Opened 7 years ago
Closed 7 years ago
#1275 closed defect (invalid)
php-fpm incorrectly populates PATH_INFO
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-module | Version: | |
Keywords: | php-fpm PATH_INFO | Cc: | |
uname -a: | Linux pang 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.12.0
built by gcc 4.9.2 (Debian 4.9.2-10) built with OpenSSL 1.0.1t 3 May 2016 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' |
Description
(domains and IPs have been anonymised throughout; config files attached)
I'm serving a simple test.php file:
<html>
<head><title>Test</title></head>
<body>
<pre>
<?php var_export($_SERVER)?>
</pre>
</body>
</html>
Correct output when I request https://mydomain.com/test.php
array (
'USER' => 'php',
'HOME' => '/nonexistent',
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
'HTTP_CONNECTION' => 'keep-alive',
'HTTP_DNT' => '1',
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br',
'HTTP_ACCEPT_LANGUAGE' => 'en-GB,en;q=0.5',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0',
'HTTP_HOST' => 'mydomain.com',
'REDIRECT_STATUS' => '200',
'SERVER_NAME' => 'mydomain.com',
'SERVER_PORT' => '443',
'SERVER_ADDR' => '1.2.3.4',
'REMOTE_PORT' => '50321',
'REMOTE_ADDR' => '5.6.7.8',
'SERVER_SOFTWARE' => 'nginx/1.12.0',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'HTTPS' => 'on',
'REQUEST_SCHEME' => 'https',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'DOCUMENT_ROOT' => '/var/websites/mydomain.com/wordpress',
'DOCUMENT_URI' => '/test.php',
'REQUEST_URI' => '/test.php',
'SCRIPT_NAME' => '/test.php',
'SCRIPT_FILENAME' => '/var/websites/mydomain.com/wordpress/test.php',
'CONTENT_LENGTH' => ,
'CONTENT_TYPE' => ,
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => ,
'PATH_TRANSLATED' => '/var/websites/mydomain.com/wordpress/',
'PATH_INFO' => '/',
'FCGI_ROLE' => 'RESPONDER',
'PHP_SELF' => '/test.php/',
'REQUEST_TIME_FLOAT' => 1495124206.844153881072998046875,
'REQUEST_TIME' => 1495124206,
)
But when requesting https://mydomain.com/test.php/ (note trailing slash), PATH_INFO ends up with the value 'ATH_INFO' - which looks broken.
array (
'USER' => 'php',
'HOME' => '/nonexistent',
'ORIG_PATH_TRANSLATED' => '/var/websites/mydomain.com/wordpress/',
'ORIG_SCRIPT_FILENAME' => '/var/websites/mydomain.com/wordpress/test.php/index.php',
'ORIG_SCRIPT_NAME' => '/test.php/index.php',
'ORIG_PATH_INFO' => '/',
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
'HTTP_CONNECTION' => 'keep-alive',
'HTTP_DNT' => '1',
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br',
'HTTP_ACCEPT_LANGUAGE' => 'en-GB,en;q=0.5',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0',
'HTTP_HOST' => 'mydomain.com',
'REDIRECT_STATUS' => '200',
'SERVER_NAME' => 'mydomain.com',
'SERVER_PORT' => '443',
'SERVER_ADDR' => '1.2.3.4',
'REMOTE_PORT' => '50330',
'REMOTE_ADDR' => '5.6.7.8',
'SERVER_SOFTWARE' => 'nginx/1.12.0',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'HTTPS' => 'on',
'REQUEST_SCHEME' => 'https',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'DOCUMENT_ROOT' => '/var/websites/mydomain.com/wordpress',
'DOCUMENT_URI' => '/test.php/',
'REQUEST_URI' => '/test.php/',
'SCRIPT_NAME' => '/',
'SCRIPT_FILENAME' => '/var/websites/mydomain.com/wordpress/test.php',
'CONTENT_LENGTH' => ,
'CONTENT_TYPE' => ,
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => ,
'PATH_TRANSLATED' => '/var/websites/mydomain.com/wordpressATH_INFO',
'PATH_INFO' => 'ATH_INFO',
'FCGI_ROLE' => 'RESPONDER',
'PHP_SELF' => '/ATH_INFO',
'REQUEST_TIME_FLOAT' => 1495124513.9823300838470458984375,
'REQUEST_TIME' => 1495124513,
)
Attachments (3)
Change History (4)
by , 7 years ago
Attachment: | nginx-server.conf.txt added |
---|
comment:1 by , 7 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
PHP documentation on the ORIG_PATH_INFO
variable says:
'ORIG_PATH_INFO'
Original version of 'PATH_INFO' before processed by PHP.
Note that in the second case this variable is present in the output, and has a correct value as per your nginx config. So it looks like the problem is on the PHP side. In particular, consider switching off the cgi.fix-pathinfo php.ini directive.
nginx server config