php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69625 php-fpm return http 200 response on nginx without SCRIPT_FILENAME
Submitted: 2015-05-12 05:13 UTC Modified: 2020-11-28 21:42 UTC
Votes:6
Avg. Score:4.7 ± 0.7
Reproduced:5 of 5 (100.0%)
Same Version:1 (20.0%)
Same OS:4 (80.0%)
From: cfc4n at cnxct dot com Assigned: bukka (profile)
Status: Closed Package: FPM related
PHP Version: 5.6.9RC1 OS: linux
Private report: No CVE-ID: None
View Developer Edit
 [2015-05-12 05:13 UTC] cfc4n at cnxct dot com 
Description:
------------
In nginx config.conf file, configure info without fastcgi_param  SCRIPT_FILENAME, Any PHP files are returned blank response and  http 200 status.  

Because init_request_info function set default http response status 200, request_method is null in fpm_main.c near line 985. And if SCRIPT_FILENAME was not set in CGI protocol, SG(request_info).request_method \ SG(sapi_headers).http_response_code will not be reset . 

The program will terminate at "if (!SG(request_info).request_method)" near line 1838 in fpm_main.c , 

But http response status was 200 ,In fact it's a bug , The http response will be 404 , There is comment in fpm_main.c near line 1846 "/* If path_translated is NULL, terminate here with a 404 */" .

So, I think the code of SG(request_info).path_translated determine should be placed in front of SG(request_info).request_method . Move line 1846-1855 into line 1835 .

more detail : http://www.cnxct.com/php-return-empty-result-on-nginx-without-script_filename/

Expected result:
----------------
return http response 404 and write php_error log whiteout SCRIPT_FILENAME

Patches

fpm_return_404_without_scriptfilename_v3.diff (last revision 2015-05-12 13:12 UTC by cfc4n at cnxct dot com)
pm_return_404_without_scriptfilename_v2.diff (last revision 2015-05-12 06:45 UTC by cfc4n at cnxct dot com)
fpm_return_404_without_scriptfilename.diff (last revision 2015-05-12 05:19 UTC by cfc4n at cnxct dot com)

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-12 05:17 UTC] cfc4n at cnxct dot com
-Summary: http 200 response on nginx without SCRIPT_FILE +Summary: php-fpm return http 200 response on nginx without SCRIPT_FILENAME
 [2015-05-12 05:17 UTC] cfc4n at cnxct dot com 
edit summary
 [2018-04-30 07:47 UTC] mr dot felixoid at gmail dot com 
Here is PR for this problem https://github.com/php/php-src/pull/3227
 [2020-11-28 21:41 UTC] bukka@php.net 
The following pull request has been associated:

Patch Name: FPM: Return 404 if the fcgi request is without SCRIPT_FILENAME
On GitHub:  https://github.com/php/php-src/pull/6466
Patch:      https://github.com/php/php-src/pull/6466.patch
 [2020-11-28 21:42 UTC] bukka@php.net
-Assigned To: +Assigned To: bukka
 [2020-12-13 18:40 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a221e17b41ad4c094908839593a0fd145b682f33
Log: Fix bug #69625: FPM returns 200 status on request without SCRIPT_FILENAME
 [2020-12-13 18:40 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2020-12-13 18:42 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a221e17b41ad4c094908839593a0fd145b682f33
Log: Fix bug #69625: FPM returns 200 status on request without SCRIPT_FILENAME
 [2020-12-13 18:43 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a221e17b41ad4c094908839593a0fd145b682f33
Log: Fix bug #69625: FPM returns 200 status on request without SCRIPT_FILENAME
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 11:01:29 2024 UTC