I've taken a look at the code that registers $PHP_SELF in the CGI version,
in accordance with bug 6491. I see the problem, its that on some server &
OS combinations, the SCRIPT_NAME environment variable is incorrectly set
and therefore the below code exhibits the bug (the strcmp() should
avoid the request_uri being tagged on, but because the SCRIPT_NAME is
invalid, it doesn't happen the two don't match, and the REQUEST_URI is
incorrectly tagged on).
It seems like the logical fix to this would to be just registering the
REQUEST_URI as the PHP_SELF, however, I don't know this code to well,
could one of the authors explain the reasoning behind prepending the
SCRIPT_NAME when FORCE_CGI_REDIRECT is not enabled?
-Sterling
Related Code:
#if FORCE_CGI_REDIRECT
php_register_variable("PHP_SELF", (SG(request_info).request_uri ?
SG(request_info).request_uri:""), track_vars_array ELS_CC PLS_CC);
#else
{
char *sn;
char *val;
int l=0;
sn = getenv("SCRIPT_NAME");
pi = SG(request_info).request_uri;
if (sn)
l += strlen(sn);
if (pi)
l += strlen(pi);
if (pi && sn && !strcmp(pi, sn)) {
l -= strlen(pi);
pi = NULL;
}
val = emalloc(l + 1);
sprintf(val, "%s%s", (sn ? sn : ""), (pi ? pi : "")); /* SAFE */
php_register_variable("PHP_SELF", val, track_vars_array ELS_CC
PLS_CC);
efree(val);
}
#endif
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
