Hi,
While updating PHP 4.3.6 with our IIS 'path_info' patch (see bug #7782) we
found that the isapi module of PHP 5 already contains a 'path_info' fix. Since
that fix is already part of PHP, and our fix didn't get included (the fix in
php5 is better), we have made a backport of the PHP5 fix for PHP 4.3.6.
Please find the patch attached to this posting.
We have tested this patch with PHP 4.3.6 / IIS. We have not tested this
with an other webserver. The patch included is made against PHP 4.3.6, but
as the isapi code in cvs has not undergone changes since 4.3.6, this patch
should also be applicable to the PHP_4_3 branch.
A compiled version of the isapi module with this patch applied can be
download from:
ftp://ftp.muze.nl/pub/ariadne/win/iis/php-4.3.6/
Regards,
Gijsbert te Riet.
Muze.
--- php4isapi.c Thu May 6 10:33:19 2004
+++ php4isapi.c.new Thu May 6 10:34:30 2004
@@ -461,6 +461,85 @@
php_register_variable( "SERVER_SIGNATURE", static_variable_buf,
track_vars_array TSRMLS_CC );
}
}
+
+#else
+
+static void sapi_isapi_register_iis_variables(LPEXTENSION_CONTROL_BLOCK lpECB, zval
*track_vars_array TSRMLS_DC)
+{
+ char static_variable_buf[ISAPI_SERVER_VAR_BUF_SIZE];
+ char path_info_buf[ISAPI_SERVER_VAR_BUF_SIZE];
+ DWORD variable_len = ISAPI_SERVER_VAR_BUF_SIZE;
+ DWORD scriptname_len = ISAPI_SERVER_VAR_BUF_SIZE;
+ DWORD pathinfo_len = 0;
+ HSE_URL_MAPEX_INFO humi;
+
+ /* Get SCRIPT_NAME, we use this to work out which bit of the URL
+ * belongs in PHP's version of PATH_INFO. SCRIPT_NAME also becomes PHP_SELF.
+ */
+ lpECB->GetServerVariable(lpECB->ConnID, "SCRIPT_NAME", static_variable_buf,
&scriptname_len);
+ php_register_variable("SCRIPT_FILENAME", SG(request_info).path_translated,
track_vars_array TSRMLS_CC);
+
+ /* Adjust IIS' version of PATH_INFO, set PHP_SELF,
+ * and generate REQUEST_URI
+ * Get and adjust PATH_TRANSLATED to what PHP wants
+ */
+ if ( lpECB->GetServerVariable(lpECB->ConnID, "PATH_INFO", static_variable_buf,
&variable_len) && static_variable_buf[0] ) {
+
+ /* Chop off filename to get just the 'real' PATH_INFO' */
+ php_register_variable( "ORIG_PATH_INFO", static_variable_buf,
track_vars_array TSRMLS_CC );
+ pathinfo_len = variable_len - scriptname_len;
+ strncpy(path_info_buf, static_variable_buf + scriptname_len - 1,
sizeof(path_info_buf)-1);
+ php_register_variable( "PATH_INFO", path_info_buf, track_vars_array
TSRMLS_CC );
+ /* append query string to give url... extra byte for '?' */
+ if ( strlen(lpECB->lpszQueryString) + variable_len + 1 <
ISAPI_SERVER_VAR_BUF_SIZE ) {
+ /* append query string only if it is present... */
+ if ( strlen(lpECB->lpszQueryString) ) {
+ static_variable_buf[ variable_len - 1 ] = '?';
+ strcpy( static_variable_buf + variable_len,
lpECB->lpszQueryString );
+ }
+ php_register_variable( "URL", static_variable_buf,
track_vars_array TSRMLS_CC );
+ php_register_variable( "REQUEST_URI", static_variable_buf,
track_vars_array TSRMLS_CC );
+ }
+ variable_len = ISAPI_SERVER_VAR_BUF_SIZE;
+ if ( lpECB->GetServerVariable(lpECB->ConnID, "PATH_TRANSLATED",
static_variable_buf, &variable_len) && static_variable_buf[0] ) {
+ php_register_variable( "ORIG_PATH_TRANSLATED",
static_variable_buf, track_vars_array TSRMLS_CC );
+ }
+ if (lpECB->ServerSupportFunction(lpECB->ConnID,
HSE_REQ_MAP_URL_TO_PATH_EX, path_info_buf, &pathinfo_len, (LPDWORD) &humi)) {
+ /* Remove trailing \ */
+ if (humi.lpszPath[variable_len-2] == '\\') {
+ humi.lpszPath[variable_len-2] = 0;
+ }
+ php_register_variable("PATH_TRANSLATED", humi.lpszPath,
track_vars_array TSRMLS_CC);
+ }
+ }
+
+ static_variable_buf[0] = '/';
+ static_variable_buf[1] = 0;
+ variable_len = 2;
+ if (lpECB->ServerSupportFunction(lpECB->ConnID, HSE_REQ_MAP_URL_TO_PATH_EX,
static_variable_buf, &variable_len, (LPDWORD) &humi)) {
+ /* Remove trailing \ */
+ if (humi.lpszPath[variable_len-2] == '\\') {
+ humi.lpszPath[variable_len-2] = 0;
+ }
+ php_register_variable("DOCUMENT_ROOT", humi.lpszPath, track_vars_array
TSRMLS_CC);
+ }
+
+ if (!SG(request_info).auth_user || !SG(request_info).auth_password ||
+ !SG(request_info).auth_user[0] || !SG(request_info).auth_password[0]) {
+ variable_len = ISAPI_SERVER_VAR_BUF_SIZE;
+ if (lpECB->GetServerVariable(lpECB->ConnID, "HTTP_AUTHORIZATION",
static_variable_buf, &variable_len)
+ && static_variable_buf[0]) {
+ php_handle_auth_data(static_variable_buf TSRMLS_CC);
+ }
+ }
+
+ if (SG(request_info).auth_user) {
+ php_register_variable("PHP_AUTH_USER", SG(request_info).auth_user,
track_vars_array TSRMLS_CC );
+ }
+ if (SG(request_info).auth_password) {
+ php_register_variable("PHP_AUTH_PW", SG(request_info).auth_password,
track_vars_array TSRMLS_CC );
+ }
+}
#endif
@@ -502,6 +581,7 @@
char *variable;
char *strtok_buf = NULL;
char *isapi_special_server_variables[NUM_SPECIAL_VARS];
+
LPEXTENSION_CONTROL_BLOCK lpECB;
lpECB = (LPEXTENSION_CONTROL_BLOCK) SG(server_context);
@@ -516,6 +596,7 @@
/* Register the standard ISAPI variables */
sapi_isapi_register_server_variables2(isapi_server_variable_names, lpECB,
track_vars_array, NULL TSRMLS_CC);
+
if (isapi_special_server_variables[SPECIAL_VAR_HTTPS]
&& (atoi(isapi_special_server_variables[SPECIAL_VAR_HTTPS])
|| !strcasecmp(isapi_special_server_variables[SPECIAL_VAR_HTTPS],
"on"))
@@ -531,6 +612,8 @@
#ifdef WITH_ZEUS
sapi_isapi_register_zeus_variables(lpECB, track_vars_array TSRMLS_CC);
+#else
+ sapi_isapi_register_iis_variables(lpECB, track_vars_array TSRMLS_CC);
#endif
/* PHP_SELF support */
@@ -651,6 +734,13 @@
static void init_request_info(LPEXTENSION_CONTROL_BLOCK lpECB TSRMLS_DC)
{
+ DWORD variable_len = ISAPI_SERVER_VAR_BUF_SIZE;
+ char static_variable_buf[ISAPI_SERVER_VAR_BUF_SIZE];
+
+#ifndef WITH_ZEUS
+ HSE_URL_MAPEX_INFO humi;
+#endif
+
SG(request_info).request_method = lpECB->lpszMethod;
SG(request_info).query_string = lpECB->lpszQueryString;
SG(request_info).path_translated = lpECB->lpszPathTranslated;
@@ -660,6 +750,33 @@
SG(sapi_headers).http_response_code = 200; /* I think dwHttpStatusCode is
invalid at this stage -RL */
if (!bFilterLoaded) { /* we don't have valid ISAPI Filter information */
SG(request_info).auth_user = SG(request_info).auth_password = NULL;
+ }
+
+#ifdef WITH_ZEUS
+ /* PATH_TRANSLATED can contain extra PATH_INFO stuff after the
+ * file being loaded, so we must use SCRIPT_FILENAME instead
+ */
+ if(lpECB->GetServerVariable(lpECB->ConnID, "SCRIPT_FILENAME",
static_variable_buf, &variable_len)) {
+ SG(request_info).path_translated = estrdup(static_variable_buf);
+ } else
+#else
+ /* happily, IIS gives us SCRIPT_NAME which is correct (without PATH_INFO stuff)
+ so we can just map that to the physical path and we have our filename */
+
+ lpECB->GetServerVariable(lpECB->ConnID, "SCRIPT_NAME", static_variable_buf,
&variable_len);
+ if (lpECB->ServerSupportFunction(lpECB->ConnID, HSE_REQ_MAP_URL_TO_PATH_EX,
static_variable_buf, &variable_len, (LPDWORD) &humi)) {
+ SG(request_info).path_translated = estrdup(humi.lpszPath);
+ } else
+#endif
+ /* if mapping fails, default to what the server tells us */
+ SG(request_info).path_translated = estrdup(lpECB->lpszPathTranslated);
+
+ /* some server configurations allow '..' to slip through in the
+ translated path. We'll just refuse to handle such a path. */
+ if (strstr(SG(request_info).path_translated,"..")) {
+ SG(sapi_headers).http_response_code = 404;
+ efree(SG(request_info).path_translated);
+ SG(request_info).path_translated = NULL;
}
}
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
