dmitry Wed Aug 8 13:01:40 2007 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS /php-src/sapi/cgi cgi_main.c Log: - Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO). - Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning on screws up PATH_INFO).
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.885&r2=1.2027.2.547.2.886&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.885 php-src/NEWS:1.2027.2.547.2.886 --- php-src/NEWS:1.2027.2.547.2.885 Wed Aug 8 11:37:44 2007 +++ php-src/NEWS Wed Aug 8 13:01:39 2007 @@ -7,11 +7,15 @@ - Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre) - Fixed bug #42208 (substr_replace() crashes when the same array is passed more than once). (crrodriguez at suse dot de, Ilia) +- Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir + and using PATH_INFO). (Dmitry) - Fixed bug #42195 (C++ compiler required always). (Jani) - Fixed bug #42082 (NodeList length zero should be empty). (Hannes) - Fixed bug #41973 (./configure --with-ldap=shared fails with LDFLAGS="-Wl,--as-needed"). (Nuno) - Fixed bug #36492 (Userfilters can leak buckets). (Sara) +- Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning + on screws up PATH_INFO). (Dmitry) 02 Aug 2007, PHP 5.2.4RC1 - Removed --enable-versioning configure option. (Jani) http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.44&r2=1.267.2.15.2.45&diff_format=u Index: php-src/sapi/cgi/cgi_main.c diff -u php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.44 php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.45 --- php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.44 Wed Aug 8 10:00:34 2007 +++ php-src/sapi/cgi/cgi_main.c Wed Aug 8 13:01:40 2007 @@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: cgi_main.c,v 1.267.2.15.2.44 2007/08/08 10:00:34 jani Exp $ */ +/* $Id: cgi_main.c,v 1.267.2.15.2.45 2007/08/08 13:01:40 dmitry Exp $ */ #include "php.h" #include "php_globals.h" @@ -522,16 +522,29 @@ static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC) { - unsigned int new_val_len; - char *val = SG(request_info).request_uri ? SG(request_info).request_uri : ""; + char *script_name = SG(request_info).request_uri; + unsigned int script_name_len = script_name ? strlen(script_name) : 0; + char *path_info = sapi_cgibin_getenv("PATH_INFO", sizeof("PATH_INFO")-1 TSRMLS_CC); + unsigned int path_info_len = path_info ? strlen(path_info) : 0; + unsigned int php_self_len = script_name_len + path_info_len; + char *php_self = emalloc(php_self_len + 1); + + if (script_name) { + memcpy(php_self, script_name, script_name_len + 1); + } + if (path_info) { + memcpy(php_self + script_name_len, path_info, path_info_len + 1); + } + /* In CGI mode, we consider the environment to be a part of the server * variables */ php_import_environment_variables(track_vars_array TSRMLS_CC); /* Build the special-case PHP_SELF variable for the CGI version */ - if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &val, strlen(val), &new_val_len TSRMLS_CC)) { - php_register_variable_safe("PHP_SELF", val, new_val_len, track_vars_array TSRMLS_CC); + if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &php_self, php_self_len, &php_self_len TSRMLS_CC)) { + php_register_variable_safe("PHP_SELF", php_self, php_self_len, track_vars_array TSRMLS_CC); } + efree(php_self); } static void sapi_cgi_log_message(char *message) @@ -830,7 +843,21 @@ if (orig_path_info != path_info) { if (orig_path_info) { + char old; + _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); + old = path_info[0]; + path_info[0] = 0; + if (!orig_script_name || + strcmp(orig_script_name, env_path_info) != 0) { + if (orig_script_name) { + _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); + } + SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_path_info TSRMLS_CC); + } else { + SG(request_info).request_uri = orig_script_name; + } + path_info[0] = old; } env_path_info = _sapi_cgibin_putenv("PATH_INFO", path_info TSRMLS_CC); } @@ -847,8 +874,7 @@ SCRIPT_FILENAME minus SCRIPT_NAME */ - if (env_document_root) - { + if (env_document_root) { int l = strlen(env_document_root); int path_translated_len = 0; char *path_translated = NULL; @@ -860,10 +886,7 @@ /* we have docroot, so we should have: * DOCUMENT_ROOT=/docroot * SCRIPT_FILENAME=/docroot/info.php - * - * SCRIPT_NAME is the portion of the path beyond docroot */ - env_script_name = pt + l; /* PATH_TRANSLATED = DOCUMENT_ROOT + PATH_INFO */ path_translated_len = l + (env_path_info ? strlen(env_path_info) : 0); @@ -913,38 +936,47 @@ script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", NULL TSRMLS_CC); SG(sapi_headers).http_response_code = 404; } - if (!orig_script_name || - strcmp(orig_script_name, env_script_name) != 0) { - if (orig_script_name) { - _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); + if (!SG(request_info).request_uri) { + if (!orig_script_name || + strcmp(orig_script_name, env_script_name) != 0) { + if (orig_script_name) { + _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); + } + SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_script_name TSRMLS_CC); + } else { + SG(request_info).request_uri = orig_script_name; } - SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_script_name TSRMLS_CC); - } else { - SG(request_info).request_uri = orig_script_name; - } + } if (pt) { efree(pt); } + /* some server configurations allow '..' to slip through in the + translated path. We'll just refuse to handle such a path. */ + if (script_path_translated && !strstr(script_path_translated, "..")) { + SG(request_info).path_translated = estrdup(script_path_translated); + } } else { if (real_path) { script_path_translated = real_path; } /* make sure path_info/translated are empty */ if (!orig_script_filename || - (script_path_translated != orig_script_filename) || - strcmp(script_path_translated, orig_script_filename) != 0) { + (script_path_translated != orig_script_filename && + strcmp(script_path_translated, orig_script_filename) != 0)) { if (orig_script_filename) { _sapi_cgibin_putenv("ORIG_SCRIPT_FILENAME", orig_script_filename TSRMLS_CC); } script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", script_path_translated TSRMLS_CC); } - if (orig_path_info) { - _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); - _sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC); - } - if (orig_path_translated) { - _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); - _sapi_cgibin_putenv("PATH_TRANSLATED", NULL TSRMLS_CC); + if (env_redirect_url) { + if (orig_path_info) { + _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); + _sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC); + } + if (orig_path_translated) { + _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); + _sapi_cgibin_putenv("PATH_TRANSLATED", NULL TSRMLS_CC); + } } if (env_script_name != orig_script_name) { if (orig_script_name) { @@ -954,6 +986,11 @@ } else { SG(request_info).request_uri = env_script_name; } + /* some server configurations allow '..' to slip through in the + translated path. We'll just refuse to handle such a path. */ + if (script_path_translated && !strstr(script_path_translated, "..")) { + SG(request_info).path_translated = estrdup(script_path_translated); + } if (real_path) { free(real_path); } @@ -967,20 +1004,21 @@ SG(request_info).request_uri = env_script_name; } #if !DISCARD_PATH - if (env_path_translated) + if (env_path_translated) { script_path_translated = env_path_translated; + } #endif + /* some server configurations allow '..' to slip through in the + translated path. We'll just refuse to handle such a path. */ + if (script_path_translated && !strstr(script_path_translated, "..")) { + SG(request_info).path_translated = estrdup(script_path_translated); + } #if ENABLE_PATHINFO_CHECK } #endif SG(request_info).request_method = sapi_cgibin_getenv("REQUEST_METHOD", sizeof("REQUEST_METHOD")-1 TSRMLS_CC); /* FIXME - Work out proto_num here */ SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC); - /* some server configurations allow '..' to slip through in the - translated path. We'll just refuse to handle such a path. */ - if (script_path_translated && !strstr(script_path_translated, "..")) { - SG(request_info).path_translated = estrdup(script_path_translated); - } SG(request_info).content_type = (content_type ? content_type : "" ); SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php