I've taken a look at the code that registers $PHP_SELF in the CGI version,
in accordance with bug 6491.  I see the problem, its that on some server &
OS combinations, the SCRIPT_NAME environment variable is incorrectly set
and therefore the below code exhibits the bug (the strcmp() should
avoid the request_uri being tagged on, but because the SCRIPT_NAME is
invalid, it doesn't happen the two don't match, and the REQUEST_URI is
incorrectly tagged on).

It seems like the logical fix to this would to be just registering the
REQUEST_URI as the PHP_SELF, however, I don't know this code to well,
could one of the authors explain the reasoning behind prepending the


Related Code:

    php_register_variable("PHP_SELF", (SG(request_info).request_uri ? 
SG(request_info).request_uri:""), track_vars_array ELS_CC PLS_CC);
        char *sn;
        char *val;
        int l=0;

        sn = getenv("SCRIPT_NAME");
        pi = SG(request_info).request_uri;
        if (sn)
            l += strlen(sn);
        if (pi)
            l += strlen(pi);
        if (pi && sn && !strcmp(pi, sn)) {
            l -= strlen(pi);
            pi = NULL;
        val = emalloc(l + 1);
        sprintf(val, "%s%s", (sn ? sn : ""), (pi ? pi : ""));   /* SAFE */
        php_register_variable("PHP_SELF", val, track_vars_array ELS_CC

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to