[TYPO3-core] RFC: Bug #5548: cli_dispatch.phpsh will not run on CGI API
Steffen Gebert
steffen at steffen-gebert.de
Tue Jan 20 14:00:58 CET 2009
Dmitry Dulepov wrote:
> Steffen Gebert wrote:
>> Description:
>> As already stated in a longer discussion [1], cli_dispatch.phpsh doesn't
>> work in CGI environments as PHP_SAPI is 'cgi', not 'cli'. This blocks CGI
>> users and forces them to patch TYPO3 core code, if they want to use
>> cli_dispatch.phpsh
> This is not enough. Executing cli_dispatch.phpsh under cgi SAPI must be
> disallowed from the browser. Otherwise cli_dispatch.phpsh may be used to
> execute processes that must not run under the web server.
Is *.phpsh parsed by PHP on your server? ;-)
How should $_SERVER['argv'][1] be set by HTTP, to do any task?
> I think that check will be complicated. For example, checking for
> HTTP_USER_AGENT is not a valid way because it can be fooled using telnet.
We could check REMOTE_ADDR - this will be empty while running from command line and I'm quite sure never when launched by a HTTP server.
Would this be acceptable?
Steffen
More information about the TYPO3-team-core
mailing list