php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48695 PHP_SELF / SCRIPT_NAME issues not bogus - bugfix in 5.2.9 still causing trouble
Submitted: 2009-06-25 14:22 UTC Modified: 2009-08-05 00:07 UTC
From: allerlei+bugs dot php dot net at sihw dot nl Assigned: srinatar (profile)
Status: Not a bug Package: CGI/CLI related
PHP Version: 5.2.10 OS: Centos 4/5
Private report: No CVE-ID: None
 [2009-06-25 14:22 UTC] allerlei+bugs dot php dot net at sihw dot nl
Description:
------------
Bug #47625 was closed as bogus (because it would be the same as bug #47042) but it is not. In version 5.2.10 at least, PHP_SELF and SCRIPT_FILENAME are set based on the ORIG_SCRIPTNAME, while in version 5.2.8 these are based on SCRIPT_NAME.

So bug #47042 fixes some bug, but introduces a new one. Therefore this is not a duplicate bug. It is not bogus because the values of PHP_SELF etc changed betwoon 5.2.10 without this being part of the specification for 5.2.10. It breaks a lot of code on my systems, including phpmyadmin and joomla.

Problem is that PHP_SELF should refer to the URL before the internal redirect or external handler. This is a problematic requirement because of all the jugling with SCRIPTNAME and ORIG_SCRIPTNAME, but bug #47625 described the bug exactly. The problem might me in the naming: handlers put the redirection into ORIG_SCRIPTNAME and the original path in SCRIPTNAME.

I use a handler called startscript that is called with some pathinfo like /../startscript/php/myuser/path/to/script/. 
So the path
/centraal/scripts/info.php
when called from a vsite owned by user jelmer, is rewritten to
/usr/bin/startscript/php/jelmer/scripts/info.php

but PHP_SELF should remain /centraal/scripts/info.php

Thank you for your thougths,

Jelmer


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-07-02 04:29 UTC] sriram dot natarajan at gmail dot com
have you tried this issue with recent php 5.2.10 . r u able to reproduce 
this with 5.2.10 as well ?
 [2009-07-02 07:42 UTC] allerlei+bugs dot php dot net at sihw dot nl
Yes. This is what happened in 5.2.10. PHP_SELF and SCRIPT_FILENAME changed in respect to 5.2.8. (Sorry, I skipped 5.2.9). I installed 5.2.10 but had to rebuild 5.2.8 because of the PHP_SELF troubles.

This happens when some process (in my case an external handler executable that starts php under the UID of the virtual web site, but if would take a look at suexec as well) juggles with SCRIPT_NAME, ORIG_SCRIPTNAME etcetera.

By the way: I am not saying one way is better than the other. PHP_SELF should reflect the url the client needs to call the same script again (right?). So maybe the way those cgi wrappers change the cgi environment should be changed. The "startscript" executable I use company wide uses the same logic for building ORIG_SCRIPTNAME etcetera as the old cgiwrap code it is slightly based on.

But: this looks to me as a big change for a minor version number update. I would expect the same external behaviour between versions numbers that differ only behind the second dot.

Maybe we should get it straight which environment variables php-cgi uses to create PHP_SELF and friends.

If you need any more information, please tell me. (I am going to be on a holiday soon, but will be back...).


Thanks,

Jelmer Jellema
 [2009-07-02 13:33 UTC] sriram dot natarajan at gmail dot com
what configuration do i need to set in apache to reproduce this ?
 [2009-07-02 14:19 UTC] allerlei+bugs dot php dot net at sihw dot nl
Probably not easy to reproduce without a wrapper like cgiwrap. I did not get suexec to work, but if you have an install with suexec handling php-cgi succesfully, that might work.

Here are the $_SERVER values on my test system with apache. This uses /spinwebstartscript/startscript/php/USERNAME as a handler for php files. So the file test.php will be called through the handler /spinwebstartscript/startscript/php/USERNAME/test.php.

Weird thing is that phpinfo() reports the SCRIPT_NAME environment var differently. Propably this is after some transformation in the php process, because the only thing different in the two configurations is the php version.

The interesting value is SCRIPT_NAME.

This is $_SERVER on 5.2.8:
    [REDIRECT_SCRIPT_URL] => /test.php
    [REDIRECT_SCRIPT_URI] => http://wensweb/test.php
    [REDIRECT_HANDLER] => startscript_php
    [REDIRECT_STATUS] => 200
    [SCRIPT_URL] => /test.php
    [SCRIPT_URI] => http://wensweb/test.php
    [HTTP_HOST] => wensweb
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    [HTTP_ACCEPT_LANGUAGE] => nl-nl,en;q=0.7,fr;q=0.3
    [HTTP_ACCEPT_ENCODING] => gzip,deflate
    [HTTP_ACCEPT_CHARSET] => UTF-8,*
    [HTTP_KEEP_ALIVE] => 300
    [HTTP_CONNECTION] => keep-alive
    [HTTP_CACHE_CONTROL] => max-age=0
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [SERVER_SIGNATURE] => 
    [SERVER_SOFTWARE] => Apache
    [SERVER_NAME] => wensweb
    [SERVER_ADDR] => 192.168.0.10
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 192.168.0.3
    [DOCUMENT_ROOT] => /home/pakket/wensweb/web
    [SERVER_ADMIN] => webmaster@wensweb.spinvis
    [SCRIPT_FILENAME] => /home/pakket/wensweb/web/test.php
    [REMOTE_PORT] => 55426
    [REDIRECT_URL] => /test.php
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => 
    [REQUEST_URI] => /test.php
    [SCRIPT_NAME] => /test.php
    [ORIG_PATH_INFO] => 
    [ORIG_PATH_TRANSLATED] => /home/pakket/wensweb/web/test.php
    [ORIG_SCRIPT_NAME] => /spinwebstartscript/startscript/wensweb/php/test.php
    [PHP_SELF] => /test.php
    [REQUEST_TIME] => 1246544056

And this is $SERVER on 5.2.10:
    [REDIRECT_SCRIPT_URL] => /test.php
    [REDIRECT_SCRIPT_URI] => http://wensweb/test.php
    [REDIRECT_HANDLER] => startscript_php
    [REDIRECT_STATUS] => 200
    [SCRIPT_URL] => /test.php
    [SCRIPT_URI] => http://wensweb/test.php
    [HTTP_HOST] => wensweb
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    [HTTP_ACCEPT_LANGUAGE] => nl-nl,en;q=0.7,fr;q=0.3
    [HTTP_ACCEPT_ENCODING] => gzip,deflate
    [HTTP_ACCEPT_CHARSET] => UTF-8,*
    [HTTP_KEEP_ALIVE] => 300
    [HTTP_CONNECTION] => keep-alive
    [HTTP_CACHE_CONTROL] => max-age=0
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [SERVER_SIGNATURE] => 
    [SERVER_SOFTWARE] => Apache
    [SERVER_NAME] => wensweb
    [SERVER_ADDR] => 192.168.0.10
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 192.168.0.3
    [DOCUMENT_ROOT] => /home/pakket/wensweb/web
    [SERVER_ADMIN] => webmaster@wensweb.spinvis
    [SCRIPT_FILENAME] => /home/pakket/wensweb/web/test.php
    [REMOTE_PORT] => 55464
    [REDIRECT_URL] => /test.php
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => 
    [REQUEST_URI] => /test.php
    [SCRIPT_NAME] => /spinwebstartscript/startscript/wensweb/php/test.php
    [ORIG_PATH_INFO] => 
    [ORIG_PATH_TRANSLATED] => /home/pakket/wensweb/web/test.php
    [PHP_SELF] => /spinwebstartscript/startscript/wensweb/php/test.php
    [REQUEST_TIME] => 1246544340


Thanks, Jelmer
 [2009-07-07 00:09 UTC] sriram dot natarajan at gmail dot com
ok, i compiled cgiwrap 4.1 with the following settings.

./configure '--with-php=/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210' '--with-httpd-user=sriramn' '--with-php-cgiwrap' '--with-install-dir=/export/home/sriramn/sun/httpd22/cgi-bin' '--with-install-group=staff' --with-cgiwrapd --with-php-interpreter


Initializing Logging
Redirecting STDERR to STDOUT

Setting SIGXCPU to default behaviour


Environment Variables:
     QUERY_STRING: ''
      SCRIPT_NAME: '/cgi-bin/php-cgiwrapd'
  SCRIPT_FILENAME: '/export/home/sriramn/sun/httpd22/cgi-bin/php-cgiwrapd'
     REDIRECT_URL: '/php-cgi/cgi-info.php'
        PATH_INFO: '/sriramn/php-cgi/cgi-info.php'
  PATH_TRANSLATED: '/export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php'
      REMOTE_USER: '<NULL>'
      REMOTE_HOST: '<NULL>'
      REMOTE_ADDR: '127.0.0.1'


Trying to extract user from PATH_INFO.
Retrieved User Name:  'sriramn'

User Data Retrieved:
     UserID: 'sriramn'
        UID: '101'
        GID: '10'
   Home Dir: '/export/home/sriramn'
Checking user minimum uid.

Script Base Directory:  '/export/home/sriramn/public_html/cgi-bin'
	Fetching script string

Trying to extract script from PATH_INFO
Extracted PATH_INFO '/php-cgi/cgi-info.php'
	Building script path

	Condensing slashes.

	Script Relative Path:  'php-cgi/cgi-info.php'
	Script Absolute Path:  '/export/home/sriramn/public_html/cgi-bin/php-cgi/cgi-info.php'
	Checking for special interpreted script (php).
	Interpreter Path:  '/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'

Fixing Environment Variables.

Environment Variables:
     QUERY_STRING: ''
      SCRIPT_NAME: '/cgi-bin/php-cgiwrapd/sriramn/php-cgi/cgi-info.php'
  SCRIPT_FILENAME: '/export/home/sriramn/public_html/cgi-bin/php-cgi/cgi-info.php'
     REDIRECT_URL: '/php-cgi/cgi-info.php'
        PATH_INFO: '<NULL>'
  PATH_TRANSLATED: '/export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php'
      REMOTE_USER: '<NULL>'
      REMOTE_HOST: '<NULL>'
      REMOTE_ADDR: '127.0.0.1'


UIDs/GIDs Changed To:
   RUID: '101'
   EUID: '101'
   RGID: '10'
   EGID: '10'

Changing current directory to '/export/home/sriramn/public_html/cgi-bin/php-cgi'
Executing: '/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
Arguments:
	0: '/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
	1: 'cgi-info.php'




Output of script follows:
=====================================================
X-Powered-By: PHP/5.2.10
Content-type: text/html

server software Apache/2.2.11 (Unix)
script name /php-cgi/cgi-info.php
script filename /export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php
path info 
path translated 
redirect uri
redirect url/php-cgi/cgi-info.php
self uri is /php-cgi/cgi-info.php

and php 5.2.10 seem to be returning the right output. 

what configuration am i missing ?

fyi, here is how my apache conf looks ..
AddHandler cgi-wrapper .php
AddHandler cgi-wrapper .cgi
Action cgi-wrapper /cgi-bin/php-cgiwrapd/sriramn

what am I missing here ?

i will also hook up SuEXEC and see if I can reproduce that way..
 [2009-07-11 10:20 UTC] sriram dot natarajan at gmail dot com
i have even configured with SuEXEC and still unable to reproduce this issue. i must be missing some thing obvious. haven't figured out what it is though..

if any one has any better suggestions on what should be my apache config, i will appreciate.
 [2009-07-14 09:43 UTC] srinatar@php.net
hi
 as  i mentioned in my comment, some help on how to reproduce this issue would be much appreciated.
 [2009-07-16 19:25 UTC] srinatar@php.net
can you kindly provide the output of

PATH_TRANSLATED
SCRIPT_FILENAME

from a simple cgi script (not php). 

i would like to see the env variable before it is passed to php. 

to get this info, if you could kindly write a 2 line cgi script that prints this value that should suffice. 

I am afraid that if i don't hear any response too soon, i need to close this bug as bogus. 

i have tried my best reproduce it (with suEXEC as well as with cgi-wrapper) and have also checked with apache 1.3.41 as well as with apache 2.x and still unable to reproduce it.

either i am missing some thing or you had some issues with your 'startscript' cgi wrapper that you resolved it on your own. 
 [2009-07-20 08:20 UTC] allerlei+bugs dot php dot net at sihw dot nl
Sorry about the delay and the work I caused. I hope this is not something I missed somewhere. The thing is, the same 'startscript' is used for both 5.2.8 and 5.2.10. This program uses the php-cgi executable to start the script (is execs into php-cgi + arguments).

I used this script to generate the environment:

#!/usr/bin/perl

print "Content-type: text/plain\n\n";
foreach my $i (sort keys %ENV)
{
        print "${i}: " . $ENV{$i} . "\n";
}
#end

This is (most of) the output:

DOCUMENT_ROOT: /home/pakket/wensweb/web
GATEWAY_INTERFACE: CGI/1.1
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_CHARSET: UTF-8,*
HTTP_ACCEPT_ENCODING: gzip,deflate
HTTP_ACCEPT_LANGUAGE: nl-nl,en;q=0.7,fr;q=0.3
HTTP_CONNECTION: keep-alive
HTTP_HOST: www.wensweb.nl
HTTP_KEEP_ALIVE: 300
HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
PATH: /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
PATH_INFO: 
PATH_TRANSLATED: /home/pakket/wensweb/web/test8932.cgi
QUERY_STRING: 
REDIRECT_HANDLER: startscript_exe
REDIRECT_SCRIPT_URI: http://www.wensweb.nl/test8932.cgi
REDIRECT_SCRIPT_URL: /test8932.cgi
REDIRECT_STATUS: 200
REDIRECT_URL: /test8932.cgi
REMOTE_ADDR: 83.161.60.47
REMOTE_PORT: 50783
REQUEST_METHOD: GET
REQUEST_URI: /test8932.cgi
SCRIPT_FILENAME: /home/pakket/wensweb/web/test8932.cgi
SCRIPT_NAME: /spinwebstartscript/startscript/wensweb/exe/test8932.cgi
SCRIPT_URI: http://www.wensweb.nl/test8932.cgi
SCRIPT_URL: /test8932.cgi
SERVER_ADDR: 81.26.210.110
SERVER_ADMIN: *
SERVER_NAME: www.wensweb.nl
SERVER_PORT: 80
SERVER_PROTOCOL: HTTP/1.1
SERVER_SIGNATURE: 
SERVER_SOFTWARE: Apache

--
The script is now removed ofcause.

Do you think these values are correct enough? If you think this is not bogus (as all stuff works ok in 5.2.8..) I can give you access if you need it. Please e-mail me privately for that.

Jelmer)
 [2009-07-29 07:36 UTC] srinatar@php.net
in default apache cgi/fastcgi mode, apache sets some of these cgi variables differently compared to what this bug submitter is doing in his environment. hence this bug wasn't easy to reproduce. 

as per the default apache cgi/fastcgi environment, apache sets SCRIPT_FILENAME - to point to the location of the handler and PATH_TRANSLATED to point to the location of the translated path of the uri (translated from the document root). however, SCRIPT_NAME can be set incorrectly (by apache cgi) in this default environment. So, php-cgi sapi code needed to fix the SCRIPT_NAME in the default environment. 

now, this potentially affects other web servers like iplanet web server. so, a fix for this issue went into php 5.2.9/5.2.10 (see also bug #47149/ #47042). now this fix handles scenario for apache as well as other web servers in default mode.  

however, here bug submitter uses apache in cgi environment along with a custom apache handler (startscript - a handler script with custom modifications based on cgiwrap which is another popular apache handler script for cgi environment in multi hosting mode). 

here, the bug seems to happen if some one uses custom apache handler (some thing that mimics programs like cgiwrap) and accordingly munges SCRIPT_FILENAME , PATH_TRANSLATED and other cgi variables appropriately before feeding to php-cgi process. 

php-cgi sapi code, with php version 5.2.9/10, expects the SCRIPT_FILENAME to point to the apache handler while PATH_TRANSLATED to point to the virtual path of the input uri. 

however, the custom apache handler script that the bug submitter uses in his environment - configured SCRIPT_FILENAME / PATH_TRANSLATED to point to the virtual path of the input uri (to be the actual file name of the input request uri)

this behavior is different from that of default apache behavior as well as that of cgi wrappers like cgiwrap etc. hence bug submitter is seeing different behavior with 5.2.10. 

having said that - i couldn't find official documentation anywhere within apache web site where it says SCRIPT_FILENAME cannot point to the actual input uri, so, i can't outright reject out bug submitter's custom apache handler code as well. 

i am currently looking into the the best way to resolve this issue so that customers like this bug submitter can continue to work without having to make any changes into their apache handler script.

 [2009-08-05 00:07 UTC] srinatar@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

After discussing this issue with the bug submitter , moving this issue to bogus (not an issue).

here, the submitter was trying to use php-cgi as not an standard apache handler but with their own apache handler. however, their own standard handler was not behaving the way apache handler behaves. hencey,they run into this issue. 

with php 5.2.10 and above , if running under cgi/fastcgi environment , we expect PATH_TRANSLATED to provide the actual location of the script to execute while SCRIPT_FILENAME (env variable from apache) to be pointing to the location of php-cgi binary itself.  This is the default behavior of apache handler and also other popular handlers like cgiwrap etc. 

so, if some one is writing a custom handler, they need to follow the same convention as done with default handler behavior. 
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 00:01:28 2024 UTC