ID: 47042 User updated by: sriram dot natarajan at sun dot com Reported By: sriram dot natarajan at sun dot com -Status: Closed +Status: Open Bug Type: CGI related Operating System: linux , solaris -PHP Version: 5.2.8 +PHP Version: 5.2.9 New Comment:
Hi php cgi module assumes that if redirect_uri is set , the request must be from apache and throws away the script_name value and assigns path_translated value to script name. this is because, in cgi environment, apache sets the SCRIPT_NAME to the location of the php-cgi binary and keeping the PATH_INFO variable to point to the requested php script. this is very unique only to apache. this crude test condition for apache is affecting sun web server executing in fastcgi mode where in it looses the script_name value and ends up returning with 'no input file specified'. this happens only for sun web server and not for lighttpd because lighttpd does not set redirect_uri when requested for index.php. based on this analysis , earlier, i provided a patch to address this issue . however, i overlooked the obvious and ended up breaking apache in cgi mode. because of this, a separate bug : http://bugs.php.net/bug.php?id=47149 has been filed and my suggested patch was reverted. my sincere apology on providing this obviously broken patch and wasting some of your time. pl. find attached a below patch that should do the right thing. what we want to do is a) compare whether the script path is different from path translated since we know that apache by default sets the script name to point to the location of cgi binary and not the requested uri [sn123...@samp]'php5'>diff -u php-5.2.9/sapi/cgi/cgi_main.c.ORIG php-5.2.9/sapi/cgi/cgi_main.c --- php-5.2.9/sapi/cgi/cgi_main.c.ORIG Sat Feb 28 00:44:54 2009 +++ php-5.2.9/sapi/cgi/cgi_main.c Sat Feb 28 00:46:00 2009 @@ -961,7 +961,8 @@ } if (env_path_translated != NULL && env_redirect_url != NULL && - orig_script_filename != NULL && script_path_translated != NULL) { + env_path_translated != script_path_translated && + strcmp(env_path_translated, script_path_translated) != 0) { /* pretty much apache specific. If we have a redirect_url then our script_filename and script_name point to the Previous Comments: ------------------------------------------------------------------------ [2009-01-11 11:13:02] d...@php.net This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2009-01-08 22:19:12] sriram dot natarajan at sun dot com previous patch had whitespaces instead of tabs causing the patch to appear distorted. posting a same patch with this issue addressed --- sapi/cgi/cgi_main.c.ORIG Thu Jan 8 14:18:25 2009 +++ sapi/cgi/cgi_main.c Thu Jan 8 14:18:31 2009 @@ -960,7 +960,9 @@ TRANSLATE_SLASHES(env_document_root); } - if (env_path_translated != NULL && env_redirect_url != NULL) { + if (env_path_translated != NULL && env_redirect_url != NULL && + orig_script_filename != NULL && script_path_translated != NULL && + strcmp(orig_script_filename, script_path_translated) != 0) { /* pretty much apache specific. If we have a redirect_url then our script_filename and script_name point to the ------------------------------------------------------------------------ [2009-01-08 20:06:25] sriram dot natarajan at sun dot com here is the suggested patch to address this issue --- sapi/cgi/cgi_main.c.ORIG Wed Jan 7 07:10:14 2009 +++ sapi/cgi/cgi_main.c Wed Jan 7 19:37:21 2009 @@ -960,16 +960,18 @@ TRANSLATE_SLASHES(env_document_root); } - if (env_path_translated != NULL && env_redirect_url != NULL) { - /* - pretty much apache specific. If we have a redirect_url - then our script_filename and script_name point to the - php executable - */ - script_path_translated = env_path_translated; - /* we correct SCRIPT_NAME now in case we don't have PATH_INFO */ - env_script_name = env_redirect_url; - } + if (env_path_translated != NULL && env_redirect_url != NULL && + orig_script_filename != NULL && script_path_translated != NULL && + strcmp(orig_script_filename, script_path_translated) != 0) { + /* + pretty much apache specific. If we have a redirect_url + then our script_filename and script_name point to the + php executable + */ + script_path_translated = env_path_translated; + /* we correct SCRIPT_NAME now in case we don't have PATH_INFO */ + env_script_name = env_redirect_url; + } ------------------------------------------------------------------------ [2009-01-08 20:04:39] sriram dot natarajan at sun dot com Description: ------------ currently, php cgi sapi code checks for redirect url and env_path_translated to determine if the request is coming from apache web server and accordingly modifies the CGI environment variables so that server can continue processing. however, this check is insufficient considering that any web server exporting SCRIPT_FILENAME and REDIRECT_URL with some value will be hit by the apache specific processing. Reproduce code: --------------- if (env_path_translated != NULL && env_redirect_url != NULL) { /* pretty much apache specific. If we have a redirect_url then our script_filename and script_name point to the php executable */ script_path_translated = env_path_translated; /* we correct SCRIPT_NAME now in case we don't have PATH_INFO */ env_script_name = env_redirect_url; } Expected result: ---------------- server should continue processing Actual result: -------------- no input file is returned ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47042&edit=1
