php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46366 bad cwd with / as pathinfo
Submitted: 2008-10-22 16:07 UTC Modified: 2008-11-28 11:57 UTC
From: courtois at nouvo dot com Assigned: dmitry (profile)
Status: Closed Package: CGI/CLI related
PHP Version: 5.2CVS-2008-10-24 OS: windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: courtois at nouvo dot com
New email:
PHP Version: OS:

 

 [2008-10-22 16:07 UTC] courtois at nouvo dot com
Description:
------------
when / is passed as pathinfo to a script current working directory is set to the php-cgi.exe directory instead of script directory

http://localhost/foo/bar.php gives: 
cwd===>C:\Program Files\Apache Group\Apache2\htdocs\foo<=== which is ok

http://localhost/foo/bar.php/x gives:
cwd===>C:\Program Files\Apache Group\Apache2\htdocs\foo<=== which is ok

http://localhost/foo/bar.php/ gives:
cwd===>C:\Program Files\PHP<=== which is obviously not ok, therefore all includes in scripts fail

apache 2 config:

ScriptAlias /php/ "C:/Program Files/PHP/"
Action application/x-httpd-php "/php/php-cgi.exe"

php.ini:

 cgi.fix_pathinfo=1



Reproduce code:
---------------
<?php

print "cwd===>".getcwd()."<===";

?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-25 04:52 UTC] courtois at nouvo dot com
I tested PHP Version 5.2.7RC2-dev (2008-Oct-24 20:00:00)

with the thread safe version the problem is the same.

with the non thread safe version I get:
No input file specified. 

with both versions calling the script without pathinfo or with a pathinfo other than /  is still ok
 [2008-10-25 09:53 UTC] jani@php.net
What if you don't set this in your php.ini:
cgi.fix_pathinfo=1

(or set it to 0)
 [2008-10-25 14:53 UTC] courtois at nouvo dot com
when cgi.fix_pathinfo=0

I get "No input file specified." for
http://localhost/foo/bar.php/ and
http://localhost/foo/bar.php/x

works for
http://localhost/foo/bar.php
 [2008-11-28 11:57 UTC] dmitry@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC