#572 Calling PHP inside Webmin

0.970
closed
nobody
None
5
2002-07-25
2002-07-24
Anonymous
No

This is the scenario:

inside a Webmin page, trying to access via the
PHP interpreter to a php script:

$script = "example1.php";
open(DEST, "> $dest_file");
open(PRG, "php $script |")
while (<PRG>)
{
print DEST "$_";
}
close(PRG);
close(DEST);

If I try to use this code as a stand-alone script
(say try.pl) from command-line, the code execute
correctly : the called php script creates its output
(a jpg file, by the way).

But if I try using it under Webmin, the php
interpreter reports this error:

==================================
<P>This PHP CGI binary was compiled with
force-cgi-redirect enabled. This
means that a page will only be served up if the
REDIRECT_STATUS CGI variable is
set. This variable is set, for example, by Apache's
Action directive redirect.
<P>You may disable this restriction by recompiling
the PHP binary with the
--disable-force-cgi-redirect switch. If you do this
and you have your PHP CGI
binary accessible somewhere in your web tree,
people will be able to circumvent
.htaccess security by loading files through the
PHP parser. A good way around
this is to define doc_root in your php.ini file to
something other than your
top-level DOCUMENT_ROOT. This way you can
separate the part of your web space

which uses PHP from the normal part using
.htaccess security. If you do not have
any .htaccess restrictions anywhere on your site
you can leave doc_root undefined.
===================================

Seems that the Webmin environment is
missing/adding something that upsets php.

Any clue?

Discussion

  • Jamie Cameron

    Jamie Cameron - 2002-07-25
    • status: open --> closed
     
  • Jamie Cameron

    Jamie Cameron - 2002-07-25

    Logged In: YES
    user_id=129364

    The problem here is that PHP thinks it is running directly
    from a web
    server as a CGI script, which it is not really. This is
    caused by it seeing
    some of the CGI environment variables.
    To avoid this, call the webmin function &clean_environment();
    before your call to PHP.

     

Log in to post a comment.