ID: 47042
User updated by: sriram dot natarajan at sun dot com
Reported By: sriram dot natarajan at sun dot com
Status: Open
Bug Type: *Web Server problem
Operating System: linux , solaris
PHP Version: 5.2.8
New Comment:
previous patch had whitespaces instead of tabs causing the patch to
appear distorted.
posting a same patch with this issue addressed
--- sapi/cgi/cgi_main.c.ORIG Thu Jan 8 14:18:25 2009
+++ sapi/cgi/cgi_main.c Thu Jan 8 14:18:31 2009
@@ -960,7 +960,9 @@
TRANSLATE_SLASHES(env_document_root);
}
- if (env_path_translated != NULL &&
env_redirect_url != NULL) {
+ if (env_path_translated != NULL &&
env_redirect_url != NULL &&
+ orig_script_filename != NULL &&
script_path_translated != NULL &&
+ strcmp(orig_script_filename,
script_path_translated) != 0) {
/*
pretty much apache specific. If we
have a redirect_url
then our script_filename and
script_name point to the
Previous Comments:
------------------------------------------------------------------------
[2009-01-08 20:06:25] sriram dot natarajan at sun dot com
here is the suggested patch to address this issue
--- sapi/cgi/cgi_main.c.ORIG Wed Jan 7 07:10:14 2009
+++ sapi/cgi/cgi_main.c Wed Jan 7 19:37:21 2009
@@ -960,16 +960,18 @@
TRANSLATE_SLASHES(env_document_root);
}
- if (env_path_translated != NULL &&
env_redirect_url != NULL) {
- /*
- pretty much apache specific. If we
have a redirect_url
- then our script_filename and
script_name point to the
- php executable
- */
- script_path_translated =
env_path_translated;
- /* we correct SCRIPT_NAME now in case
we don't have PATH_INFO */
- env_script_name = env_redirect_url;
- }
+ if (env_path_translated != NULL &&
env_redirect_url != NULL &&
+ orig_script_filename != NULL &&
script_path_translated != NULL &&
+ strcmp(orig_script_filename,
script_path_translated) != 0) {
+ /*
+ pretty much apache specific. If we
have a redirect_url
+ then our script_filename and
script_name point to the
+ php executable
+ */
+ script_path_translated =
env_path_translated;
+ /* we correct SCRIPT_NAME now in case
we don't have PATH_INFO */
+ env_script_name = env_redirect_url;
+ }
------------------------------------------------------------------------
[2009-01-08 20:04:39] sriram dot natarajan at sun dot com
Description:
------------
currently, php cgi sapi code checks for redirect url and
env_path_translated to determine if the request is coming from apache
web server and accordingly modifies the CGI environment variables so
that server can continue processing.
however, this check is insufficient considering that any web server
exporting SCRIPT_FILENAME and REDIRECT_URL with some value will be hit
by the apache specific processing.
Reproduce code:
---------------
if (env_path_translated != NULL && env_redirect_url != NULL)
{
/*
pretty much apache specific. If we have a
redirect_url
then our script_filename and script_name point to
the
php executable
*/
script_path_translated = env_path_translated;
/* we correct SCRIPT_NAME now in case we don't have
PATH_INFO */
env_script_name = env_redirect_url;
}
Expected result:
----------------
server should continue processing
Actual result:
--------------
no input file is returned
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=47042&edit=1
