libapache2-mod-php5: SCRIPT_NAME and PATH_INFO are incorrect if path info contains double slash
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| php5 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: libapache2-mod-php5
To reproduce:
Put a phpinfo.php with following contents in the server www root:
<?php header(
The location of the PHP script must have Apache setting "AcceptPathInfo On", but if I've understood correctly, this is the default configuration.
Open location http://
(notice the double slash between "456" and "789".
Look for "SCRIPT_NAME".
Expected value: "/phpinfo.php"
Actual value: "/phpinfo.
Look for "PATH_INFO".
Expected value: "/123/456//789/0"
Actual value: "/123/456/789/0" (no double slash)
At least the SCRIPT_NAME issue should be fixed. PATH_INFO issue could be side-stepped by parsing REQUEST_URI in PHP code but SCRIPT_NAME has no suitable, correctly functioning replacement (I think that I have to use a hardcoded value instead of simply trusting SCRIPT_NAME because of this issue).
Note that if I insert any character (but a slash) between the double slashes, these variables contain correct values again. For example http://
$ cat /etc/issue.net
Ubuntu 6.06.1 LTS
$ dpkg --status libapache2-mod-php5 | grep Version
Version: 5.1.2-1ubuntu3.8
I haven't checked if this problem exists in official PHP releases.
I cannot think a situation where this bug causes a security problem.
| Rick Clark (dendrobates) wrote | #1 |
| Changed in php5: | |
| status: | New → Invalid |
Thanks for taking the time to report this bug and helping to make Ubuntu better. However, I am closing it because the SCRIPT_NAME bug has been fixed in the latest development version of Ubuntu - the Gutsy Gibbon. It won't be fixed in previous versions of Ubuntu because the bug doesn't fit requirements for backporting. See [WWW] https:/
The PATH_INFO variable, is an upstream design decision. This should be worked around in the method you specified below.