php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31892 PHP_SELF incorrect without cgi.fix_pathinfo, but turning on screws up PATH_INFO
Submitted: 2005-02-09 09:34 UTC Modified: 2007-08-08 13:03 UTC
Votes:37
Avg. Score:4.8 ± 0.5
Reproduced:33 of 33 (100.0%)
Same Version:14 (42.4%)
Same OS:19 (57.6%)
From: ceefour at gauldong dot net Assigned: dmitry (profile)
Status: Closed Package: CGI/CLI related
PHP Version: 5CVS, 4CVS (2005-02-11) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ceefour at gauldong dot net
New email:
PHP Version: OS:

 

 [2005-02-09 09:34 UTC] ceefour at gauldong dot net 
Description:
------------
Following up bug #31843, I tried to set cgi.fix_pathinfo On, which is "weird" considering that this option says ANYthing about PHP_SELF. But a good friend of mine pointed out it works on fixing PHP_SELF, so I did, and to my surprise, it works!

So, my problem was solved, PHP_SELF was returning the correct value... though not in a very elegant way, in my opinion, since who has access to some hosting server's php.ini? Everyone but the most elite premium services, I guess. Nonetheless it worked, so I enjoyed cherish, fortune, and glory... for several seconds.

It turned that turning on cgi.fix_pathinfo actually screws up PATH_INFO, at least in my configuration, which is VERY strange considering the name of the option (shouldn't it be cgi.fix_phpself_and_screw_up_pathinfo???) ;-)

Let me apologize for a bit of sinism but really it was just for making fun out of it. So, phpinfo() says PATH_INFO and PATH_TRANSLATED is now "no value". Something's good though, ORIG_PATH_* returns the correct value (weird). It's possible to use ORIG_PATH_* but I guess I should stick to the standards. Since that server was in heavy use, I quickly realized that by just turning that option on, I could have caused many pages to fail (since they rely on PATH_INFO) so I quickly turn this option off again (I already had a workaround for PHP_SELF bug, it's not a problem anymore but I'm still seeking for an elegant resolution on this, in the part of PHP developers not in my part).

Reproduce code:
---------------
phpinfo()

Expected result:
----------------
PHP_SELF: phpinfo.php/test/me
PATH_INFO: /test/me

Actual result:
--------------
cgi.fix_path_info=Off:

PHP_SELF: /test/me
PATH_INFO: /test/me

cgi.fix_path_info=On:

PHP_SELF: phpinfo.php/test/me
PATH_INFO: (no value)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-13 23:19 UTC] ceefour at gauldong dot net 
I have verified this problem with PHP 5.0.3 on Linux 2.4 and it also exists in PHP 5.0.3.

I'm using PHP 5.0.3 as CGI under Apache 1.3.33.

Check out this link:
http://php5.gauldong.net/phpinfo.php/test/me?query=string

It gives out the following results:
_SERVER["PATH_INFO"]	/test/me
_SERVER["PATH_TRANSLATED"]	/home/u1294/domain/php5.gauldong.net/web/test/me
_SERVER["ORIG_PATH_TRANSLATED"]	/home/u1294/domain/php5.gauldong.net/web/phpinfo.php/test/me
_SERVER["ORIG_PATH_INFO"]	/phpinfo.php/test/me
_SERVER["ORIG_SCRIPT_NAME"]	/cgi-bin/php
_SERVER["ORIG_SCRIPT_FILENAME"]	/home/u1294/domain/php5.gauldong.net/web/cgi-bin/php
_SERVER["PHP_SELF"]	/phpinfo.php

-----
Note that it's using a default php.ini for PHP 5 meaning cgi.fix_pathinfo is turned ON.

In the above results PHP_SELF is incorrect. It should be /phpinfo.php/test/me (it's missing the pathinfo part). Other variables are correct I suppose. I hope this is fixed soon. And also in PHP 4.

The fact that this bug exists in the latest versions of both PHP 4 and PHP 5 is truly beyond me. :-(
 [2006-02-06 21:52 UTC] php-bugs at dave dot staff dot spoonguard dot org 
The following patch causes $_SERVER['PHP_SELF'] to include the PATH_INFO component when running under CGI:

http://spoonguard.org/dave/classes/cs345/bugfix/php-5.1.2-31892.diff

Previously, PHP_SELF was being set to SCRIPT_NAME when cgi.fix_pathinfo was set. This changes the behavior, by setting PHP_SELF to SCRIPT_NAME + PATH_INFO.

Is this similar to what you're looking for?

Thanks,

- Dave
 [2006-05-09 02:11 UTC] lwalker at magi dot net dot au 
I'm expreiencing the same issue on PHP 4.3 + 4.4 under Apache 1.3.33 and have had to switch back to mod_php for our hosting server.

Tried to access the patch to have a look at it, however it's not loading.

Do you still have a copy of the patch, or are you able to post a backported PHP 4.x version?

I do believe that SCRIPT_NAME + PHP_INFO is the expected behaviour.
 [2006-05-11 14:34 UTC] kk at keppler-it dot de 
These patches are based on the code from Dave; the work fine within our hosting environment.

http://www.keppler-it.de/tmp/patch-31892-4.4.2.diff
http://www.keppler-it.de/tmp/patch-31892-5.1.4.diff

Comments welcome. :-)

Here's the code in clear text (nearly identical for 4.x and 5.x):

--- php-4.4.2/sapi/cgi/cgi_main.c.orig  2006-01-01 14:47:01.000000000 +0100
+++ php-4.4.2/sapi/cgi/cgi_main.c       2006-05-11 16:23:51.000000000 +0200
@@ -871,11 +871,25 @@
                } else {
 #endif
                        /* pre 4.3 behaviour, shouldn't be used but provides BC */
+                       /*
                        if (env_path_info) {
                                SG(request_info).request_uri = env_path_info;
                        } else {
                                SG(request_info).request_uri = env_script_name;
                        }
+                       */
+                       /* <kk@keppler-it.de> PHP_SELF := SCRIPT_NAME + PATH_INFO */
+                       /* Patch based upon http://spoonguard.org/dave/classes/cs345/bugfix/php-5.1.2-31892.diff */
+                       SG(request_info).request_uri = sapi_cgibin_getenv("SCRIPT_NAME", 0 TSRMLS_CC);
+                       if (SG(request_info).request_uri && (env_path_info = sapi_cgibin_getenv("PATH_INFO", 0 TSRMLS_CC))) {
+                               int request_uri_len = strlen(SG(request_info).request_uri) + strlen(env_path_info) + 1;
+                               char *request_uri = (char *) emalloc(request_uri_len);
+                               *request_uri = '\0';
+                               strcat(request_uri, SG(request_info).request_uri);
+                               strcat(request_uri, env_path_info);
+                               SG(request_info).request_uri = request_uri;
+                       }
+                       /* </kk> */
 #if !DISCARD_PATH
                        if (env_path_translated)
                                script_path_translated = env_path_translated;
 [2006-05-29 18:47 UTC] php dot net at jon dot limedaley dot com 
I assume this isn't going to be fixed? since it has been a year since it was reported, and it is still in the "verified" state.

I figured php5 would be stable by now, but it appears that php_self is broken with cgi.fix_pathinfo=0 and _SERVER["PATH_INFO"] is broken with cgi.fix_pathinfo=1.

Is the official solution to use php4 instead?
 [2007-07-26 19:18 UTC] mccammos at onid dot oregonstate dot edu 
I just tried a July 26, 2007 snapshot of php5.2 and can report that the bug still remains unfixed.
 [2007-08-07 12:55 UTC] jani@php.net 
This patch (against latest CVS checkout of PHP_5_2 branch) should fix the issues with PHP_SELF/PATH_INFO/etc. I tested under Apache 2 and it works fine now:

http://pecl.php.net/~jani/patches/bug_31892.patch

Please test it ASAP! We're about to roll 5.2.4 and it would be really nice to fix this issue once and for all..
 [2007-08-08 13:03 UTC] dmitry@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Dec 03 17:01:29 2024 UTC