ID: 48695
Comment by: sriram dot natarajan at gmail dot com
Reported By: allerlei+bugs dot php dot net at sihw dot nl
Status: Open
Bug Type: CGI related
Operating System: Centos 4/5
PHP Version: 5.2.10
New Comment:
ok, i compiled cgiwrap 4.1 with the following settings.
./configure
'--with-php=/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
'--with-httpd-user=sriramn' '--with-php-cgiwrap'
'--with-install-dir=/export/home/sriramn/sun/httpd22/cgi-bin'
'--with-install-group=staff' --with-cgiwrapd --with-php-interpreter
Initializing Logging
Redirecting STDERR to STDOUT
Setting SIGXCPU to default behaviour
Environment Variables:
QUERY_STRING: ''
SCRIPT_NAME: '/cgi-bin/php-cgiwrapd'
SCRIPT_FILENAME:
'/export/home/sriramn/sun/httpd22/cgi-bin/php-cgiwrapd'
REDIRECT_URL: '/php-cgi/cgi-info.php'
PATH_INFO: '/sriramn/php-cgi/cgi-info.php'
PATH_TRANSLATED:
'/export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php'
REMOTE_USER: '<NULL>'
REMOTE_HOST: '<NULL>'
REMOTE_ADDR: '127.0.0.1'
Trying to extract user from PATH_INFO.
Retrieved User Name: 'sriramn'
User Data Retrieved:
UserID: 'sriramn'
UID: '101'
GID: '10'
Home Dir: '/export/home/sriramn'
Checking user minimum uid.
Script Base Directory: '/export/home/sriramn/public_html/cgi-bin'
Fetching script string
Trying to extract script from PATH_INFO
Extracted PATH_INFO '/php-cgi/cgi-info.php'
Building script path
Condensing slashes.
Script Relative Path: 'php-cgi/cgi-info.php'
Script Absolute Path:
'/export/home/sriramn/public_html/cgi-bin/php-cgi/cgi-info.php'
Checking for special interpreted script (php).
Interpreter Path:
'/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
Fixing Environment Variables.
Environment Variables:
QUERY_STRING: ''
SCRIPT_NAME:
'/cgi-bin/php-cgiwrapd/sriramn/php-cgi/cgi-info.php'
SCRIPT_FILENAME:
'/export/home/sriramn/public_html/cgi-bin/php-cgi/cgi-info.php'
REDIRECT_URL: '/php-cgi/cgi-info.php'
PATH_INFO: '<NULL>'
PATH_TRANSLATED:
'/export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php'
REMOTE_USER: '<NULL>'
REMOTE_HOST: '<NULL>'
REMOTE_ADDR: '127.0.0.1'
UIDs/GIDs Changed To:
RUID: '101'
EUID: '101'
RGID: '10'
EGID: '10'
Changing current directory to
'/export/home/sriramn/public_html/cgi-bin/php-cgi'
Executing: '/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
Arguments:
0: '/export/home/sriramn/sun/httpd22/cgi-bin/php-cgi.5210'
1: 'cgi-info.php'
Output of script follows:
=====================================================
X-Powered-By: PHP/5.2.10
Content-type: text/html
server software Apache/2.2.11 (Unix)
script name /php-cgi/cgi-info.php
script filename
/export/home/sriramn/sun/httpd22/htdocs/sriramn/php-cgi/cgi-info.php
path info
path translated
redirect uri
redirect url/php-cgi/cgi-info.php
self uri is /php-cgi/cgi-info.php
and php 5.2.10 seem to be returning the right output.
what configuration am i missing ?
fyi, here is how my apache conf looks ..
AddHandler cgi-wrapper .php
AddHandler cgi-wrapper .cgi
Action cgi-wrapper /cgi-bin/php-cgiwrapd/sriramn
what am I missing here ?
i will also hook up SuEXEC and see if I can reproduce that way..
Previous Comments:
------------------------------------------------------------------------
[2009-07-02 14:19:51] allerlei+bugs dot php dot net at sihw dot nl
Probably not easy to reproduce without a wrapper like cgiwrap. I did
not get suexec to work, but if you have an install with suexec handling
php-cgi succesfully, that might work.
Here are the $_SERVER values on my test system with apache. This uses
/spinwebstartscript/startscript/php/USERNAME as a handler for php files.
So the file test.php will be called through the handler
/spinwebstartscript/startscript/php/USERNAME/test.php.
Weird thing is that phpinfo() reports the SCRIPT_NAME environment var
differently. Propably this is after some transformation in the php
process, because the only thing different in the two configurations is
the php version.
The interesting value is SCRIPT_NAME.
This is $_SERVER on 5.2.8:
[REDIRECT_SCRIPT_URL] => /test.php
[REDIRECT_SCRIPT_URI] => http://wensweb/test.php
[REDIRECT_HANDLER] => startscript_php
[REDIRECT_STATUS] => 200
[SCRIPT_URL] => /test.php
[SCRIPT_URI] => http://wensweb/test.php
[HTTP_HOST] => wensweb
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 6.0; nl;
rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
[HTTP_ACCEPT] =>
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => nl-nl,en;q=0.7,fr;q=0.3
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_CHARSET] => UTF-8,*
[HTTP_KEEP_ALIVE] => 300
[HTTP_CONNECTION] => keep-alive
[HTTP_CACHE_CONTROL] => max-age=0
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => wensweb
[SERVER_ADDR] => 192.168.0.10
[SERVER_PORT] => 80
[REMOTE_ADDR] => 192.168.0.3
[DOCUMENT_ROOT] => /home/pakket/wensweb/web
[SERVER_ADMIN] => webmas...@wensweb.spinvis
[SCRIPT_FILENAME] => /home/pakket/wensweb/web/test.php
[REMOTE_PORT] => 55426
[REDIRECT_URL] => /test.php
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /test.php
[SCRIPT_NAME] => /test.php
[ORIG_PATH_INFO] =>
[ORIG_PATH_TRANSLATED] => /home/pakket/wensweb/web/test.php
[ORIG_SCRIPT_NAME] =>
/spinwebstartscript/startscript/wensweb/php/test.php
[PHP_SELF] => /test.php
[REQUEST_TIME] => 1246544056
And this is $SERVER on 5.2.10:
[REDIRECT_SCRIPT_URL] => /test.php
[REDIRECT_SCRIPT_URI] => http://wensweb/test.php
[REDIRECT_HANDLER] => startscript_php
[REDIRECT_STATUS] => 200
[SCRIPT_URL] => /test.php
[SCRIPT_URI] => http://wensweb/test.php
[HTTP_HOST] => wensweb
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 6.0; nl;
rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
[HTTP_ACCEPT] =>
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => nl-nl,en;q=0.7,fr;q=0.3
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_CHARSET] => UTF-8,*
[HTTP_KEEP_ALIVE] => 300
[HTTP_CONNECTION] => keep-alive
[HTTP_CACHE_CONTROL] => max-age=0
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => wensweb
[SERVER_ADDR] => 192.168.0.10
[SERVER_PORT] => 80
[REMOTE_ADDR] => 192.168.0.3
[DOCUMENT_ROOT] => /home/pakket/wensweb/web
[SERVER_ADMIN] => webmas...@wensweb.spinvis
[SCRIPT_FILENAME] => /home/pakket/wensweb/web/test.php
[REMOTE_PORT] => 55464
[REDIRECT_URL] => /test.php
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /test.php
[SCRIPT_NAME] =>
/spinwebstartscript/startscript/wensweb/php/test.php
[ORIG_PATH_INFO] =>
[ORIG_PATH_TRANSLATED] => /home/pakket/wensweb/web/test.php
[PHP_SELF] => /spinwebstartscript/startscript/wensweb/php/test.php
[REQUEST_TIME] => 1246544340
Thanks, Jelmer
------------------------------------------------------------------------
[2009-07-02 13:33:12] sriram dot natarajan at gmail dot com
what configuration do i need to set in apache to reproduce this ?
------------------------------------------------------------------------
[2009-07-02 07:42:01] allerlei+bugs dot php dot net at sihw dot nl
Yes. This is what happened in 5.2.10. PHP_SELF and SCRIPT_FILENAME
changed in respect to 5.2.8. (Sorry, I skipped 5.2.9). I installed
5.2.10 but had to rebuild 5.2.8 because of the PHP_SELF troubles.
This happens when some process (in my case an external handler
executable that starts php under the UID of the virtual web site, but if
would take a look at suexec as well) juggles with SCRIPT_NAME,
ORIG_SCRIPTNAME etcetera.
By the way: I am not saying one way is better than the other. PHP_SELF
should reflect the url the client needs to call the same script again
(right?). So maybe the way those cgi wrappers change the cgi environment
should be changed. The "startscript" executable I use company wide uses
the same logic for building ORIG_SCRIPTNAME etcetera as the old cgiwrap
code it is slightly based on.
But: this looks to me as a big change for a minor version number
update. I would expect the same external behaviour between versions
numbers that differ only behind the second dot.
Maybe we should get it straight which environment variables php-cgi
uses to create PHP_SELF and friends.
If you need any more information, please tell me. (I am going to be on
a holiday soon, but will be back...).
Thanks,
Jelmer Jellema
------------------------------------------------------------------------
[2009-07-02 04:29:19] sriram dot natarajan at gmail dot com
have you tried this issue with recent php 5.2.10 . r u able to
reproduce
this with 5.2.10 as well ?
------------------------------------------------------------------------
[2009-06-25 14:22:35] allerlei+bugs dot php dot net at sihw dot nl
Description:
------------
Bug #47625 was closed as bogus (because it would be the same as bug
#47042) but it is not. In version 5.2.10 at least, PHP_SELF and
SCRIPT_FILENAME are set based on the ORIG_SCRIPTNAME, while in version
5.2.8 these are based on SCRIPT_NAME.
So bug #47042 fixes some bug, but introduces a new one. Therefore this
is not a duplicate bug. It is not bogus because the values of PHP_SELF
etc changed betwoon 5.2.10 without this being part of the specification
for 5.2.10. It breaks a lot of code on my systems, including phpmyadmin
and joomla.
Problem is that PHP_SELF should refer to the URL before the internal
redirect or external handler. This is a problematic requirement because
of all the jugling with SCRIPTNAME and ORIG_SCRIPTNAME, but bug #47625
described the bug exactly. The problem might me in the naming: handlers
put the redirection into ORIG_SCRIPTNAME and the original path in
SCRIPTNAME.
I use a handler called startscript that is called with some pathinfo
like /../startscript/php/myuser/path/to/script/.
So the path
/centraal/scripts/info.php
when called from a vsite owned by user jelmer, is rewritten to
/usr/bin/startscript/php/jelmer/scripts/info.php
but PHP_SELF should remain /centraal/scripts/info.php
Thank you for your thougths,
Jelmer
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=48695&edit=1
