Directly accessing CGI

Cort Tompkins rtompkin at cs.odu.edu
Wed Jun 13 21:31:26 PDT 2001


Hi,

I've been having problems running Nag because it directly accesses the CGI 
binary.  Running on a shared server I must use force-cgi-redirect for security 
reasons which won't let you directly access the CGI from a script (as Nag 
does).  

After a little investigation I found that Nag gets the CGI's location from 
Horde::selfURL which uses $HTTP_SERVER_VARS["SCRIPT_NAME"].  With a CGI PHP 
this will return the pathname of the CGI binary, hence the trouble.  I changed 
Horde::selfURL so that is uses $HTTP_SERVER_VARS["PHP_SELF"] and Nag now works.

Is this a reasonable change?  The source makes it sound like $PHP_SELF won't 
correctly propogate session-id's, should I worry about this?

Thanks.




More information about the horde mailing list