Problems with CGI wrapper for PHP

Question

I'm having a bugger of a time with a CGI wrapper for PHP. I know very little about CGI and PHP as CGI.

Here's what I know about the system:

• Solaris 10 on a 386
• Suhosin
• PHP normally running as CGI, with cgiwrap (http://cgiwrap.sourceforge.net/). I am not able to find an example wrapper.cgi on the server to look at.
• Shared hosting (virtual host), so I don't have access to Apache config. But the admins are not helpful. Switching hosts is not an option.
• Options directive cannot be overridden in .htaccess (ExecCGI, for example).

.htaccess:

AddHandler php-handler .php  
Action php-handler "/bin/test.cgi"

~/public_html/bin/test.cgi:

#!/usr/bin/sh

# Without these 2 lines, I get an Internal Server Error
echo "Content-type: text/html"
echo ""

exec "/path/to/php-cgi" 'foo.php';

/bin/foo.php:

<?php 
echo "this is foo.php!";

Output of http://mysite.com/bin/test.cgi:

X-Powered-By: PHP/5.2.11 Content-type: text/html echo "Content-type: text/html" echo "" exec "/path/to//php-cgi" 'foo.php';

Output of http:/ /mysite.com/anypage.php:

X-Powered-By: PHP/5.2.11 Content-type: text/html echo "Content-type: text/html" echo "" exec "/path/to//php-cgi" 'foo.php';

The things I note are:

• PHP is being executed, as noted by the X-Powered-By ... header.
• The source of /bin/test.cgi is output in the results.
• No matter what I put as the second argument of exec, it isn't passed to the php binary. I've tried '-i' to get phpinfo, '-v' to get the version...
• When I execute test.cgi via the shell, I get the expected results (the argument is passed to php, and it is reflected in the output).

Any ideas about how to get this to work?

UPDATE

• It appears that the reason the source of the test.cgi was appearing was due to errors. Anytime fatal error occurred, either within the cgi itself or with the command being executed by exec, it would cause the source of the cgi to appear.
• Within test.cgi, I can get the proper output with exec "/path/to/php-cgi" -h (I get the same thing as I would from CLI).

Answer 1

You get the internal server error because it expects the file to contain Perl, not PHP code? I mean, where are the <?php ?> tags (without them this is text and won't get parsed as PHP) ...Guess one cannot AddType like this - I'd suggest to AddType within a <Directory> directive - in order to have the rest unaffected (the path as pattern is the problem, i guess). Besides exec() expects 3 parameters which should be wrapped in brackets - at least in PHP.

Answer 2

Can't really tell but here are some thoughts:

• Don't output anything before you exec the php script as php itself handles the response header.

• To call the script try exec "/path/to/php-cgi \"/path/to/script/foo.php\""

Hope I could help.

EDIT

You might wanna have a look at this post of Stuart Herbert. Particulary the part where he writes:

#!/bin/bash

/usr/bin/php-cgi "$@"

This script simply executes our central copy of the PHP CGI executable, passing through whatever parameters Apache has called the bash script with.

Answer 3

A couple of thoughts:

1. I'm pretty sure that suhosin isn't going to do you much good here. Not that it'll harm anything. But, in this case, PHP scripts are going to execute under very unprivileged users (one hopes). The systems access control tools will keep the script sandboxed.

2. It's my understanding that you can use the following configuration directives (amusing that your php-cgi binary is located at /usr/bin/php-cgi you can just access and run PHP scripts as CGIs in the conventional way.

   ScriptAlias /local-bin /usr/bin
AddHandler application/x-httpd-php5 php
Action application/x-httpd-php5 /local-bin/php-cgi

   Stick that in the config. Upload a php file. Hit the php file from your browser, and it should all work.

Answer 4

Why not just put the php-cgi file in the bin folder directly, and put that as your handler as opposed to test.cgi calling it.