php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65641 PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache
Submitted: 2013-09-09 09:12 UTC Modified: 2014-07-25 13:55 UTC
Votes:20
Avg. Score:4.8 ± 0.4
Reproduced:20 of 20 (100.0%)
Same Version:11 (55.0%)
Same OS:11 (55.0%)
From: ryotakatsuki at gmail dot com Assigned:
Status: Closed Package: FPM related
PHP Version: 5.5.3 OS:
Private report: No CVE-ID:
 [2013-09-09 09:12 UTC] ryotakatsuki at gmail dot com
Description:
------------
When using Apache + PHP_FPM, the SCRIPT_NAME variable is incorrectly set. For 
example, accessing "http://127.0.0.1/sample/test.php/a/b/c", results in:

ORIG_SCRIPT_NAME: 
SCRIPT_NAME: /sample/test.php/a/b/c
ORIG_SCRIPT_FILENAME: //tmp/sample/test.php/a/b/c
SCRIPT_FILENAME: //tmp/sample/test.php
PATH_INFO: /a/b/c
ORIG_PATH_INFO: 

While when using mod_php, the values are:

SCRIPT_NAME: /sample/test.php
SCRIPT_FILENAME: /tmp/sample/test.php
PATH_INFO: /a/b/c

It is also working fine when using NGINX

Test script:
---------------
A sameple script to reproduce the issue:

<?php
echo("ORIG_SCRIPT_NAME: " . $_SERVER['ORIG_SCRIPT_NAME']);
echo('<br/>');

echo("SCRIPT_NAME: " . $_SERVER['SCRIPT_NAME']);
echo('<br/>');
echo("ORIG_SCRIPT_FILENAME: " . $_SERVER['ORIG_SCRIPT_FILENAME']);
echo('<br/>');

echo("SCRIPT_FILENAME: " . $_SERVER['SCRIPT_FILENAME']);
echo('<br/>');

echo("PATH_INFO: " . $_SERVER['PATH_INFO']);
echo('<br/>');

echo("ORIG_PATH_INFO: " . $_SERVER['ORIG_PATH_INFO']);
echo('<br/>');

?>

And a very simple apache conf:

Alias /sample /tmp/sample
ProxyPassMatch .*/sample/(test.php.*) fcgi://127.0.0.1:9000//tmp/sample/$1
<Directory /tmp/sample/ >
    Require  all granted
</Directory>


Expected result:
----------------
ORIG_SCRIPT_NAME: 
SCRIPT_NAME: /sample/test.php
ORIG_SCRIPT_FILENAME: //tmp/sample/test.php/a/b/c
SCRIPT_FILENAME: //tmp/sample/test.php
PATH_INFO: /a/b/c
ORIG_PATH_INFO: 


Patches

Another_fix_for_mod_proxy_fcgi_v2.patch (last revision 2014-09-15 09:13 UTC) by remi@php.net)
Another_fix_for_mod_proxy_fcgi.patch (last revision 2014-09-05 13:14 UTC) by remi@php.net)
fpm_main-script_name-v2.patch (last revision 2014-04-29 14:22 UTC) by rainer dot jung at kippdata dot de)
fpm_main-script_name.patch (last revision 2014-04-29 14:12 UTC) by rainer dot jung at kippdata dot de)
fix_script_name_in_fpm_with_apace_fixed (last revision 2014-03-16 17:03 UTC) by ryotakatsuki at gmail dot com)
fix_script_name_in_fpm_with_apache (last revision 2013-09-09 09:13 UTC) by ryotakatsuki at gmail dot com)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-09-17 21:50 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: fat
 [2014-03-14 16:20 UTC] hp4everything at googlemail dot com
This problem is still unsolved in release 5.5.10.

The archlinux distribution just updated their packages from apache2.2+mod-php to apache2.4 + php-fpm.

But since php-fpm does not provide a correct content for the array $_SERVER (at least SCRIPT_NAME seems to be wrong) php-based websites won't run with apache2.4+php-fpm. 

e.g  the software "owncloud" is not able to run on php-fpm.

Is it possible to provide a source correction based on the available patch (if that has been tested) in one of the next php-releases for standard Linux-distributions?
 [2014-03-16 17:06 UTC] ryotakatsuki at gmail dot com
I added fix_script_name_in_fpm_with_apace_fixed that fixes the previous one (it seems it was an outdated buggy one, wrong malloc call...). I cannot (or don't know how) remove the old one. In case someone finds it useful :).
 [2014-03-17 13:55 UTC] hp4everything at googlemail dot com
sorry for some stupid questions of a newbie in this area:

1) how will a normal Linux user get your correction? Will it be included in official packages with an offical php-release? Or do I have to build the package mod-fpm myself and apply the patch somehow in the build-process??

2) do you see any relation to the discussion in

https://bbs.archlinux.org/viewtopic.php?id=178551

In this discussion progandy stated that the package mod_proxy_handler currently is a workaround till a bug in apache (probably 2.4.9) is corrected. He doesn't mention your patch. He obviously doesn't see this as mod-fpm problem.


All this is very confusing to someone who only wants to use apache as php-enabled webserver.
 [2014-04-29 14:23 UTC] rainer dot jung at kippdata dot de
I attached a slightly different but functionally mostly equivalent patch. Both patches, the second version from the original reporter and my second version work for me.

The patch should apply to PHP 5.4 - 5.6. Havent't tried 5.3.

Thanks for considering.
 [2014-04-29 18:03 UTC] php at cizero dot de
fix_script_name_in_fpm_with_apace_fixed worked for me with apache 5.5.11 - Unfortunately the new one which I tried first did not. Anyway... thanks for these patches !
 [2014-05-31 11:16 UTC] dz at heroku dot com
I can confirm this patch (I used fix_script_name_in_fpm_with_apace_fixed) fixes the issue as described.

This is pretty critical for Apache 2.4 deployments with PHP-FPM; things are just broken otherwise...
 [2014-06-29 23:04 UTC] tyrael@php.net
-Status: Assigned +Status: Closed -Assigned To: fat +Assigned To: tyrael
 [2014-06-29 23:04 UTC] tyrael@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

I've merged it into the PHP-5.6 branch, should be in RC2.
 [2014-06-30 00:21 UTC] tyrael@php.net
-Status: Closed +Status: Re-Opened
 [2014-06-30 00:21 UTC] tyrael@php.net
reopening as https://github.com/php/php-src/pull/694 only resolves this when using mod_proxy_handler.
 [2014-06-30 00:42 UTC] dz at heroku dot com
https://bugs.php.net/bug.php?id=67541 is the related issue for the (now merged) PR
 [2014-07-25 13:55 UTC] tyrael@php.net
-Assigned To: tyrael +Assigned To:
 [2014-09-05 13:14 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: Another_fix_for_mod_proxy_fcgi.patch
Revision:   1409922889
URL:        https://bugs.php.net/patch-display.php?bug=65641&patch=Another_fix_for_mod_proxy_fcgi.patch&revision=1409922889
 [2014-09-15 09:13 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: Another_fix_for_mod_proxy_fcgi_v2.patch
Revision:   1410772401
URL:        https://bugs.php.net/patch-display.php?bug=65641&patch=Another_fix_for_mod_proxy_fcgi_v2.patch&revision=1410772401
 [2014-09-15 11:32 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8cac75969e5abb2b6be5bbd489d851a4f9e50979
Log: Fixed bug #65641 PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache
 [2014-09-15 11:32 UTC] remi@php.net
-Status: Re-Opened +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Mon Feb 20 11:01:38 2017 UTC