Hi.
Apparently, there's already a wiki page explaining this issue :
http://wiki.nginx.org/Pitfalls#Pass_Non-PHP_Requests_to_PHP.
And the solution is, I think, cleaner than what we wrote on this bug.
"The proper solution is to set cgi.fix_pathinfo=0 in php.ini. This
causes PHP to try the literal path given. If, for backward compatibility
reasons, you cannot change this setting you need to ensure that Nginx is
passing PHP an actual file or specifically disable PHP access to any
directory containing user uploads."
By the way, with this new element, I don't know who has to make the
work.
Is this the nginx maintainers, by adding a warning message in the
sample config files ? Or it this the php maintainers, by setting the
cgi.fix_pathinfo to 0 in the default configuration file.
Frankly, I don't know. For us, it's not a big amount of work, and it
doesn't break anything.
So it's up to you, maintainers, to make a choice on adding or not
adding any warning in the sample config files (or even in the
http://wiki.debian.org/Nginx page).
Thanks.
--
Cyril "Davromaniak" Lavier
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
