|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46366 bad cwd with / as pathinfo
Submitted: 2008-10-22 16:07 UTC Modified: 2008-11-28 11:57 UTC
From: courtois at nouvo dot com Assigned: dmitry
Status: Closed Package: CGI/CLI related
PHP Version: 5.2CVS-2008-10-24 OS: windows XP
Private report: No CVE-ID:
 [2008-10-22 16:07 UTC] courtois at nouvo dot com
when / is passed as pathinfo to a script current working directory is set to the php-cgi.exe directory instead of script directory

http://localhost/foo/bar.php gives: 
cwd===>C:\Program Files\Apache Group\Apache2\htdocs\foo<=== which is ok

http://localhost/foo/bar.php/x gives:
cwd===>C:\Program Files\Apache Group\Apache2\htdocs\foo<=== which is ok

http://localhost/foo/bar.php/ gives:
cwd===>C:\Program Files\PHP<=== which is obviously not ok, therefore all includes in scripts fail

apache 2 config:

ScriptAlias /php/ "C:/Program Files/PHP/"
Action application/x-httpd-php "/php/php-cgi.exe"



Reproduce code:

print "cwd===>".getcwd()."<===";



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-25 04:52 UTC] courtois at nouvo dot com
I tested PHP Version 5.2.7RC2-dev (2008-Oct-24 20:00:00)

with the thread safe version the problem is the same.

with the non thread safe version I get:
No input file specified. 

with both versions calling the script without pathinfo or with a pathinfo other than /  is still ok
 [2008-10-25 09:53 UTC]
What if you don't set this in your php.ini:

(or set it to 0)
 [2008-10-25 14:53 UTC] courtois at nouvo dot com
when cgi.fix_pathinfo=0

I get "No input file specified." for
http://localhost/foo/bar.php/ and

works for
 [2008-11-28 11:57 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC