php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69625 php-fpm return http 200 response on nginx without SCRIPT_FILENAME
Submitted: 2015-05-12 05:13 UTC Modified: 2020-11-28 21:42 UTC
Votes:6
Avg. Score:4.7 ± 0.7
Reproduced:5 of 5 (100.0%)
Same Version:1 (20.0%)
Same OS:4 (80.0%)
From: cfc4n at cnxct dot com Assigned: bukka (profile)
Status: Closed Package: FPM related
PHP Version: 5.6.9RC1 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cfc4n at cnxct dot com
New email:
PHP Version: OS:

 

 [2015-05-12 05:13 UTC] cfc4n at cnxct dot com 
Description:
------------
In nginx config.conf file, configure info without fastcgi_param  SCRIPT_FILENAME, Any PHP files are returned blank response and  http 200 status.  

Because init_request_info function set default http response status 200, request_method is null in fpm_main.c near line 985. And if SCRIPT_FILENAME was not set in CGI protocol, SG(request_info).request_method \ SG(sapi_headers).http_response_code will not be reset . 

The program will terminate at "if (!SG(request_info).request_method)" near line 1838 in fpm_main.c , 

But http response status was 200 ,In fact it's a bug , The http response will be 404 , There is comment in fpm_main.c near line 1846 "/* If path_translated is NULL, terminate here with a 404 */" .

So, I think the code of SG(request_info).path_translated determine should be placed in front of SG(request_info).request_method . Move line 1846-1855 into line 1835 .

more detail : http://www.cnxct.com/php-return-empty-result-on-nginx-without-script_filename/

Expected result:
----------------
return http response 404 and write php_error log whiteout SCRIPT_FILENAME

Patches

fpm_return_404_without_scriptfilename_v3.diff (last revision 2015-05-12 13:12 UTC by cfc4n at cnxct dot com)
pm_return_404_without_scriptfilename_v2.diff (last revision 2015-05-12 06:45 UTC by cfc4n at cnxct dot com)
fpm_return_404_without_scriptfilename.diff (last revision 2015-05-12 05:19 UTC by cfc4n at cnxct dot com)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-12 05:17 UTC] cfc4n at cnxct dot com
-Summary: http 200 response on nginx without SCRIPT_FILE +Summary: php-fpm return http 200 response on nginx without SCRIPT_FILENAME
 [2015-05-12 05:17 UTC] cfc4n at cnxct dot com 
edit summary
 [2018-04-30 07:47 UTC] mr dot felixoid at gmail dot com 
Here is PR for this problem https://github.com/php/php-src/pull/3227
 [2020-11-28 21:41 UTC] bukka@php.net 
The following pull request has been associated:

Patch Name: FPM: Return 404 if the fcgi request is without SCRIPT_FILENAME
On GitHub:  https://github.com/php/php-src/pull/6466
Patch:      https://github.com/php/php-src/pull/6466.patch
 [2020-11-28 21:42 UTC] bukka@php.net
-Assigned To: +Assigned To: bukka
 [2020-12-13 18:40 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a221e17b41ad4c094908839593a0fd145b682f33
Log: Fix bug #69625: FPM returns 200 status on request without SCRIPT_FILENAME
 [2020-12-13 18:40 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2020-12-13 18:42 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a221e17b41ad4c094908839593a0fd145b682f33
Log: Fix bug #69625: FPM returns 200 status on request without SCRIPT_FILENAME
 [2020-12-13 18:43 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a221e17b41ad4c094908839593a0fd145b682f33
Log: Fix bug #69625: FPM returns 200 status on request without SCRIPT_FILENAME
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 15:01:28 2024 UTC