Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2]   Go Down

Author Topic: Security Alert! The PHP CGI cannot be accessed directly  (Read 104673 times)

0 Members and 1 Guest are viewing this topic.

nikita

  • Coppermine newbie
  • Offline Offline
  • Posts: 13
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #20 on: June 22, 2004, 08:50:35 am »

ok i've replaced :

Quote
$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];

by

Quote
$PHP_SELF = $_SERVER['PHP_SELF'] ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];

i don't know if i had to keep the ; so i try :

Quote
$PHP_SELF = $_SERVER['PHP_SELF']; ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];

i try that too :

Quote
$PHP_SELF = isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];


and it's the same problem  :\'(

i can ask to my server admin if there is an information you need.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #21 on: June 22, 2004, 10:48:35 am »

Try changing
Code: [Select]
$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];to
Code: [Select]
$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $_SERVER['PHP_SELF'];
GauGau
Logged

nikita

  • Coppermine newbie
  • Offline Offline
  • Posts: 13
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #22 on: June 22, 2004, 11:39:15 am »

done, same problem.
Logged

hollandy2k

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #23 on: June 24, 2004, 05:49:08 pm »

Hello,

I have the same problem withe the language files. When i select another language i get :

Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.
This in on my phpinfo:

_SERVER["PHP_SELF"] /foto/phpinfo.php 

REDIRECT_STATUS 200
REDIRECT_URL /foto/phpinfo.php

Mirjam
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #24 on: June 25, 2004, 01:30:33 am »

I'm not sure what to advice except playing with the vars in init.inc.php to find one you actually have on your server.

GauGau
Logged

cjkline83

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #25 on: June 26, 2004, 12:44:11 pm »

I'm confused as to what exactly to modify.

I've edited init.inc.php to state the following:
Quote
$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];

But its still not working. http://cjkline83.shacknet.nu/cm
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #26 on: November 30, 2004, 11:29:49 pm »

I ran into the same problem I guess after upgrading PHP on my computer; the installation came with a different php.ini file.

$_SERVER["SCRIPT_NAME"] was pointing to php/php.exe so that broke the language and theme selectors for me.

I eventually fixed it by changing a setting in php.ini. Since not everyone can edit php.ini, this won't be very helpful for everyone, but I'll share it anyway.

It turned out that my new php.ini file commented out
Code: [Select]
; cgi.fix_pathinfo=1
I removed the semi-colon to enable that line and recompiled php and it worked. My selectors worked again.

Also note that I am using Apache, and PHP as cgi.
« Last Edit: November 30, 2004, 11:42:54 pm by TranzNDance »
Logged

wilq

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #27 on: December 17, 2004, 08:43:26 pm »

Hello
unluckly I become one of those who have got same problem.
I tried suggested solutions but without result.

Did any body move forrward ??

My web is at: www.komsad.com/piotrw changing them or lang We get Security alert ...
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #28 on: December 19, 2004, 06:50:36 am »

try contacting your webhost for support (send them the url of this thread as well).

Joachim
Logged

drsirius

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #29 on: December 19, 2004, 01:29:41 pm »

In include/init.inc.php, change $PHP_SELF to:

Code: [Select]
$PHP_SELF = $_SERVER['PHP_SELF'];

@GauGau,

I've noticed that this is the only self variable that the PHP-CGI binaries seem to create. It might be a good idea to put a note for PHP-CGI users in the documentation.

I had the same problem there my webhost uses the php.cgi
however I did not find this in the documentation and spent some time searching the forum

maybe it would be wise to add a reference for cgi hosted people and keep up the good work  ;)
Logged

Wega

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: Security Alert! The PHP CGI cannot be accessed directly
« Reply #30 on: September 27, 2005, 11:09:35 pm »

I ran into the same problem I guess after upgrading PHP on my computer; the installation came with a different php.ini file.

$_SERVER["SCRIPT_NAME"] was pointing to php/php.exe so that broke the language and theme selectors for me.

I eventually fixed it by changing a setting in php.ini. Since not everyone can edit php.ini, this won't be very helpful for everyone, but I'll share it anyway.

It turned out that my new php.ini file commented out
Code: [Select]
; cgi.fix_pathinfo=1
I removed the semi-colon to enable that line and recompiled php and it worked. My selectors worked again.

Also note that I am using Apache, and PHP as cgi.

I did so, but then I'v got some errorrs on the header of the page
Code: [Select]
Notice: Undefined index: PATH_TRANSLATED in C:\www\coppermine\index.php on line 21

Notice: Undefined offset: -1 in C:\www\coppermine\index.php on line 22

Warning: Cannot modify header information - headers already sent by (output started at C:\www\coppermine\index.php:21) in C:\www\coppermine\themes\igames\theme.php on line 825

Warning: Cannot modify header information - headers already sent by (output started at C:\www\coppermine\index.php:21) in C:\www\coppermine\themes\igames\theme.php on line 826

Warning: Cannot modify header information - headers already sent by (output started at C:\www\coppermine\index.php:21) in C:\www\coppermine\include\functions.inc.php on line 51
I removed those lines (21)
Code: [Select]
// Check if standalone is installed in a portal like phpNuke (added by DJMaze)
$DIR=preg_split("/[\/\\\]/",dirname($_SERVER['PATH_TRANSLATED']));
if ($DIR[count($DIR)-2] == "modules") {
    echo "<html><body><h1>ERROR</h1>You installed the standalone Coppermine into your Nuke portal.<br>".
         "Please download and install a CPG Port: <a href=\"http://sourceforge.net/project/showfiles.php?group_id=89658\">CPG for PostNuke OR CPG for PHPnuke</a></body></html>";
    die();
} // end check
and ewerything works fine now.
Logged
Pages: 1 [2]   Go Up
 

Page created in 0.021 seconds with 20 queries.