|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71541 Script invoked multiple times if PATH_INFO present
Submitted: 2016-02-07 10:16 UTC Modified: 2016-02-07 11:47 UTC
From: lobbotermey at gmail dot com Assigned:
Status: Not a bug Package: URL related
PHP Version: Irrelevant OS: Ubuntu 14.04.3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: lobbotermey at gmail dot com
New email:
PHP Version: OS:


 [2016-02-07 10:16 UTC] lobbotermey at gmail dot com
The test script generates a simple HTML document containing the $_SERVER PATH_INFO and SCRIPT_FILENAME variables and writes the same to a file called "test".

This appears to work as expected and, provided you invoke it with a conventional URI, eg "", everything is fine.

However, if you invoke it with a URI that includes path info - for example "" (note trailing "/") - although the echo to the browser appears to work, if you look at the "test" file, you see that the script has in fact been run multiple times.

The problem appears to be related to the stylesheet;  the script is invoked once as "" and then a second time as "", presumably as the browser attempts to fetch the stylesheet and the server interprets it as a call to the same script with different path info and invokes PHP again.

Im not sure exactly where the problem lies here.  PHP, Apache and the browser (tried with both FF44 and Chrome43) all appear to be behaving as designed, but the result is still broken.

At the very least, this should probably be documented somewhere.

Test script:
// WARNING:  this will write a file called "test"
echo "<!doctype html>\n";
echo "<html lang=en>\n";
echo "<head>\n";
echo "<meta charset=utf-8>\n";
echo "<link rel=StyleSheet href=default.css type=text/css>\n";
echo "<title>Test PATH_INFO bug</title>\n";
echo "</head>\n";
echo "<body>\n";
echo "<p>Server SCRIPT_FILENAME is '{$_SERVER['SCRIPT_FILENAME']}'.</p>\n";
echo "<p>Server PATH_INFO is '{$_SERVER['PATH_INFO']}'.</p>\n";
if (($fh = fopen('test', 'a')) !== FALSE)
  fwrite($fh, $_SERVER['SCRIPT_FILENAME'] . "\n" . $_SERVER['PATH_INFO'] . "\n");
echo "</body>\n";
echo "</html>\n";

Expected result:
The "test" file should contain:

Actual result:
The "test" file actually contains:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-07 11:47 UTC]
-Status: Open +Status: Not a bug
 [2016-02-07 11:47 UTC]
As you say, the browser is requesting default.css in the same "directory" as the current page, resulting in /foo.php/default.css. So your PHP script will be invoked again.
 [2016-09-29 06:45 UTC] fashionretailshop01 at gmail dot com - wholesale nfl jerseys - wholesale jerseys - wholesale Jerseys free shipping - cheap jerseys free shipping - wholesale jerseys
 [2016-09-29 06:46 UTC] fashionretailshop01 at gmail dot com - cheap jerseys - Wholesale Jerseys - wholesale jerseys from china - wholesale authentic jerseys - cheap authentic jerseys
 [2016-09-29 06:47 UTC] fashionretailshop01 at gmail dot com - wholesale jerseys - Cheap Jerseys - Wholesale Jerseys - sunglasses - Cheap Ray Ban Sunglasses - cheap oakley holbrook sunglasses
 [2016-09-29 06:48 UTC] fashionretailshop01 at gmail dot com - Authentic NFL Jerseys - About Jerseys News - Best Shoes news Website - Fashion Sunglasses News Website - Buy Wholesale Cheap Free Shipping China
 [2016-09-29 06:48 UTC] fashionretailshop01 at gmail dot com - Cheap Pandora Store - mlb jerseys - nba jerseys - ncaa jerseys
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jun 22 12:01:30 2024 UTC