dmitry Wed Aug 8 13:02:01 2007 UTC
Modified files:
/php-src/sapi/cgi cgi_main.c
Log:
- Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir
and using PATH_INFO).
- Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning
on screws up PATH_INFO).
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.328&r2=1.329&diff_format=u
Index: php-src/sapi/cgi/cgi_main.c
diff -u php-src/sapi/cgi/cgi_main.c:1.328 php-src/sapi/cgi/cgi_main.c:1.329
--- php-src/sapi/cgi/cgi_main.c:1.328 Wed Aug 8 10:00:20 2007
+++ php-src/sapi/cgi/cgi_main.c Wed Aug 8 13:02:01 2007
@@ -21,7 +21,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: cgi_main.c,v 1.328 2007/08/08 10:00:20 jani Exp $ */
+/* $Id: cgi_main.c,v 1.329 2007/08/08 13:02:01 dmitry Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -498,16 +498,29 @@
static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC)
{
- unsigned int new_val_len;
- char *val = SG(request_info).request_uri ? SG(request_info).request_uri
: "";
+ char *script_name = SG(request_info).request_uri;
+ unsigned int script_name_len = script_name ? strlen(script_name) : 0;
+ char *path_info = sapi_cgibin_getenv("PATH_INFO",
sizeof("PATH_INFO")-1 TSRMLS_CC);
+ unsigned int path_info_len = path_info ? strlen(path_info) : 0;
+ unsigned int php_self_len = script_name_len + path_info_len;
+ char *php_self = emalloc(php_self_len + 1);
+
+ if (script_name) {
+ memcpy(php_self, script_name, script_name_len + 1);
+ }
+ if (path_info) {
+ memcpy(php_self + script_name_len, path_info, path_info_len +
1);
+ }
+
/* In CGI mode, we consider the environment to be a part of the server
* variables
*/
php_import_environment_variables(track_vars_array TSRMLS_CC);
/* Build the special-case PHP_SELF variable for the CGI version */
- if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &val,
strlen(val), &new_val_len TSRMLS_CC)) {
- php_register_variable_safe("PHP_SELF", val, new_val_len,
track_vars_array TSRMLS_CC);
+ if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &php_self,
php_self_len, &php_self_len TSRMLS_CC)) {
+ php_register_variable_safe("PHP_SELF", php_self, php_self_len,
track_vars_array TSRMLS_CC);
}
+ efree(php_self);
}
static void sapi_cgi_log_message(char *message)
@@ -664,7 +677,7 @@
SCRIPT_NAME
set to a URL path that could identify the CGI script
- rather than the interpreter. PHP_SELF is set to this.
+ rather than the interpreter. PHP_SELF is set to this
REQUEST_URI
uri section following the domain:port part of a URI
@@ -806,7 +819,21 @@
if (orig_path_info !=
path_info) {
if (orig_path_info) {
+ char old;
+
_sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC);
+ old =
path_info[0];
+ path_info[0] =
0;
+ if
(!orig_script_name ||
+
strcmp(orig_script_name, env_path_info) != 0) {
+ if
(orig_script_name) {
+
_sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC);
+ }
+
SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_path_info
TSRMLS_CC);
+ } else {
+
SG(request_info).request_uri = orig_script_name;
+ }
+ path_info[0] =
old;
}
env_path_info =
_sapi_cgibin_putenv("PATH_INFO", path_info TSRMLS_CC);
}
@@ -823,8 +850,7 @@
SCRIPT_FILENAME minus
SCRIPT_NAME
*/
- if (env_document_root)
- {
+ if (env_document_root) {
int l =
strlen(env_document_root);
int path_translated_len
= 0;
char *path_translated =
NULL;
@@ -836,10 +862,7 @@
/* we have docroot, so
we should have:
*
DOCUMENT_ROOT=/docroot
*
SCRIPT_FILENAME=/docroot/info.php
- *
- * SCRIPT_NAME is the
portion of the path beyond docroot
*/
- env_script_name = pt +
l;
/* PATH_TRANSLATED =
DOCUMENT_ROOT + PATH_INFO */
path_translated_len = l
+ (env_path_info ? strlen(env_path_info) : 0);
@@ -889,38 +912,47 @@
script_path_translated =
_sapi_cgibin_putenv("SCRIPT_FILENAME", NULL TSRMLS_CC);
SG(sapi_headers).http_response_code =
404;
}
- if (!orig_script_name ||
- strcmp(orig_script_name,
env_script_name) != 0) {
- if (orig_script_name) {
-
_sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC);
+ if (!SG(request_info).request_uri) {
+ if (!orig_script_name ||
+ strcmp(orig_script_name,
env_script_name) != 0) {
+ if (orig_script_name) {
+
_sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC);
+ }
+ SG(request_info).request_uri =
_sapi_cgibin_putenv("SCRIPT_NAME", env_script_name TSRMLS_CC);
+ } else {
+ SG(request_info).request_uri =
orig_script_name;
}
- SG(request_info).request_uri =
_sapi_cgibin_putenv("SCRIPT_NAME", env_script_name TSRMLS_CC);
- } else {
- SG(request_info).request_uri =
orig_script_name;
}
if (pt) {
efree(pt);
}
+ /* some server configurations allow '..' to
slip through in the
+ translated path. We'll just refuse to
handle such a path. */
+ if (script_path_translated &&
!strstr(script_path_translated, "..")) {
+ SG(request_info).path_translated =
estrdup(script_path_translated);
+ }
} else {
if (real_path) {
script_path_translated = real_path;
}
/* make sure path_info/translated are empty */
if (!orig_script_filename ||
- (script_path_translated !=
orig_script_filename) ||
- strcmp(script_path_translated,
orig_script_filename) != 0) {
+ (script_path_translated !=
orig_script_filename &&
+ strcmp(script_path_translated,
orig_script_filename) != 0)) {
if (orig_script_filename) {
_sapi_cgibin_putenv("ORIG_SCRIPT_FILENAME", orig_script_filename TSRMLS_CC);
}
script_path_translated =
_sapi_cgibin_putenv("SCRIPT_FILENAME", script_path_translated TSRMLS_CC);
}
- if (orig_path_info) {
- _sapi_cgibin_putenv("ORIG_PATH_INFO",
orig_path_info TSRMLS_CC);
- _sapi_cgibin_putenv("PATH_INFO", NULL
TSRMLS_CC);
- }
- if (orig_path_translated) {
-
_sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC);
- _sapi_cgibin_putenv("PATH_TRANSLATED",
NULL TSRMLS_CC);
+ if (env_redirect_url) {
+ if (orig_path_info) {
+
_sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC);
+
_sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC);
+ }
+ if (orig_path_translated) {
+
_sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC);
+
_sapi_cgibin_putenv("PATH_TRANSLATED", NULL TSRMLS_CC);
+ }
}
if (env_script_name != orig_script_name) {
if (orig_script_name) {
@@ -930,6 +962,11 @@
} else {
SG(request_info).request_uri =
env_script_name;
}
+ /* some server configurations allow '..' to
slip through in the
+ translated path. We'll just refuse to
handle such a path. */
+ if (script_path_translated &&
!strstr(script_path_translated, "..")) {
+ SG(request_info).path_translated =
estrdup(script_path_translated);
+ }
if (real_path) {
free(real_path);
}
@@ -944,16 +981,16 @@
if (!CGIG(discard_path) && env_path_translated) {
script_path_translated = env_path_translated;
}
+ /* some server configurations allow '..' to slip
through in the
+ translated path. We'll just refuse to handle such
a path. */
+ if (script_path_translated &&
!strstr(script_path_translated, "..")) {
+ SG(request_info).path_translated =
estrdup(script_path_translated);
+ }
}
SG(request_info).request_method =
sapi_cgibin_getenv("REQUEST_METHOD", sizeof("REQUEST_METHOD")-1 TSRMLS_CC);
/* FIXME - Work out proto_num here */
SG(request_info).query_string =
sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC);
- /* some server configurations allow '..' to slip through in the
- translated path. We'll just refuse to handle such a path.
*/
- if (script_path_translated && !strstr(script_path_translated,
"..")) {
- SG(request_info).path_translated =
estrdup(script_path_translated);
- }
SG(request_info).content_type = (content_type ? content_type :
"" );
SG(request_info).content_length = (content_length ?
atoi(content_length) : 0);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
