PHP :: Bug #18942 :: $PHP_SELF is set to HTTP_SERVER_VARS[PATH

Bug #18942

$PHP_SELF is set to HTTP_SERVER_VARS[PATH_INFO] if available

Submitted:

2002-08-16 13:39 UTC

Modified:

2002-12-03 01:33 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	0 (0.0%)

From:

six at aegis-corp dot org

Assigned:

Status:

Closed

Package:

Other web server

PHP Version:

4.2.2

OS:

Debian

Private report:

CVE-ID:

None

View Developer Edit

[2002-08-16 13:39 UTC] six at aegis-corp dot org

With the CGI version of PHP, $PHP_SELF is always set to the value of HTTP_SERVER_VARS[PATH_INFO] if it is available.

But the PATH_INFO server var does not at all designate the running script, which is by the SCRIPT_NAME var.

This causes scripts using path_info (URLs like http://www.example.com/script/arg1/arg2/argX) to fail when using self refering links on a server using the CGI version on PHP.

This bus does not exists with the apache module.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-08-16 13:48 UTC] six at aegis-corp dot org

I checked and this bug revives #14307 which died some time ago unfixed.

The code in question is in sapi/cgi/cgi_main.c :

    SG(request_info).request_uri = getenv("PATH_INFO");
    if (!SG(request_info).request_uri) {
        SG(request_info).request_uri = getenv("SCRIPT_NAME");
    }

Should be more like :

    SG(request_info).request_uri = getenv("SCRIPT_NAME");
    strcat(SG(request_info).request_uri, getenv("PATH_INFO"));

[2002-08-16 15:44 UTC] kalowsky@php.net

Okay can we have a sample script just to ensure that we may or may not have fixed your issue?

[2002-08-16 15:56 UTC] six at aegis-corp dot org

There is a very fast way of testing, create a script called phpinfo.php with juste <?phpinfo()?> in it.

Then call it like http://yourserver.com/phpinfo.php/this/is/a/test

if the two images (zend and php logos) are broken, then $PHP_SELF is not set as it should be.

again, this problem only happens with the CGI sapi

[2002-08-17 00:58 UTC] kalowsky@php.net

I believe this is a documented issue, and won't be fixed.

[2002-08-17 09:41 UTC] six at aegis-corp dot org

I believe it should be fixed ... Or at least the apache SAPI should be modified too.

With the current code, PATH_INFO has different meanings (and values) in the Apache and CGI SAPIs, not good at all for applications portability IMHO.

[2002-08-17 10:01 UTC] kalowsky@php.net

The manual states why this shouldn't used, and the fact that it's populated at all is interesting.

[2002-12-03 01:33 UTC] shane@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

It's fixed in cvs as of today.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 20:01:29 2024 UTC