php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18942 $PHP_SELF is set to HTTP_SERVER_VARS[PATH_INFO] if available
Submitted: 2002-08-16 13:39 UTC Modified: 2002-12-03 01:33 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: six at aegis-corp dot org Assigned:
Status: Closed Package: Other web server
PHP Version: 4.2.2 OS: Debian
Private report: No CVE-ID:
 [2002-08-16 13:39 UTC] six at aegis-corp dot org
With the CGI version of PHP, $PHP_SELF is always set to the value of HTTP_SERVER_VARS[PATH_INFO] if it is available.

But the PATH_INFO server var does not at all designate the running script, which is by the SCRIPT_NAME var.

This causes scripts using path_info (URLs like http://www.example.com/script/arg1/arg2/argX) to fail when using self refering links on a server using the CGI version on PHP.

This bus does not exists with the apache module.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-08-16 13:48 UTC] six at aegis-corp dot org
I checked and this bug revives #14307 which died some time ago unfixed.

The code in question is in sapi/cgi/cgi_main.c :

    SG(request_info).request_uri = getenv("PATH_INFO");
    if (!SG(request_info).request_uri) {
        SG(request_info).request_uri = getenv("SCRIPT_NAME");
    }

Should be more like :

    SG(request_info).request_uri = getenv("SCRIPT_NAME");
    strcat(SG(request_info).request_uri, getenv("PATH_INFO"));
 [2002-08-16 15:44 UTC] kalowsky@php.net
Okay can we have a sample script just to ensure that we may or may not have fixed your issue?
 [2002-08-16 15:56 UTC] six at aegis-corp dot org
There is a very fast way of testing, create a script called phpinfo.php with juste <?phpinfo()?> in it.

Then call it like http://yourserver.com/phpinfo.php/this/is/a/test

if the two images (zend and php logos) are broken, then $PHP_SELF is not set as it should be.

again, this problem only happens with the CGI sapi
 [2002-08-17 00:58 UTC] kalowsky@php.net
I believe this is a documented issue, and won't be fixed.
 [2002-08-17 09:41 UTC] six at aegis-corp dot org
I believe it should be fixed ... Or at least the apache SAPI should be modified too.

With the current code, PATH_INFO has different meanings (and values) in the Apache and CGI SAPIs, not good at all for applications portability IMHO.
 [2002-08-17 10:01 UTC] kalowsky@php.net
The manual states why this shouldn't used, and the fact that it's populated at all is interesting.  
 [2002-12-03 01:33 UTC] shane@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

It's fixed in cvs as of today.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 03:02:42 2014 UTC