Opened 3 years ago

Closed 3 years ago

#1275 closed defect (invalid)

php-fpm incorrectly populates PATH_INFO

Reported by: jbusuttil@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version:
Keywords: php-fpm PATH_INFO Cc:
uname -a: Linux pang 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.12.0
built by gcc 4.9.2 (Debian 4.9.2-10)
built with OpenSSL 1.0.1t 3 May 2016
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

Description

(domains and IPs have been anonymised throughout; config files attached)

I'm serving a simple test.php file:

<html>
<head><title>Test</title></head>
<body>
<pre>
<?php var_export($_SERVER)?>
</pre>
</body>
</html>

Correct output when I request https://mydomain.com/test.php

array (

'USER' => 'php',
'HOME' => '/nonexistent',
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
'HTTP_CONNECTION' => 'keep-alive',
'HTTP_DNT' => '1',
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br',
'HTTP_ACCEPT_LANGUAGE' => 'en-GB,en;q=0.5',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0',
'HTTP_HOST' => 'mydomain.com',
'REDIRECT_STATUS' => '200',
'SERVER_NAME' => 'mydomain.com',
'SERVER_PORT' => '443',
'SERVER_ADDR' => '1.2.3.4',
'REMOTE_PORT' => '50321',
'REMOTE_ADDR' => '5.6.7.8',
'SERVER_SOFTWARE' => 'nginx/1.12.0',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'HTTPS' => 'on',
'REQUEST_SCHEME' => 'https',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'DOCUMENT_ROOT' => '/var/websites/mydomain.com/wordpress',
'DOCUMENT_URI' => '/test.php',
'REQUEST_URI' => '/test.php',
'SCRIPT_NAME' => '/test.php',
'SCRIPT_FILENAME' => '/var/websites/mydomain.com/wordpress/test.php',
'CONTENT_LENGTH' => ,
'CONTENT_TYPE' =>
,
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => ,
'PATH_TRANSLATED' => '/var/websites/mydomain.com/wordpress/',
'PATH_INFO' => '/',
'FCGI_ROLE' => 'RESPONDER',
'PHP_SELF' => '/test.php/',
'REQUEST_TIME_FLOAT' => 1495124206.844153881072998046875,
'REQUEST_TIME' => 1495124206,

)

But when requesting https://mydomain.com/test.php/ (note trailing slash), PATH_INFO ends up with the value 'ATH_INFO' - which looks broken.

array (

'USER' => 'php',
'HOME' => '/nonexistent',
'ORIG_PATH_TRANSLATED' => '/var/websites/mydomain.com/wordpress/',
'ORIG_SCRIPT_FILENAME' => '/var/websites/mydomain.com/wordpress/test.php/index.php',
'ORIG_SCRIPT_NAME' => '/test.php/index.php',
'ORIG_PATH_INFO' => '/',
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
'HTTP_CONNECTION' => 'keep-alive',
'HTTP_DNT' => '1',
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br',
'HTTP_ACCEPT_LANGUAGE' => 'en-GB,en;q=0.5',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0',
'HTTP_HOST' => 'mydomain.com',
'REDIRECT_STATUS' => '200',
'SERVER_NAME' => 'mydomain.com',
'SERVER_PORT' => '443',
'SERVER_ADDR' => '1.2.3.4',
'REMOTE_PORT' => '50330',
'REMOTE_ADDR' => '5.6.7.8',
'SERVER_SOFTWARE' => 'nginx/1.12.0',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'HTTPS' => 'on',
'REQUEST_SCHEME' => 'https',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'DOCUMENT_ROOT' => '/var/websites/mydomain.com/wordpress',
'DOCUMENT_URI' => '/test.php/',
'REQUEST_URI' => '/test.php/',
'SCRIPT_NAME' => '/',
'SCRIPT_FILENAME' => '/var/websites/mydomain.com/wordpress/test.php',
'CONTENT_LENGTH' => ,
'CONTENT_TYPE' =>
,
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => ,
'PATH_TRANSLATED' => '/var/websites/mydomain.com/wordpressATH_INFO',
'PATH_INFO' => 'ATH_INFO',
'FCGI_ROLE' => 'RESPONDER',
'PHP_SELF' => '/ATH_INFO',
'REQUEST_TIME_FLOAT' => 1495124513.9823300838470458984375,
'REQUEST_TIME' => 1495124513,

)

Attachments (3)

nginx-server.conf.txt (2.0 KB ) - added by jbusuttil@… 3 years ago.
nginx server config
nginx.conf.txt (1.3 KB ) - added by jbusuttil@… 3 years ago.
nginx.conf
fastcgi_params.txt (1.1 KB ) - added by jbusuttil@… 3 years ago.
fastcgi_param include

Download all attachments as: .zip

Change History (4)

by jbusuttil@…, 3 years ago

Attachment: nginx-server.conf.txt added

nginx server config

by jbusuttil@…, 3 years ago

Attachment: nginx.conf.txt added

nginx.conf

by jbusuttil@…, 3 years ago

Attachment: fastcgi_params.txt added

fastcgi_param include

comment:1 by Maxim Dounin, 3 years ago

Resolution: invalid
Status: newclosed

PHP documentation on the ORIG_PATH_INFO variable says:

'ORIG_PATH_INFO'
Original version of 'PATH_INFO' before processed by PHP.

Note that in the second case this variable is present in the output, and has a correct value as per your nginx config. So it looks like the problem is on the PHP side. In particular, consider switching off the cgi.fix-pathinfo php.ini directive.

Note: See TracTickets for help on using tickets.