Public bug reported: Binary package hint: libapache2-mod-php5
To reproduce: Put a phpinfo.php with following contents in the server www root: <?php header("Content-Type: text/html; charset=iso-8859-1"); phpinfo(); ?> The location of the PHP script must have Apache setting "AcceptPathInfo On", but if I've understood correctly, this is the default configuration. Open location http://localhost/phpinfo.php/123/456//789/0 (notice the double slash between "456" and "789". Look for "SCRIPT_NAME". Expected value: "/phpinfo.php" Actual value: "/phpinfo.php/123/456" Look for "PATH_INFO". Expected value: "/123/456//789/0" Actual value: "/123/456/789/0" (no double slash) At least the SCRIPT_NAME issue should be fixed. PATH_INFO issue could be side-stepped by parsing REQUEST_URI in PHP code but SCRIPT_NAME has no suitable, correctly functioning replacement (I think that I have to use a hardcoded value instead of simply trusting SCRIPT_NAME because of this issue). Note that if I insert any character (but a slash) between the double slashes, these variables contain correct values again. For example http://localhost/phpinfo.php/123/456/x/789/0 $ cat /etc/issue.net Ubuntu 6.06.1 LTS $ dpkg --status libapache2-mod-php5 | grep Version Version: 5.1.2-1ubuntu3.8 I haven't checked if this problem exists in official PHP releases. I cannot think a situation where this bug causes a security problem. ** Affects: php5 (Ubuntu) Importance: Undecided Status: New -- libapache2-mod-php5: SCRIPT_NAME and PATH_INFO are incorrect if path info contains double slash https://bugs.launchpad.net/bugs/123758 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs