PHP :: Bug #46366 :: bad cwd with / as pathinfo

Bug #46366	bad cwd with / as pathinfo
Submitted:	2008-10-22 16:07 UTC	Modified:	2008-11-28 11:57 UTC
From:	courtois at nouvo dot com	Assigned:	dmitry (profile)
Status:	Closed	Package:	CGI/CLI related
PHP Version:	5.2CVS-2008-10-24	OS:	windows XP
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	courtois at nouvo dot com
New email:
PHP Version:		OS:

New Comment:

[2008-10-22 16:07 UTC] courtois at nouvo dot com

Description:
------------
when / is passed as pathinfo to a script current working directory is set to the php-cgi.exe directory instead of script directory

http://localhost/foo/bar.php gives: 
cwd===>C:\Program Files\Apache Group\Apache2\htdocs\foo<=== which is ok

http://localhost/foo/bar.php/x gives:
cwd===>C:\Program Files\Apache Group\Apache2\htdocs\foo<=== which is ok

http://localhost/foo/bar.php/ gives:
cwd===>C:\Program Files\PHP<=== which is obviously not ok, therefore all includes in scripts fail

apache 2 config:

ScriptAlias /php/ "C:/Program Files/PHP/"
Action application/x-httpd-php "/php/php-cgi.exe"

php.ini:

 cgi.fix_pathinfo=1



Reproduce code:
---------------
<?php

print "cwd===>".getcwd()."<===";

?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-10-25 04:52 UTC] courtois at nouvo dot com

I tested PHP Version 5.2.7RC2-dev (2008-Oct-24 20:00:00)

with the thread safe version the problem is the same.

with the non thread safe version I get:
No input file specified. 

with both versions calling the script without pathinfo or with a pathinfo other than /  is still ok

[2008-10-25 09:53 UTC] jani@php.net

What if you don't set this in your php.ini:
cgi.fix_pathinfo=1

(or set it to 0)

[2008-10-25 14:53 UTC] courtois at nouvo dot com

when cgi.fix_pathinfo=0

I get "No input file specified." for
http://localhost/foo/bar.php/ and
http://localhost/foo/bar.php/x

works for
http://localhost/foo/bar.php

[2008-11-28 11:57 UTC] dmitry@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Dec 03 17:01:29 2024 UTC