php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41793 SCRIPT_NAME breaks when a slash follows filename.php in URL
Submitted: 2007-06-24 21:30 UTC Modified: 2007-07-02 01:00 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: chris at w3style dot co dot uk Assigned:
Status: No Feedback Package: CGI/CLI related
PHP Version: 5.2.3 OS: Mac OS X
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: chris at w3style dot co dot uk
New email:
PHP Version: OS:

 

 [2007-06-24 21:30 UTC] chris at w3style dot co dot uk
Description:
------------
When comparing the values held in $_SERVER['SCRIPT_NAME'] in CGI and 
SAPI in PHP 5.2.3, there's an obvious bug in the CGI version.

It works fine when the .php is the end of the URL, but in the case you 
use a URL like the following it breaks:

http://site.com/script.php/some/extra/info

Without the slash:

[SCRIPT_NAME] => /~d11wtq/Router/demo.php

With the slash:

[SCRIPT_NAME] => tq/Sites/Router/demo.php

This is probably because PHP is trying to truncate the wrong 
environment variable when producing the string.  The path on disk is:

/Users/d11wtq/Sites/Router/demo.php

You'll notice that the length of the incorrect string is actually the 
same as the length of the correct string, which is why I make this 
assumption.

I have found the following PHP code offers a suitable workaround until 
this bug is fixed:

<?php

if (isset($_SERVER["SCRIPT_NAME"]))
{
  if (isset($_SERVER["ORIG_PATH_INFO"]))
  {
    $len = strlen($_SERVER["SCRIPT_NAME"]);
    if (($tmp = substr($_SERVER["ORIG_PATH_INFO"], 0, $len)) != 
$_SERVER["SCRIPT_NAME"])
    {
      $_SERVER["SCRIPT_NAME"] = $tmp;
    }
  }
}

?>

Reproduce code:
---------------
Not needed, the description explains it nicely :)

Expected result:
----------------
$_SERVER["SCRIPT_NAME"] should contain the virtual path to the file in 
both cases.  This should be:

~d11wtq/Router/demo.php


Actual result:
--------------
SCRIPT_NAME contains a bogus string when run under CGI, but only if 
there's a slash after the .php suffix.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-24 22:25 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

I think something like this was fixed last week.
 [2007-07-02 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-01-25 17:01 UTC] fabio dot sussetto at gmail dot com
I get the same bug on a server with Linux, PHP Version 5.2.5, Server API 	
CGI/FastCGI . The problem arises when there is a slash after the *.php 
part of the file name.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Apr 18 06:01:28 2024 UTC