > a new release... Let's fix this damn nuisance before the release. > > > > > > Send a patch to the list, or just commit away and report back if > you've > > > got CVS access. > > > > > > -James > > > > > > > > > ------------------------------------------------------- > > > This SF.Net email is sponsored by BEA Weblogic Workshop > > > FREE Java Enterprise J2EE developer tools! > > > Get your free copy of BEA WebLogic Workshop 8.1 today. > > > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > > > _______________________________________________ > > > phpESP-devel mailing list > > > php...@li... > > > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > > > -- > mcg > ------------------------------------- > The IT Lab (http://www.itlab.musc.edu) > > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > -James -- Quis custodiet ipsos custodes? |