Subject: Re: CGI changes for the php4 and php5 packages
To: Todd Vierling <>
From: Jaromir Dolecek <>
List: tech-pkg
Date: 09/09/2005 20:03:07
On Tue, Sep 06, 2005 at 03:46:34PM -0400, Todd Vierling wrote:
> On Sun, 4 Sep 2005, Johnny C. Lam wrote:
> > Since there are already packages that build and install Apache-specific
> > versions of PHP (ap-php4 and ap-php5), I think we should change the
> > PHP packages to *not* configure with:
> >
> > 	--enable-force-cgi-redirect
> This I agree with.

I do not. It is important security measure according to PHP (Zend)
developers. It can be switched off via php.ini's cgi.force_redirect
> > 	--enable-discard-path
> This I would agree with, only if it can be shown that it still works if the
> PHP CGI program is run from somewhere other than the /cgi-bin/php path of a
> non-Apache webserver.

According to:

it appears such setup would not work, PATH_INFO and PATH_TRANSLATED
would contain incorrect info.
> > We should also build them with FastCGI support (--enable-fastcgi) to
> > facilitate setting up a usable PHP installation for use with non-Apache
> > web-servers.  This would also be usable by Apache if a webadmin chooses
> > to use FastCGI PHP instead of mod_php.
> Yes, since libfcgi is included with the package (thus this adds no more
> dependencies).

Yes, this would be useful - thanks for pointing out.

Jaromir Dolecek <>  
-=- We can walk our road together if our goals are all the same;     -=-
-=- We can run alone and free if we pursue a different aim.          -=-