Bug #405

PHP SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO

Added by Anonymous about 9 years ago. Updated about 6 years ago.

Status:InvalidStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:core
Target version:-
Missing in 1.5.x:

Description

I am evaluating lighttpd 1.4.8 as a replacement for apache2. I have set "broken-scriptfilename" => "enable" in the lighttpd.conf and have set cgi.fix_pathinfo = 1 in the php.ini. I am using PHP 5.1.1, and this is on a PowerBook G4 with Mac OS X 10.4.3.

I have run into this problem: when I have a PHP script in my user directory (with mod_userdir enabled) and I add a path to the end of the script name, then the first 13 characters of the SCRIPT_NAME and PHP_SELF $_SERVER variables are missing.

Example:

If server.php contains this:

<?php print_r($_SERVER); ?>

And I access the script in my user directory like this:

http://fusion.local/~rschmidt/Sites/test/server.php

Then the relevant output is this:

[[SCRIPT_NAME]] => /~rschmidt/Sites/test/server.php
[[PATH_INFO]] =>
[[PHP_SELF]] => /~rschmidt/Sites/test/server.php

This is correct. If I then add a path to it, like so:

http://fusion.local/~rschmidt/Sites/test/server.php/foo

Then the relevant output is this:

[[SCRIPT_NAME]] => tes/test/server.php
[[PATH_INFO]] => /foo
[[PHP_SELF]] => tes/test/server.php

And that's kinda wrong.

-- lighttpd-2005

cgi_main.diff Magnifier - Patch against php-5.2.3 sapi/cgi/cgi_main.c (611 Bytes) hrak, 2007-08-02 14:56

mod_fastcgi.diff Magnifier - Patch against lighttpd-1.4.16, for proper server vars with >=php-5.2.4 (1.29 KB) hrak, 2007-08-09 08:05

History

#1 Updated by Anonymous about 9 years ago

Further testing shows it's actually a bit different. Server.php remains as above. mod_userdir is turned off, and instead I set up an alias rule:

alias.url = (

"/r/"  => "/Users/rschmidt/Sites/"

)

Access it this way:

http://test.fusion/r/test/Server.php

The relevant parts of the output are correct:

[[SCRIPT_NAME]] => /r/test/Server.php
[[PATH_INFO]] =>
[[SCRIPT_FILENAME]] => /Users/rschmidt/Sites/test/server.php
[[REQUEST_URI]] => /r/test/Server.php
[[PHP_SELF]] => /r/test/Server.php

But add some path info:

http://test.fusion/r/test/Server.php/

And SCRIPT_NAME and PHP_SELF suddenly contain part of the filesystem path, instead of the web path as they should:

[[SCRIPT_NAME]] => chmidt/Sites/test/server.php
[[PATH_INFO]] => /
[[SCRIPT_FILENAME]] => /Users/rschmidt/Sites/test/server.php
[[REQUEST_URI]] => /r/test/Server.php/
[[PHP_SELF]] => chmidt/Sites/test/server.php

-- lighttpd-2005

#2 Updated by Anonymous almost 8 years ago

Same here.

lighttpd-1.4.13 (from fc6 extras), php-5.2.1 via fastcgi:

Request $_SERVERSCRIPT_NAME
/~bkw/index.php /~bkw/index.php
/~bkw/index.php/foo kw/public_html/index.php

With apache-2.2 & mod_fcgid SCRIPT_NAME is identical in both requests.

-- bkw

#3 Updated by hrak over 7 years ago

Problem persists in 1.4.16

#4 Updated by hrak over 7 years ago

After some digging, i am afraid this is more a problem in PHP's CGI SAPI rather than a Lighttpd problem.

I have a working patch against php-5.2.3 sapi/cgi/cgi_main.c which i will attach here later.

Problem could also be worked around in Lighttpd by unsetting DOCUMENT_ROOT or setting DOCUMENT_ROOT to the userdir docroot instead of the global server docroot when accessing a userdir, but that will probably break all sorts of other stuff.

#5 Updated by hrak over 7 years ago

I have posted a PHP bugreport at http://bugs.php.net/bug.php?id=42198

#6 Updated by Anonymous over 7 years ago

Replying to hrak:

I have posted a PHP bugreport at http://bugs.php.net/bug.php?id=42198

From what I have debugged this (see the above bug report at bugs.php.net too :)
I think it's both mod_alias.c and mod_userdir.c which are not setting the con->physical.doc_root in them at all..but I might be totally off the target here. :D

#7 Updated by Anonymous over 7 years ago

fixed for PHP 5.2.4.

-- judas_iscariote

#8 Updated by hrak over 7 years ago

Not entirely. See the php.net bug ticket mentioned above!

Lighttpd still needs some work done to get things like PATH_TRANSLATED correct, and apparently SCRIPT_NAME and PHP_SELF also need to include the path info.

I will attach a patch here against lighttpd-1.4.16 which does the job (after applying lighttpd creates exactly the same env as apache using php-5.2.4), but as Jani says in his last comment in the PHP bug ticket, it may need a slightly different approach.

#9 Updated by hrak over 7 years ago

Can this please be taken into consideration for 1.4.17? Would be nice to have this sorted together with php-5.2.4 :)

Not sure if its ok for me to fiddle with the milestone settings here ;)

#10 Updated by darix over 7 years ago

The test script:


<?php
    $items = array("PATH_TRANSLATED", "PATH_INFO", "SCRIPT_FILENAME", "SCRIPT_NAME", "PHP_SELF", "REQUEST_URI");
    foreach($items as $item) {
        $value = isset($_SERVER[$item]) ? $_SERVER[$item] : "null";
        header("X-$item: $value");
    }
?>

apache-2.2.4+apache2-mod_php5-5.2.4RC2-2


* About to connect() to localhost port 8888 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 8888 (#0)
> GET /~darix/bug405.php/foo?env=PHP_SELF HTTP/1.1
> User-Agent: curl/7.16.4 (i686-suse-linux-gnu) libcurl/7.16.4 OpenSSL/0.9.8e zlib/1.2.3 libidn/1.0
> Host: localhost:8888
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Tue, 21 Aug 2007 23:25:16 GMT
< Server: Apache/2.2.4 (Linux/SUSE)
< X-Powered-By: PHP/5.2.4RC2
< X-PATH_TRANSLATED: /srv/www/htdocs/foo
< X-PATH_INFO: /foo
< X-SCRIPT_FILENAME: /home/darix/public_html/bug405.php
< X-SCRIPT_NAME: /~darix/bug405.php
< X-PHP_SELF: /~darix/bug405.php/foo
< X-REQUEST_URI: /~darix/bug405.php/foo?env=PHP_SELF
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0

apache-2.2.4+apache2-mod_fcgid-2.1-7+php5-fastcgi-5.2.4RC2-2


* About to connect() to localhost port 8888 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 8888 (#0)
> GET /~darix/bug405.php/foo?env=PHP_SELF HTTP/1.1
> User-Agent: curl/7.16.4 (i686-suse-linux-gnu) libcurl/7.16.4 OpenSSL/0.9.8e zlib/1.2.3 libidn/1.0
> Host: localhost:8888
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Tue, 21 Aug 2007 23:25:32 GMT
< Server: Apache/2.2.4 (Linux/SUSE)
< X-Powered-By: PHP/5.2.4RC2
< X-PATH_TRANSLATED: /srv/www/htdocs/foo
< X-PATH_INFO: /foo
< X-SCRIPT_FILENAME: /home/darix/public_html/bug405.php
< X-SCRIPT_NAME: /~darix/bug405.php
< X-PHP_SELF: /~darix/bug405.php/foo
< X-REQUEST_URI: /~darix/bug405.php/foo?env=PHP_SELF
< Transfer-Encoding: chunked
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0

lighttpd-1.4.16+php5-fastcgi-5.2.4RC2-2


* About to connect() to localhost port 80 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /~darix/bug405.php/foo?env=PHP_SELF HTTP/1.1
> User-Agent: curl/7.16.4 (i686-suse-linux-gnu) libcurl/7.16.4 OpenSSL/0.9.8e zlib/1.2.3 libidn/1.0
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Transfer-Encoding: chunked
< X-Powered-By: PHP/5.2.4RC2
< X-PATH_TRANSLATED: /srv/www/htdocs/foo
< X-PATH_INFO: /foo
< X-SCRIPT_FILENAME: /home/darix/public_html/bug405.php
< X-SCRIPT_NAME: /~darix/bug405.php
< X-PHP_SELF: /~darix/bug405.php/foo
< X-REQUEST_URI: /~darix/bug405.php/foo?env=PHP_SELF
< Content-type: text/html
< Date: Tue, 21 Aug 2007 23:50:12 GMT
< Server: lighttpd/1.4.16
<

* Connection #0 to host localhost left intact
* Closing connection #0

from my testing all 3 produce the same result. that said i dont see a reason for the patch to mod_fastcgi.

All tests where run on a openSUSE 10.3b2.

on http://bugs.php.net/bug.php?id=42198#c129426


PATH_TRANSLATED: /home/jani/t.php/foo/bar/
PATH_INFO: /foo/bar/
SCRIPT_FILENAME: /home/jani/t.php
SCRIPT_NAME: /r/t.php/foo/bar/
PHP_SELF: /r/t.php/foo/bar/
REQUEST_URI: /r/t.php/foo/bar/?bar=foo

it is said that SCRIPT_NAME should have the same value as PHP_SELF. in my tests with your patch it breaks the PHP_SELF value:


curl -H "Host: bug405.example.org" -v 'http://localhost:2048/~johndoe/bug405.php/foo?env=PHP_SELF'
* About to connect() to localhost port 2048 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 2048 (#0)
> GET /~johndoe/bug405.php/foo?env=PHP_SELF HTTP/1.1
> User-Agent: curl/7.16.4 (i686-suse-linux-gnu) libcurl/7.16.4 OpenSSL/0.9.8e zlib/1.2.3 libidn/1.0
> Accept: */*
> Host: bug405.example.org
>
< HTTP/1.1 200 OK
< Transfer-Encoding: chunked
< BAR: foo
< X-Powered-By: PHP/5.2.4RC2
< X-PATH_TRANSLATED: /home/darix/workspace/lighttpd/lighttpd-1.4.x/tests/tmp/lighttpd/servers/www.example.org/pages/foo
< X-PATH_INFO: /foo
< X-SCRIPT_FILENAME: /home/darix/workspace/lighttpd/lighttpd-1.4.x/tests/tmp/lighttpd/servers/users.example.org/johndoe//bug405.php
< X-SCRIPT_NAME: /~johndoe/bug405.php/foo
< X-PHP_SELF: /~johndoe/bug405.php/foo/foo
< X-REQUEST_URI: /~johndoe/bug405.php/foo?env=PHP_SELF
< X-cgi.fix_pathinfo: 1
< Content-type: text/html
< Date: Wed, 22 Aug 2007 00:05:55 GMT
< Server: Apache 1.3.29
<

* Connection #0 to host localhost left intact
* Closing connection #0

as you see PATH_INFO got duplicated in PHP_SELF.

#11 Updated by darix over 7 years ago

the last test was run with HEAD of the 1.4.x branch using the tests/lighttpd.conf plus the following patch:


> svk diff
=== docroot/users       (new directory)
==================================================================
=== docroot/users/johndoe       (new directory)
==================================================================
=== docroot/users/johndoe/bug405.php
==================================================================
--- docroot/users/johndoe/bug405.php    (revision 2019)
+++ docroot/users/johndoe/bug405.php    (local)
@@ -0,0 +1,10 @@
+<?php
+    $items = array("PATH_TRANSLATED", "PATH_INFO", "SCRIPT_FILENAME", "SCRIPT_NAME", "PHP_SELF", "REQUEST_URI");
+    foreach($items as $item) {
+        $value = isset($_SERVER[$item]) ? $_SERVER[$item] : "null";
+        header("X-$item: $value");
+    }
+    $value = ini_get("cgi.fix_pathinfo");
+    header("X-cgi.fix_pathinfo: $value");
+?>
+
=== lighttpd.conf
==================================================================
--- lighttpd.conf       (revision 2019)
+++ lighttpd.conf       (local)
@@ -1,5 +1,7 @@
 debug.log-request-handling = "enable" 
-debug.log-condition-handling = "enable" 
+debug.log-request-header = "enable" 
+debug.log-response-header = "enable" 
+#debug.log-condition-handling = "enable" 
 server.document-root         = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/" 
 server.pid-file              = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid" 

@@ -214,3 +216,8 @@
 }

+$HTTP["host"] == "bug405.example.org" {
+    userdir.basepath = env.SRCDIR + "/tmp/lighttpd/servers/users.example.org/" 
+    userdir.include-user = ( )
+    userdir.path = "/" 
+}
=== prepare.sh
==================================================================
--- prepare.sh  (revision 2019)
+++ prepare.sh  (local)
@@ -18,6 +18,7 @@
 mkdir -p $tmpdir/servers/www.example.org/pages/expire/
 mkdir -p $tmpdir/servers/www.example.org/pages/indexfile/
 mkdir -p $tmpdir/servers/123.example.org/pages/
+mkdir -p $tmpdir/servers/users.example.org/
 mkdir -p $tmpdir/logs/
 mkdir -p $tmpdir/cache/
 mkdir -p $tmpdir/cache/compress/
@@ -37,6 +38,7 @@
    $srcdir/docroot/123/*.html \
    $srcdir/docroot/123/*.php \
    $srcdir/docroot/123/*.bla $tmpdir/servers/123.example.org/pages/
+cp -a $srcdir/docroot/users/* $tmpdir/servers/users.example.org/
 cp $srcdir/lighttpd.user $tmpdir/
 cp $srcdir/lighttpd.htpasswd $tmpdir/
 cp $srcdir/var-include-sub.conf $tmpdir/../

#12 Updated by stbuehler about 6 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid

Looks like there is nothing to do here.

#13 Updated by stbuehler about 6 years ago

  • Status changed from Fixed to Invalid

Also available in: Atom