#20891 [NEW]: Misuse PATH_INFO, PATH_TRANSLATED environment variables in CGI, Fastcgi SAPI

Sun, 08 Dec 2002 18:15:50 -0800 

From:             [EMAIL PROTECTED]
Operating system: Linux
PHP version:      4.2.3
PHP Bug Type:     Feature/Change Request
Bug description:  Misuse PATH_INFO, PATH_TRANSLATED environment variables in CGI, 
Fastcgi SAPI 

I am writting a web server which can support PHP. 
I found the CGI and fastcgi SAPI modules misuse the PATH_INFO,
PATH_TRANSLATED environment variables, at least I think they are.
I did the following test with apache-1.3.24:
I had phpinfo.php and php executable in cgi-bin directory:

$ more phpinfo.php 
#!./php
<HTML>
<BODY>
   <?php phpinfo() ?>
</BODY>
</HTML>

The request:
http://localhost/cgi-bin/phpinfo.php 
has no problem

The request:
http://localhost/cgi-bin/phpinfo.php/path/info  
will return 500 Internal server error
same thing will happen with fastcgi SAPI.

the second request will succeed with mod_php.

I read the code of CGI and fastcgi modules and found PATH_TRANSLATED is
used as the path of php scirpt file when it exists, otherwise
SCRIPT_FILENAME will be used. Then for the second request, the script file
refered as PATH_TRANSLATED will not be found.
The PATH_INFO is not used in the right way too.
PATH_INFO is used as the request URI, if it exists, otherwise SCRIPT_NAME
is used.

They are is not compliant with CGI 1.1 or 1.2 specification.
The right way to use those environment variables are:
reuqest URI = <REQUEST_URI> or <SCRIPT_NAME>+<PATH_INFO>
script_file_path = <SCRIPT_FILENAME>.
<PATH_TRANSLATED> should NOT be touched.
If <SCRIPT_FILENAME> does not exist, you can try to build the
script_file_path from <DOCUMENT_ROOT>+<SCRIPT_NAME>, but that is not
guaranteed to be correct.

Best regards,
Gang Wang



-- 
Edit bug report at http://bugs.php.net/?id=20891&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=20891&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=20891&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=20891&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=20891&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=20891&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=20891&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=20891&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=20891&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=20891&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=20891&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20891&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=20891&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=20891&r=isapi

Reply via email to