Edit report at http://bugs.php.net/bug.php?id=52293&edit=1
ID: 52293 User updated by: brouard at ined dot fr Reported by: brouard at ined dot fr Summary: $_SERVER['PATH_INFO'] doesn't accept single quote in filename Status: Bogus Type: Feature/Change Request Package: PHP options/info functions Operating System: Linux PHP Version: 5.3.2 New Comment: testi.cgi Many thanks for your answer. In fact I tested an URL adding "that's it" in the pathinfo using a perl standard cgi and a php script on the same server. The perl script output the single quote but the php script changed it to a question mark: testi.cgi: #!/usr/bin/perl print "Content-type: text/html\n\n"; print "<p>PATH_INFO=".$ENV{"PATH_INFO"}."</p>\n"; URL http://myweb/cgi-bin/testi.cgi/that's it outputs: PATH_INFO = /that's it which is correct. PHP phpinfoi.php script: <?php echo "PATH_INFO=".$SERVER['PATH_INFO']."<p/>\n"; URL: http://myweb/w/phpinfoi.php/that's it outputs PATH_INFO=/that?s it which is wrong. I suspect a defect in the apache php module. And you? Previous Comments: ------------------------------------------------------------------------ [2010-07-16 07:18:17] ahar...@php.net PHP gets the value of PATH_INFO from the Web server, so it's much more likely to be a problem there. ------------------------------------------------------------------------ [2010-07-11 01:10:46] jinmoku at hotmail dot com use utf8_(de|en)code, it's the browser and/or the server who's write this ------------------------------------------------------------------------ [2010-07-08 20:41:27] brouard at ined dot fr Description: ------------ $_SERVER['PATH_INFO'] doesn't return single quote in filename. Although single quote in filenames were used frequently in French while using mediawiki server. But in recent versions of mediawiki (svn) we can upload images or pdf files having quotes in their name, like "Rapport d'activité.pdf" but we can't retrieve any more because the $_SERVER['PATH_INFO'] is returning a question mark instead of a quote "/6/6e/Rapport_d?activité.pdf". It has been working for years and now it says "Access denied, you must log in". It doesn't affect all wiki servers but only servers where access to files is granted via the img_auth.php (which means that only logged users can access to uploaded images). The orginal code of img_auth.php was: $path = $_SERVER['PATH_INFO']; $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] ); wfDebugLog( 'img_auth', "\$path is {$path}" ); and the log output contains a question mark instead of the quote. I decided to patch by replacing the question mark with a single quote: $path = preg_replace('/\?/','\'', $_SERVER['PATH_INFO']); and it works but it is not very clean. What is wrong with having single quote in the PATH_INFO as long as filenames can have single quote? Many thanks for any information. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=52293&edit=1