Passing Uncontrolled Requests to PHP

Grant Thu, 13 Feb 2014 08:45:35 -0800

Does the wiki example mitigate the "Passing Uncontrolled Requests to PHP" risk?


        location ~ [^/]\.php(/|$) {
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                        return 404;
                }

                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include fastcgi_params;
        }

http://wiki.nginx.org/PHPFcgiExample

http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP

If not, I'd like to update it.

- Grant

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Passing Uncontrolled Requests to PHP

Reply via email to