php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71541 Script invoked multiple times if PATH_INFO present
Submitted: 2016-02-07 10:16 UTC Modified: 2016-02-07 11:47 UTC
From: lobbotermey at gmail dot com Assigned:
Status: Not a bug Package: URL related
PHP Version: Irrelevant OS: Ubuntu 14.04.3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lobbotermey at gmail dot com
New email:
PHP Version: OS:

 

 [2016-02-07 10:16 UTC] lobbotermey at gmail dot com
Description:
------------
The test script generates a simple HTML document containing the $_SERVER PATH_INFO and SCRIPT_FILENAME variables and writes the same to a file called "test".

This appears to work as expected and, provided you invoke it with a conventional URI, eg "http://example.com/foo.php", everything is fine.

However, if you invoke it with a URI that includes path info - for example "http://example.com/foo.php/" (note trailing "/") - although the echo to the browser appears to work, if you look at the "test" file, you see that the script has in fact been run multiple times.

The problem appears to be related to the stylesheet;  the script is invoked once as "http://example.com/foo.php/" and then a second time as "http://example.com/foo.php/default.css", presumably as the browser attempts to fetch the stylesheet and the server interprets it as a call to the same script with different path info and invokes PHP again.

Im not sure exactly where the problem lies here.  PHP, Apache and the browser (tried with both FF44 and Chrome43) all appear to be behaving as designed, but the result is still broken.

At the very least, this should probably be documented somewhere.


Test script:
---------------
// WARNING:  this will write a file called "test"
echo "<!doctype html>\n";
echo "<html lang=en>\n";
echo "<head>\n";
echo "<meta charset=utf-8>\n";
echo "<link rel=StyleSheet href=default.css type=text/css>\n";
echo "<title>Test PATH_INFO bug</title>\n";
echo "</head>\n";
echo "<body>\n";
echo "<p>Server SCRIPT_FILENAME is '{$_SERVER['SCRIPT_FILENAME']}'.</p>\n";
echo "<p>Server PATH_INFO is '{$_SERVER['PATH_INFO']}'.</p>\n";
if (($fh = fopen('test', 'a')) !== FALSE)
  {
  fwrite($fh, $_SERVER['SCRIPT_FILENAME'] . "\n" . $_SERVER['PATH_INFO'] . "\n");
  fclose($fh);
  }
echo "</body>\n";
echo "</html>\n";


Expected result:
----------------
The "test" file should contain:
/$DOCROOT/test.php
/


Actual result:
--------------
The "test" file actually contains:
/$DOCROOT/test.php
/
/$DOCROOT/test.php
/default.css


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-07 11:47 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2016-02-07 11:47 UTC] requinix@php.net
As you say, the browser is requesting default.css in the same "directory" as the current page, resulting in /foo.php/default.css. So your PHP script will be invoked again.
 [2016-09-29 06:45 UTC] fashionretailshop01 at gmail dot com
http://www.cheapjerseysfree.us/ - wholesale nfl jerseys
http://www.wholesalerjersey.com/ - wholesale jerseys
http://www.wholesaleCheapJerseysshipping.com/ - wholesale Jerseys free shipping
http://www.cheapwholesalejerseysshipping.com/ - cheap jerseys free shipping
http://www.wholesalejerseyscheapforsale.com/ - wholesale jerseys
 [2016-09-29 06:46 UTC] fashionretailshop01 at gmail dot com
http://www.cheapjerseyswholesaleforsale.com/ - cheap jerseys
http://www.WholesaleJerseysCheaponline.com/ - Wholesale Jerseys
http://www.wholesalejerseyscheapfromchina.com/ - wholesale jerseys from china
http://www.wholesalecheapauthenticjerseys.com/ - wholesale authentic jerseys
http://www.cheapauthenticwholesalejerseys.com/ - cheap authentic jerseys
 [2016-09-29 06:47 UTC] fashionretailshop01 at gmail dot com
http://www.about-jerseys.com/ - wholesale jerseys
http://www.about-jerseys.com/default.aspx/Sitemap - Cheap Jerseys - Wholesale Jerseys
http://www.fakesunglasseswholesale.com/ - sunglasses
http://www.fakesunglasseswholesale.com/tag.php?Cheap_Ray_Ban_Sunglasses/ - Cheap Ray Ban Sunglasses
http://www.fakesunglasseswholesale.com/news.php?cheap_oakleys_holbrook_sunglasses/ - cheap oakley holbrook sunglasses
 [2016-09-29 06:48 UTC] fashionretailshop01 at gmail dot com
http://www.wholesalediscountjerseys.com/AuthenticJerseys/ - Authentic NFL Jerseys
http://www.cheapjerseyswhoesale.com/ - About Jerseys News
http://www.cheapshoesfreeshipping.com/ - Best Shoes news Website
http://www.cheapsunglassesfreeshipping.com/ - Fashion Sunglasses News Website
http://www.sphoter.com/ - Buy Wholesale Cheap Free Shipping China
 [2016-09-29 06:48 UTC] fashionretailshop01 at gmail dot com
http://www.cheapjewe11erystore.com/ - Cheap Pandora Store
http://www.gryfino.sr.gov.pl/discount/mlb-jerseys/ - mlb jerseys
http://www.gryfino.sr.gov.pl/discount/nba-jerseys/ - nba jerseys
http://www.gryfino.sr.gov.pl/discount/ncaa-jerseys/ - ncaa jerseys
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Jun 30 19:05:47 2022 UTC