Hi,
I am using PHP-FPM with Nginx. PHP-FPM seems to execute any arbitrary file with a URL constructed like this:
http://basschat.co.uk/favicon.ico/.php
http://php-fpm.org/images/php-fastcgi.png/.php
Does PHP-FPM strip off trailing directories until it finds a file that exists?
We were bitten by this when a user uploaded an image with embedded code. I know we should have stopped code from running in this directory, but I was under the assumption that PHP-FPM just executes files that exist!
Here is my Nginx config:
location ~ .php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass backend;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
Many thanks,
Ben