PHP :: Bug #70757 :: $_SERVER["PHP_SELF"] is malformed with PHP-FPM and Apache 2.4.17

[2015-10-21 10:17 UTC] admin at franceserv dot fr

Description:
------------
With a simple : <?php phpinfo(); ?>

If we look the variable $_SERVER["PHP_SELF"], when the website is running with :

Apache 2.4.16 + suPHP : OK
Apache 2.4.16 + PHP-FPM : OK
Apache 2.4.17 + suPHP : OK
Apache 2.4.17 + PHP-FPM : WRONG

To obtain the error and check with my webserver in Apache 2.4.17, you need to change your hosts file on this way : 195.154.164.142 www.franceserv.fr

And when you go to http://www.franceserv.fr/data/phpinfo/, if the System name is "web2", you will see this : $_SERVER["PHP_SELF"] = http://www.franceserv.fr/data/phpinfo/ and it's WRONG, because there are no domain name and protocol in a PHP_SELF variable.

If you take off the line from your hosts file, go to the same address and refresh the page (check your cache, you need to be on System name web1 or web3, not web2), you will see that : $_SERVER["PHP_SELF"] = /data/phpinfo/index.php which is correct.

The problem exist only with Apache 2.4.17 + PHP-FPM. When i test with 2.4.16 + PHP-FPM all is GOOD.

php.ini are same between PHP 5.4.16 and 5.4.17 and httpd.conf are same between Apache 2.4.16 and 2.4.17.

[2015-10-22 15:33 UTC] fullermd+php at over-yonder dot net

This is a presumably a result of the REDIRECT_URL change in 2.4.17.

http://article.gmane.org/gmane.comp.apache.user/108460

[2015-10-22 16:13 UTC] fullermd+php at over-yonder dot net

Note that it also includes the query string (if any), as well as the scheme/host.

[2015-10-22 16:30 UTC] admin at franceserv dot fr

The problem is a website could use this variable and don't work anymore with a simple update between 2 tiny sub-version of Apache.

And a biger problem with this change is : several website were broke because the url rewrite wasn't working correctly.

At the moment, it's not possible for me to update Apache about this problem, except if i find a way with PHP-FPM to solve the problem.

I would like know if i'm alone with this bug with Apache 2.4.17 and PHP-FPM :) And the more important, how to solve the problem. I don't know if the solution need to come from Apache or PHP side.

Between, thank you a lot for your tints.

[2015-10-22 17:25 UTC] fullermd+php at over-yonder dot net

Well, no, you're not the only one; I see it too, or I wouldn't be here   :)

I would presume it probably needs a PHP fix to follow the Apache change.  I've hacked around it in the places it's bitten me with parse_url:

-$self = $_SERVER['PHP_SELF'];
+$self = parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH);

AFAICT from the docs, it Should(tm) work with the bare path as well as a fuller URL, and testing shows it currently does, so that D'sTRT for either behavior.  

That's enough to get me through the night at least, though if you're directly ref'ing PHP_SELF through the code rather than having a single choke point (or possibly using some other _SERVER var that's affected by the change), you'll have a harder time...

[2015-11-04 19:16 UTC] alec at alec dot pl

Looks like $_SERVER['SCRIPT_NAME'] is wrong too. http://trac.roundcube.net/ticket/1490582

[2015-11-05 09:41 UTC] fullermd+php at over-yonder dot net

It seems that Apache is going to revert that change for 2.4.18.  x-ref

https://bz.apache.org/bugzilla/show_bug.cgi?id=57785

http://svn.apache.org/viewvc?view=revision&revision=1712268

Or rather, not quite revert it, but make it configurable, with the default off.  Applying the patch from SVN on top of 2.4.17 (doesn't apply cleanly to CHANGES and manual, but the code does fine) puts things back to normal.

Doesn't really help until the .18 release, of course.  And since it's configurable, PHP probably still needs to handle it for cases where it's turned on.

Patches

Pull Requests

History

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Thu Nov 30 03:01:26 2023 UTC