Edit report at https://bugs.php.net/bug.php?id=51983&edit=1
ID: 51983
Comment by: f...@php.net
Reported by: konstantin at symbi dot org
Summary: [fpm sapi] pm.status_path not working when
cgi.fix_pathinfo=1
Status: Assigned
Type: Bug
Package: FPM related
Operating System: Any
PHP Version: 5.3SVN-2010-06-03 (snap)
Assigned To: fat
Block user comment: N
Private report: N
New Comment:
Warning: the following comment is very long. Take time to read it and don't
hesitate to ask me for details questions.
Notes: I've not been able to put it all in one comment (it's detected as spam).
So I've split it into several comments.
I just review de patch and there is a problem.
It does not work with mod_fastcgi except when mod_fastcgi is configured as
commented before:
DocumentRoot "/var/www"
FastCgiExternalServer /var/www -socket /tmp/php-fpm.sock
<Directory /var/www>
Options FollowSymLinks +ExecCGI
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
Setting this make all requests to be forward to php-fpm and that is definitely
NOT what common configurations aim to do.
More common mod_fastcgi configuration would be something like:
ScriptAlias /fcgi-bin/ /usr/local/apache2/fcgi-bin/
FastCGIExternalServer /usr/local/apache2/fcgi-bin/php-cgi -host 127.0.0.1:9000
AddHandler php-fastcgi .php
Action php-fastcgi /fcgi-bin/php-cgi
and in this case, the patch does not work.
Previous Comments:
------------------------------------------------------------------------
[2011-07-03 17:28:11] fel...@php.net
Ah okay, I was wondering if it already has been closed. Thanks.
------------------------------------------------------------------------
[2011-07-03 17:24:37] f...@php.net
I'm dequeuing FPM bugs. I've started with the simple ones. This one is on my
todo
list. I don't have an ETA right now.
++ Jerome
------------------------------------------------------------------------
[2011-07-03 14:33:23] fel...@php.net
What is the status of this?
------------------------------------------------------------------------
[2011-02-01 13:34:05] slim at inbox dot lv
after applying the patch php compiled with debug complain on every request:
Feb 01 14:26:38.214800 [WARNING] [pool www] child 16257 said into stderr: "[Tue
Feb 1 14:26:38 2011] Script: '-'"
Feb 01 14:26:38.214846 [WARNING] [pool www] child 16257 said into stderr:
"/var/tmp/portage/dev-lang/php-5.3.5-r100/work/sapis-build/fpm/sapi/fpm/fpm/fpm_main.c(1116)
: Freeing 0x08B95CBC (23 bytes), script=-"
Feb 01 14:26:38.214857 [WARNING] [pool www] child 16257 said into stderr: "===
Total 1 memory leaks detected ==="
Feb 01 14:26:40.535416 [WARNING] [pool www] child 16258 said into stderr: "[Tue
Feb 1 14:26:40 2011] Script: '-'"
Feb 01 14:26:40.535466 [WARNING] [pool www] child 16258 said into stderr:
"/var/tmp/portage/dev-lang/php-5.3.5-r100/work/sapis-build/fpm/sapi/fpm/fpm/fpm_main.c(1116)
: Freeing 0x08B95EA4 (23 bytes), script=-"
Feb 01 14:26:40.535477 [WARNING] [pool www] child 16258 said into stderr: "===
Total 1 memory leaks detected ==="
a line at fpm_main.c(1116) causing this is
SG(request_info).request_uri = request_uri ? estrndup(request_uri,
strcspn(request_uri, "?")) : NULL;
------------------------------------------------------------------------
[2010-08-04 17:07:20] konstantin at symbi dot org
btw, current fix_pathinfo implementation has security problems:
http://habrahabr.ru/blogs/sysadm/100961/
http://www.80sec.com/nginx-securit.html
If a site has uploads (say, images), one can upload an image containing
executable php code and append /something.php to the image url (say,
/uploads/1.jpg/test.php). When fix_pathinfo=1, init_request_info would use
/uploads/1.jpg as a script filename.
The suggested patch fixes this, too.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=51983
--
Edit this bug report at https://bugs.php.net/bug.php?id=51983&edit=1
