ID: 48695
Updated by: srina...@php.net
Reported By: allerlei+bugs dot php dot net at sihw dot nl
Status: Assigned
Bug Type: CGI related
Operating System: Centos 4/5
PHP Version: 5.2.10
Assigned To: srinatar
New Comment:
in default apache cgi/fastcgi mode, apache sets some of these cgi
variables differently compared to what this bug submitter is doing in
his environment. hence this bug wasn't easy to reproduce.
as per the default apache cgi/fastcgi environment, apache sets
SCRIPT_FILENAME - to point to the location of the handler and
PATH_TRANSLATED to point to the location of the translated path of the
uri (translated from the document root). however, SCRIPT_NAME can be set
incorrectly (by apache cgi) in this default environment. So, php-cgi
sapi code needed to fix the SCRIPT_NAME in the default environment.
now, this potentially affects other web servers like iplanet web
server. so, a fix for this issue went into php 5.2.9/5.2.10 (see also
bug #47149/ #47042). now this fix handles scenario for apache as well as
other web servers in default mode.
however, here bug submitter uses apache in cgi environment along with a
custom apache handler (startscript - a handler script with custom
modifications based on cgiwrap which is another popular apache handler
script for cgi environment in multi hosting mode).
here, the bug seems to happen if some one uses custom apache handler
(some thing that mimics programs like cgiwrap) and accordingly munges
SCRIPT_FILENAME , PATH_TRANSLATED and other cgi variables appropriately
before feeding to php-cgi process.
php-cgi sapi code, with php version 5.2.9/10, expects the
SCRIPT_FILENAME to point to the apache handler while PATH_TRANSLATED to
point to the virtual path of the input uri.
however, the custom apache handler script that the bug submitter uses
in his environment - configured SCRIPT_FILENAME / PATH_TRANSLATED to
point to the virtual path of the input uri (to be the actual file name
of the input request uri)
this behavior is different from that of default apache behavior as well
as that of cgi wrappers like cgiwrap etc. hence bug submitter is seeing
different behavior with 5.2.10.
having said that - i couldn't find official documentation anywhere
within apache web site where it says SCRIPT_FILENAME cannot point to the
actual input uri, so, i can't outright reject out bug submitter's custom
apache handler code as well.
i am currently looking into the the best way to resolve this issue so
that customers like this bug submitter can continue to work without
having to make any changes into their apache handler script.
Previous Comments:
------------------------------------------------------------------------
[2009-07-20 08:20:21] allerlei+bugs dot php dot net at sihw dot nl
Sorry about the delay and the work I caused. I hope this is not
something I missed somewhere. The thing is, the same 'startscript' is
used for both 5.2.8 and 5.2.10. This program uses the php-cgi executable
to start the script (is execs into php-cgi + arguments).
I used this script to generate the environment:
#!/usr/bin/perl
print "Content-type: text/plain\n\n";
foreach my $i (sort keys %ENV)
{
print "${i}: " . $ENV{$i} . "\n";
}
#end
This is (most of) the output:
DOCUMENT_ROOT: /home/pakket/wensweb/web
GATEWAY_INTERFACE: CGI/1.1
HTTP_ACCEPT:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_CHARSET: UTF-8,*
HTTP_ACCEPT_ENCODING: gzip,deflate
HTTP_ACCEPT_LANGUAGE: nl-nl,en;q=0.7,fr;q=0.3
HTTP_CONNECTION: keep-alive
HTTP_HOST: www.wensweb.nl
HTTP_KEEP_ALIVE: 300
HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.0; nl;
rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
PATH: /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
PATH_INFO:
PATH_TRANSLATED: /home/pakket/wensweb/web/test8932.cgi
QUERY_STRING:
REDIRECT_HANDLER: startscript_exe
REDIRECT_SCRIPT_URI: http://www.wensweb.nl/test8932.cgi
REDIRECT_SCRIPT_URL: /test8932.cgi
REDIRECT_STATUS: 200
REDIRECT_URL: /test8932.cgi
REMOTE_ADDR: 83.161.60.47
REMOTE_PORT: 50783
REQUEST_METHOD: GET
REQUEST_URI: /test8932.cgi
SCRIPT_FILENAME: /home/pakket/wensweb/web/test8932.cgi
SCRIPT_NAME: /spinwebstartscript/startscript/wensweb/exe/test8932.cgi
SCRIPT_URI: http://www.wensweb.nl/test8932.cgi
SCRIPT_URL: /test8932.cgi
SERVER_ADDR: 81.26.210.110
SERVER_ADMIN: *
SERVER_NAME: www.wensweb.nl
SERVER_PORT: 80
SERVER_PROTOCOL: HTTP/1.1
SERVER_SIGNATURE:
SERVER_SOFTWARE: Apache
--
The script is now removed ofcause.
Do you think these values are correct enough? If you think this is not
bogus (as all stuff works ok in 5.2.8..) I can give you access if you
need it. Please e-mail me privately for that.
Jelmer)
------------------------------------------------------------------------
[2009-07-16 19:25:15] srina...@php.net
can you kindly provide the output of
PATH_TRANSLATED
SCRIPT_FILENAME
from a simple cgi script (not php).
i would like to see the env variable before it is passed to php.
to get this info, if you could kindly write a 2 line cgi script that
prints this value that should suffice.
I am afraid that if i don't hear any response too soon, i need to close
this bug as bogus.
i have tried my best reproduce it (with suEXEC as well as with
cgi-wrapper) and have also checked with apache 1.3.41 as well as with
apache 2.x and still unable to reproduce it.
either i am missing some thing or you had some issues with your
'startscript' cgi wrapper that you resolved it on your own.
------------------------------------------------------------------------
[2009-07-14 09:43:20] srina...@php.net
hi
as i mentioned in my comment, some help on how to reproduce this
issue would be much appreciated.
------------------------------------------------------------------------
[2009-07-11 10:20:50] sriram dot natarajan at gmail dot com
i have even configured with SuEXEC and still unable to reproduce this
issue. i must be missing some thing obvious. haven't figured out what it
is though..
if any one has any better suggestions on what should be my apache
config, i will appreciate.
------------------------------------------------------------------------
[2009-07-07 00:09:00] sriram dot natarajan at gmail dot com
ok, i compiled cgiwrap 4.1 with the following settings.
./configure
'--with-php=/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
'--with-httpd-user=sriramn' '--with-php-cgiwrap'
'--with-install-dir=/export/home/sriramn/sun/httpd22/cgi-bin'
'--with-install-group=staff' --with-cgiwrapd --with-php-interpreter
Initializing Logging
Redirecting STDERR to STDOUT
Setting SIGXCPU to default behaviour
Environment Variables:
QUERY_STRING: ''
SCRIPT_NAME: '/cgi-bin/php-cgiwrapd'
SCRIPT_FILENAME:
'/export/home/sriramn/sun/httpd22/cgi-bin/php-cgiwrapd'
REDIRECT_URL: '/php-cgi/cgi-info.php'
PATH_INFO: '/sriramn/php-cgi/cgi-info.php'
PATH_TRANSLATED:
'/export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php'
REMOTE_USER: '<NULL>'
REMOTE_HOST: '<NULL>'
REMOTE_ADDR: '127.0.0.1'
Trying to extract user from PATH_INFO.
Retrieved User Name: 'sriramn'
User Data Retrieved:
UserID: 'sriramn'
UID: '101'
GID: '10'
Home Dir: '/export/home/sriramn'
Checking user minimum uid.
Script Base Directory: '/export/home/sriramn/public_html/cgi-bin'
Fetching script string
Trying to extract script from PATH_INFO
Extracted PATH_INFO '/php-cgi/cgi-info.php'
Building script path
Condensing slashes.
Script Relative Path: 'php-cgi/cgi-info.php'
Script Absolute Path:
'/export/home/sriramn/public_html/cgi-bin/php-cgi/cgi-info.php'
Checking for special interpreted script (php).
Interpreter Path:
'/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
Fixing Environment Variables.
Environment Variables:
QUERY_STRING: ''
SCRIPT_NAME:
'/cgi-bin/php-cgiwrapd/sriramn/php-cgi/cgi-info.php'
SCRIPT_FILENAME:
'/export/home/sriramn/public_html/cgi-bin/php-cgi/cgi-info.php'
REDIRECT_URL: '/php-cgi/cgi-info.php'
PATH_INFO: '<NULL>'
PATH_TRANSLATED:
'/export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php'
REMOTE_USER: '<NULL>'
REMOTE_HOST: '<NULL>'
REMOTE_ADDR: '127.0.0.1'
UIDs/GIDs Changed To:
RUID: '101'
EUID: '101'
RGID: '10'
EGID: '10'
Changing current directory to
'/export/home/sriramn/public_html/cgi-bin/php-cgi'
Executing: '/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
Arguments:
0: '/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
1: 'cgi-info.php'
Output of script follows:
=====================================================
X-Powered-By: PHP/5.2.10
Content-type: text/html
server software Apache/2.2.11 (Unix)
script name /php-cgi/cgi-info.php
script filename
/export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php
path info
path translated
redirect uri
redirect url/php-cgi/cgi-info.php
self uri is /php-cgi/cgi-info.php
and php 5.2.10 seem to be returning the right output.
what configuration am i missing ?
fyi, here is how my apache conf looks ..
AddHandler cgi-wrapper .php
AddHandler cgi-wrapper .cgi
Action cgi-wrapper /cgi-bin/php-cgiwrapd/sriramn
what am I missing here ?
i will also hook up SuEXEC and see if I can reproduce that way..
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/48695
--
Edit this bug report at http://bugs.php.net/?id=48695&edit=1
