php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55780 $_SERVER['REQUEST_URI'] does not contain the request's complete URI
Submitted: 2011-09-25 18:08 UTC Modified: 2014-01-03 19:57 UTC
From: chealer at gmail dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2011-09-25 18:08 UTC] chealer at gmail dot com
Description:
------------
According to http://www.php.net/manual/en/reserved.variables.server.php the REQUEST_URI entry of $_SERVER contains "The URI which was given in order to access this page".

This is not the case, as the example given just after shows: "for instance, '/index.html'". Actually, REQUEST_URI contains a URI reference.

This bug exists since as far as I can remember. At this point, it is probably a bad idea to simply fix. This should probably be treated as a documentation bug, and just cause the $_SERVER documentation to fix the entry description, adding a warning about the name.

However, having the actual request URI would be useful too, be it through a new "ACTUAL_REQUEST_URI" entry, a function, or something.

Note: this bug is not completely PHP-specific. http://labs.apache.org/webarch/uri/rfc/rfc3986.html#hierarchical gives a historical perspective on URI/URL terminology.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-12-06 07:25 UTC] mike@php.net
-Status: Open +Status: Not a bug
 [2013-12-06 07:25 UTC] mike@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php


 [2013-12-15 18:23 UTC] chealer at gmail dot com
Hi Michael,
It is arguably not a bug per se that $_SERVER['REQUEST_URI'] does not contain the request's URI. One might argue the name is simply misleading. However, there is unarguably a bug as long as the documentation claims REQUEST_URI contains the URI. As I wrote: "At this point, it is probably a bad idea to simply fix. This should probably be treated as a documentation bug, and just cause the $_SERVER documentation to fix the entry description, adding a warning about the name."
 [2013-12-16 04:57 UTC] rasmus@php.net
It is not a bug, at least not in PHP, because PHP has nothing to do with setting this. It comes directly from your web server. We simply populate the $_SERVER array with whatever your web server has put into the environment.
 [2013-12-30 01:30 UTC] chealer at gmail dot com
Hi Rasmus,
It depends on what you mean by "PHP". If you mean the interpreter itself, this is arguably not a bug. But as I wrote, this should probably be treated as a documentation bug, and just cause the $_SERVER documentation to fix the entry description, adding a warning about the name.

Apache documentation gives the following descriptions for REQUEST_URI:
Request_URI - the resource requested on the HTTP request line -- generally the portion of the URL following the scheme and host portion without the query string. See the RewriteCond directive of mod_rewrite for extra information on how to match your query string.

The path part of the request's URI

The path component of the requested URI, such as "/index.html". This notably excludes the query string which is available as as its own variable named QUERY_STRING.

PHP itself gives the following:
REQUEST_URI
uri section following the domain:port part of a URI

That being said, note that while $_SERVER is indeed based on environment variables, it is far from coming directly from the web server. Here are a few reference points:
http://lxr.php.net/s?n=25&start=50&sort=relevancy&q=REQUEST_URI&project=PHP_5_5
http://lxr.php.net/xref/PHP_5_5/sapi/apache/mod_php5.c
http://lxr.php.net/xref/PHP_5_5/main/php_variables.c
http://lxr.php.net/xref/PHP_5_5/sapi/cgi/cgi_main.c
 [2014-01-03 19:57 UTC] rasmus@php.net
That's only for cases where PHP is running in an environment where it isn't set. In those cases we set it correctly. The majority of users run PHP under either Apache or nginx these days, so for the majority of users PHP has nothing to do with setting this variable.
 [2014-01-26 03:09 UTC] chealer at gmail dot com
Being usually true wouldn't make it *true*, but even then, see the Apache link above.

In any case, sorry to repeat myself, but this should probably be treated as a documentation bug, and just cause the $_SERVER documentation to fix the entry description, adding a warning about the name.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 05 12:01:27 2024 UTC