Welcome! Log In Create A New Profile

Advanced

php_info - fastcgi_split_path_info - Not does not work

Posted by edisoti 
php_info - fastcgi_split_path_info - Not does not work
October 20, 2011 02:21PM
I am having trouble setting the PATH_INFO

I want accessing thus:
http://www.examples.com/test.php/images/test/000001

LOGS
2011/10/20 15:54:51 [error] 76110#0: *1 open() "/var/www1/examples.com/test.php/dddd/eeee" failed (20: Not a directory), client: 200.12.10.92, server: examples.com, request: "GET /test.php/dddd/eeee HTTP/1.1", host: "www.examples.com"



Edited 1 time(s). Last edit at 10/20/2011 02:27PM by edisoti.
Attachments:
open | download - nginx.conf (842 bytes)
open | download - fastcgi_params (1.2 KB)
open | download - examples.com.conf (705 bytes)
RVN
Re: php_info - fastcgi_split_path_info - Not does not work
October 21, 2011 08:27PM
By any chance did you try changing:

location ~ ^.+\.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass unix:/tmp/php.socket;
}

to remove the $ from .php$? so it reads:

location ~ ^.+\.php {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass unix:/tmp/php.socket;
}


I tried a setup like your and a bunch of variations and couldnt get it to work... Curious whether it works for you... My post with similar issue... http://forum.nginx.org/read.php?11,217039
Re: php_info - fastcgi_split_path_info - Not does not work
October 23, 2011 05:54AM
RVN Wrote:
-------------------------------------------------------
> By any chance did you try changing:
>
> location ~ ^.+\.php$ {
> include
> fastcgi_params;
> fastcgi_intercept_errors
> on;
> fastcgi_pass
> unix:/tmp/php.socket;
> }
>
> to remove the $ from .php$?

It's all subject to infamous vulnerabilty when a user can just access URLs like "/path/to/image.jpg/test/test.php/more/to/it", where "image.jpg" may be served as a PHP script, depending on the configuration and the site. This can turn into an exploit if a user has the rights to upload image files like image.jpg that would contain malicious PHP code, and then link to it in the above way. This is unless "cgi.fix_pathinfo = 0" is specified in php.ini. More on vulnerability issue:

http://forum.nginx.org/read.php?2,88845,88996

In general, it's better not to rely on PATH_INFO. If it's required by some older scripts, however, the following is a more secure option:

http://forum.nginx.org/read.php?11,217039

Andrejs



Edited 2 time(s). Last edit at 10/23/2011 05:55AM by locojohn.
Re: php_info - fastcgi_split_path_info - Not does not work
October 23, 2011 07:39AM
Not solved!

:(
Re: php_info - fastcgi_split_path_info - Not does not work
October 23, 2011 07:58AM
Resolved!


I just changed it

...
location ~ ^.+\.php {
....

`

the restange was the same way!

:)
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 178
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready