php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6491 $PHP_SELF evaluates to improper address if directory name ends with ".php"
Submitted: 2000-09-01 15:28 UTC Modified: 2001-05-02 21:16 UTC
From: fseesink at usa dot net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.0.6-dev OS: MS Windows NT 4 SP5/IIS4
Private report: No CVE-ID: None
 [2000-09-01 15:28 UTC] fseesink at usa dot net
Place the following simple file (called version.php for this example):
<?
   php_info();
?>

in your website such that it is contained somewhere within the subtree of a directory whose name ends with ".php".  For example, on my box I had the file located at

   http://site/php/secure.php/version.php

If you then look at the value of $PHP_SELF it is

   /php/secure.php/php/secure.php/version.php

and NOT

   /php/secure.php/version.php

as it should be.

I've tried using other directory names such as "secure.ppp", "secure.txt", and "secure.html" and those seem to work fine.  It only occurs when a directory name ends with ".php".  Possibly a bad regular expression used to parse the path?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-09-04 17:11 UTC] fseesink at usa dot net
Note, in the Microsoft Management Console (MMC) I have configured IIS to map .php files to php.exe in the App Mappings section as explained in the PHP readme file.

I have not tried changing the extension mapping to something else (e.g., change the mapping to ".php3" and see whether directories ending with ".php3" suddenly cause the same problem).  Will try that some time when time permits.  For now, I simply avoid directory names ending in ".php" until this bug is addressed.

 [2001-01-12 06:06 UTC] cynic@php.net
could you try if this happens with newer versions of PHP? (4.0.4pl1 is out)
 [2001-02-20 08:01 UTC] sniper@php.net
No feedback.

--Jani

 [2001-02-21 09:36 UTC] cynic@php.net
user feedback:

Apologies for the delay, but NO, you should NOT close this problem yet.
It still occurs in PHP v4.0.3pl1 & v4.0.4pl1.

 [2001-04-28 15:23 UTC] jmoore@php.net
a quick test shows this is still pertinent.. this needs to be fixed in the bug squash.

- James
 [2001-05-02 21:16 UTC] sniper@php.net
This should be fixed in CVS.

--Jani

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Feb 16 03:01:24 2019 UTC