Bug #2216
mod_userdir doesn't set environment variable DOCUMENT_ROOT
| Status: | Fixed | Start date: | 2010-05-31 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | mod_userdir | |||
| Target version: | 1.4.29 | |||
| Missing in 1.5.x: | No |
Description
1) Fresh install of lighttpd + mod_userdir enabled (tested on Ubuntu 10.04)
2) in a test php file
sudo aptitude install lighttpd && sudo lighty-enable-mod userdir cgi && mkdir ~/public_html && echo '<?php phpinfo(); ?>' >> ~/public_html/index.php && x-www-browser http://localhost/~`id -un`
Look for the 'Environment section' - DOCUMENT_ROOT. Provided I haven't gone mad, you'll notice that it's /var/www/ rather than /home/username/public_html/ .
This seems to fix it, though I don't know enough about lighty's source to know if it is the correct fix:
--- lighttpd-1.4.26.orig/src/mod_userdir.c
+++ lighttpd-1.4.26/src/mod_userdir.c
@@ -302,6 +302,7 @@
* TODO: what to do with trailing dots in usernames on windows? they may result in the same directory
* as a username without them.
*/
+ buffer_copy_string_buffer(con->physical.doc_root, p->temp_path);
if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) {
buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
}
mod_userdir.c 
(8.47 KB)
Associated revisions
[*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216)
History
#1 Updated by DanielRichman about 3 years ago
That's meant to say
2) in a test php file '<?php phpinfo(); ?>'
but appears to have got cut out... along with some other stuff
#2 Updated by stbuehler almost 3 years ago
mod_alias doesn't modify the doc_root either, so i'm not sure whether we really want that in mod_userdir.
#3 Updated by stbuehler almost 3 years ago
- Status changed from Patch Pending to Invalid
- Target version deleted (
1.4.x) - Missing in 1.5.x changed from Yes to No
As long as no one provides good reasons why we would want to change that, i don't change it :)
#4 Updated by DanielRichman almost 3 years ago
This feature might be useful for additional security when using suphp with lighttpd http://www.suphp.org/DocumentationView.html?file=CONFIG see check_vhost_docroot: Checks wheter the script is within DOCUMENT_ROOT specified by the webserver. This option is intended to avoid symbol links outside of the webpage directory. You may want to disable it, when you are using mod_vhost_alias or the Alias-directive. (trying to do this was how I noticed this issue) I am yet to meet some CGI/php that relies on the DOCUMENT_ROOT env. var, but it is possible.
#5 Updated by stbuehler almost 3 years ago
- Status changed from Invalid to Reopened
- Target version set to 1.4.29
http://www.php.net/manual/en/configuration.file.per-user.php
It scans the directories up to the doc-root, if the doc-root is a prefix of the "script-filename"; otherwise it only scans the directory of the "script-filename".
So we probably want to set the userdir / alias destination as doc-root.
#6 Updated by stbuehler about 2 years ago
- Status changed from Reopened to Fixed
Applied in changeset r2794.
Also available in: Atom