php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69250 PHP FPM status report produces invalid JSON and XML
Submitted: 2015-03-17 19:27 UTC Modified: -
From: s dot greiner at cadenas dot de Assigned:
Status: Open Package: FPM related
PHP Version: 5.5.22 OS: any
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-03-17 19:27 UTC] s dot greiner at cadenas dot de
Description:
------------
Open the Status Page of FPM, for example:
http://my.server.ip/status-php-fpm?json&full&testparam=\a\b\c

Take the "json" output of it and validate it -> it will fail because any backslash is not escaped in the "request uri" property.

According to http://json.org/string.gif every unicode character is allowed in a string but no " or \ or a control character. They have to be escaped.
The same problem may occur with the "script" property.

Regarding XML output: the text nodes of <request-uri> and <script> should be wrapped in CDATA sections.

This erroneous behavior applies to every request not only the ones to the status page, for example a request to http://my.server.ip/mywebsite/something?path=foo\bar will make the status page to produce invalid output.

Expected result:
----------------
"processes":[
{
  "pid":2432,
  "state":"Idle",
  "start time":1425579888,
  "start since":1039595,
  "requests":1523,
  "request duration":614,
  "request method":"GET",
  "request uri":"/php-status?json&full&testparam=\\a\\b\\c",
  "content length":0,
  "user":"-",
  "script":"-",
  "last request cpu":0.00,
  "last request memory":262144
},
...

Actual result:
--------------
"processes":[
{
  "pid":2432,
  "state":"Idle",
  "start time":1425579888,
  "start since":1039595,
  "requests":1523,
  "request duration":614,
  "request method":"GET",
  "request uri":"/php-status?json&full&testparam=\a\b\c",
  "content length":0,
  "user":"-",
  "script":"-",
  "last request cpu":0.00,
  "last request memory":262144
},
...

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Jul 04 15:01:26 2020 UTC