PHP :: Bug #67298 :: $_SERVER['REQUEST_URI'] contains request target, not an actual URI

Bug #67298	$_SERVER['REQUEST_URI'] contains request target, not an actual URI
Submitted:	2014-05-18 00:51 UTC	Modified:	2026-05-20 13:53 UTC
From:	chealer at gmail dot com	Assigned:
Status:	Open	Package:	*General Issues
PHP Version:	Irrelevant	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	chealer at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2014-05-18 00:51 UTC] chealer at gmail dot com

Description:
------------
According to http://www.php.net/manual/en/reserved.variables.server.php the REQUEST_URI entry of $_SERVER contains "The URI which was given in order to access this page".

As reported in #66978, this is not the case, as the example given just after shows: "for instance, '/index.html'". Actually, REQUEST_URI contains a URI reference.

This bug exists since as far as I can remember. At this point, it is probably a bad idea to simply fix. This should probably be treated as a documentation bug, and just cause the $_SERVER documentation to fix the entry description, adding a warning about the name.

However, having the actual request URI would be useful too, be it through a new "ACTUAL_REQUEST_URI" entry, a function, or something.

Note: this bug is not completely PHP-specific. http://labs.apache.org/webarch/uri/rfc/rfc3986.html#hierarchical gives a historical perspective on URI/URL terminology.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2026-05-20 13:53 UTC] chealer at gmail dot com

-Summary: $_SERVER['REQUEST_URI'] does not contain the request's complete URI +Summary: $_SERVER['REQUEST_URI'] contains request target, not an actual URI

[2026-05-20 13:53 UTC] chealer at gmail dot com

This persists. The link is broken, but RFC 3986 is basically replaced by the URL standard.

I figured out what the issue is. What PHP calls REQUEST_URI is what HTTP 1.1 calls Request-URI, which is not actually a URI. That misleading term has been replaced with “request target” in HTTP 2.

This could be fixed by replacing with:
The request target which was given in order to access this page; for instance, '/index.html' or FIXME: 'htt://example .org/index.html'. HTTP 1.1 and below called the request target the "Request-URI.

I recommend renaming REQUEST_URI to REQUEST_TARGET.

License: All my contributions to this ticket (including comments and attachments) without a copyright notice are offered under the terms of CC0 1.0 (unless otherwise indicated).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Mon Jun 01 17:00:01 2026 UTC