Bug #1778
closedPossible php security issue?
Description
I recently yum installed a fresh copy of lighttpd onto my server, i'm migrating from apache.
I have a very simple site and required the default installation except i enabled php, mod_rewrite and mod_fastcgi.
I also added a line to the conf:
url.rewrite = ( "^/local/(.*)" => "/local.php/$1", "^/site/(.*)" => "/site.php/$1" )
My site has links like :
/site/top_100/100.html
that are passed to a script called 'site.php'
Now here is where things get weird, this link below works fine and executes the script 'site.php' as intended:
/site/contact/200.html (works)
but this link below, lightppd will display the source of the site.php file:
/site/top_100/100.html (displays source of 'site.php')
however, this link below DOES work:
/site/top100/100.html
I've tested it with other links on the site, and it will for some odd reason execute some links, then dump the source of the 'site.php' script file on others that are almost the same. It also DOES work when the underscore is present in some links like :
/site/en_abcd_org/91924.html (works perfectly fine)
but
/site/buzz_100/600.html (displays the source of the script file.)
Is my rewrite syntax off, or is this a bug? This is on a fresh install of Fedora 9.
Mike Brown
-- lost_ark
Updated by stbuehler over 16 years ago
Test with curl (and clear your browser-cache); if it really doesn't work paste your lighty version and the complete config.
Updated by stbuehler about 16 years ago
- Status changed from New to Fixed
- Resolution set to worksforme
missing feedback.
Updated by stbuehler about 16 years ago
- Status changed from Fixed to Missing Feedback
Also available in: Atom