PHP :: Bug #67298 :: $_SERVER['REQUEST_URI'] contains request target, not an actual URI

Bug #67298	$_SERVER['REQUEST_URI'] contains request target, not an actual URI
Submitted:	2014-05-18 00:51 UTC	Modified:	2026-05-20 13:53 UTC
From:	chealer at gmail dot com	Assigned:
Status:	Open	Package:	*General Issues
PHP Version:	Irrelevant	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	chealer at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2014-05-18 00:51 UTC] chealer at gmail dot com

Description:
------------
According to http://www.php.net/manual/en/reserved.variables.server.php the REQUEST_URI entry of $_SERVER contains "The URI which was given in order to access this page".

As reported in #66978, this is not the case, as the example given just after shows: "for instance, '/index.html'". Actually, REQUEST_URI contains a URI reference.

This bug exists since as far as I can remember. At this point, it is probably a bad idea to simply fix. This should probably be treated as a documentation bug, and just cause the $_SERVER documentation to fix the entry description, adding a warning about the name.

However, having the actual request URI would be useful too, be it through a new "ACTUAL_REQUEST_URI" entry, a function, or something.

Note: this bug is not completely PHP-specific. http://labs.apache.org/webarch/uri/rfc/rfc3986.html#hierarchical gives a historical perspective on URI/URL terminology.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2026-05-20 13:53 UTC] chealer at gmail dot com

-Summary: $_SERVER['REQUEST_URI'] does not contain the request's complete URI +Summary: $_SERVER['REQUEST_URI'] contains request target, not an actual URI

[2026-05-20 13:53 UTC] chealer at gmail dot com

This persists. The link is broken, but RFC 3986 is basically replaced by the URL standard.

I figured out what the issue is. What PHP calls REQUEST_URI is what HTTP 1.1 calls Request-URI, which is not actually a URI. That misleading term has been replaced with “request target” in HTTP 2.

This could be fixed by replacing with:
The request target which was given in order to access this page; for instance, '/index.html' or FIXME: 'htt://example .org/index.html'. HTTP 1.1 and below called the request target the "Request-URI.

I recommend renaming REQUEST_URI to REQUEST_TARGET.

License: All my contributions to this ticket (including comments and attachments) without a copyright notice are offered under the terms of CC0 1.0 (unless otherwise indicated).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Mon Jun 01 17:00:01 2026 UTC