id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 143 Using fastcgi_split_path_info to populate PATH_TRANSLATED should comply with CGI 1.1 spec James Kennedy somebody "From [http://tools.ietf.org/html/rfc3875#page-14 RFC3875]: The server SHOULD set this meta-variable if the request URI includes a path-info component. If PATH_INFO is NULL, then the PATH_TRANSLATED variable MUST be set to NULL (or unset). Recommended configuration from http://wiki.nginx.org/HttpFcgiModule#fastcgi_split_path_info: {{{ fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; }}} Using this configuration always results in PATH_TRANSLATED being populated even when PATH_INFO is empty. This is not compliant with the description above. This can be resolved by not sending the PATH_TRANSLATED parameter when PATH_INFO is empty or not set. Alternately, fastcgi_split_path_info could be a block directive where the block contents are only processed if the regex matches on both tags. This could look like this: {{{ fastcgi_split_path_info ^((?U).+\.php)(/?.+)$ { fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; } }}} This would allow the current non-RFC-compliant cofiguration if someone needs it for some reason, while allowing administrators to set compliant configurations as well. The documentation should be updated with details of how to configure your server to be CGI 1.1 compliant." defect closed major nginx-module 1.0.x invalid HttpFcgiModule Linux centos.vm 2.6.32-220.7.1.el6.i686 #1 SMP Tue Mar 6 21:21:22 GMT 2012 i686 i686 i386 GNU/Linux "nginx version: nginx/1.0.14 built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC) TLS SNI support enabled configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -march=i386 -mtune=i686' "