diff options
Diffstat (limited to 'sapi/cgi')
| -rw-r--r-- | sapi/cgi/cgi_main.c | 149 | ||||
| -rw-r--r-- | sapi/cgi/config9.m4 | 110 | ||||
| -rw-r--r-- | sapi/cgi/fastcgi.c | 6 | ||||
| -rw-r--r-- | sapi/cgi/tests/009.phpt | 6 |
4 files changed, 155 insertions, 116 deletions
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index fd0af132a..559ea1f46 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: cgi_main.c,v 1.267.2.15.2.40 2007/05/28 08:11:59 dmitry Exp $ */ +/* $Id: cgi_main.c,v 1.267.2.15.2.46 2007/08/08 23:51:57 stas Exp $ */ #include "php.h" #include "php_globals.h" @@ -522,16 +522,29 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC) static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC) { - unsigned int new_val_len; - char *val = SG(request_info).request_uri ? SG(request_info).request_uri : ""; + char *script_name = SG(request_info).request_uri; + unsigned int script_name_len = script_name ? strlen(script_name) : 0; + char *path_info = sapi_cgibin_getenv("PATH_INFO", sizeof("PATH_INFO")-1 TSRMLS_CC); + unsigned int path_info_len = path_info ? strlen(path_info) : 0; + unsigned int php_self_len = script_name_len + path_info_len; + char *php_self = emalloc(php_self_len + 1); + + if (script_name) { + memcpy(php_self, script_name, script_name_len + 1); + } + if (path_info) { + memcpy(php_self + script_name_len, path_info, path_info_len + 1); + } + /* In CGI mode, we consider the environment to be a part of the server * variables */ php_import_environment_variables(track_vars_array TSRMLS_CC); /* Build the special-case PHP_SELF variable for the CGI version */ - if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &val, strlen(val), &new_val_len TSRMLS_CC)) { - php_register_variable_safe("PHP_SELF", val, new_val_len, track_vars_array TSRMLS_CC); + if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &php_self, php_self_len, &php_self_len TSRMLS_CC)) { + php_register_variable_safe("PHP_SELF", php_self, php_self_len, track_vars_array TSRMLS_CC); } + efree(php_self); } static void sapi_cgi_log_message(char *message) @@ -766,7 +779,7 @@ static void init_request_info(TSRMLS_D) char *env_document_root = sapi_cgibin_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT")-1 TSRMLS_CC); if (CGIG(fix_pathinfo)) { - char *real_path; + char *real_path = NULL; char *orig_path_translated = env_path_translated; char *orig_path_info = env_path_info; char *orig_script_name = env_script_name; @@ -830,7 +843,21 @@ static void init_request_info(TSRMLS_D) if (orig_path_info != path_info) { if (orig_path_info) { + char old; + _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); + old = path_info[0]; + path_info[0] = 0; + if (!orig_script_name || + strcmp(orig_script_name, env_path_info) != 0) { + if (orig_script_name) { + _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); + } + SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_path_info TSRMLS_CC); + } else { + SG(request_info).request_uri = orig_script_name; + } + path_info[0] = old; } env_path_info = _sapi_cgibin_putenv("PATH_INFO", path_info TSRMLS_CC); } @@ -847,8 +874,7 @@ static void init_request_info(TSRMLS_D) SCRIPT_FILENAME minus SCRIPT_NAME */ - if (env_document_root) - { + if (env_document_root) { int l = strlen(env_document_root); int path_translated_len = 0; char *path_translated = NULL; @@ -860,12 +886,9 @@ static void init_request_info(TSRMLS_D) /* we have docroot, so we should have: * DOCUMENT_ROOT=/docroot * SCRIPT_FILENAME=/docroot/info.php - * - * SCRIPT_NAME is the portion of the path beyond docroot */ - env_script_name = pt + l; - /* PATH_TRANSATED = DOCUMENT_ROOT + PATH_INFO */ + /* PATH_TRANSLATED = DOCUMENT_ROOT + PATH_INFO */ path_translated_len = l + (env_path_info ? strlen(env_path_info) : 0); path_translated = (char *) emalloc(path_translated_len + 1); memcpy(path_translated, env_document_root, l); @@ -881,7 +904,7 @@ static void init_request_info(TSRMLS_D) } else if (env_script_name && strstr(pt, env_script_name) ) { - /* PATH_TRANSATED = PATH_TRANSATED - SCRIPT_NAME + PATH_INFO */ + /* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */ int ptlen = strlen(pt) - strlen(env_script_name); int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0; char *path_translated = NULL; @@ -913,35 +936,47 @@ static void init_request_info(TSRMLS_D) script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", NULL TSRMLS_CC); SG(sapi_headers).http_response_code = 404; } - if (!orig_script_name || - strcmp(orig_script_name, env_script_name) != 0) { - if (orig_script_name) { - _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); + if (!SG(request_info).request_uri) { + if (!orig_script_name || + strcmp(orig_script_name, env_script_name) != 0) { + if (orig_script_name) { + _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); + } + SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_script_name TSRMLS_CC); + } else { + SG(request_info).request_uri = orig_script_name; } - SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_script_name TSRMLS_CC); - } else { - SG(request_info).request_uri = orig_script_name; - } + } if (pt) { efree(pt); } + /* some server configurations allow '..' to slip through in the + translated path. We'll just refuse to handle such a path. */ + if (script_path_translated && !strstr(script_path_translated, "..")) { + SG(request_info).path_translated = estrdup(script_path_translated); + } } else { + if (real_path) { + script_path_translated = real_path; + } /* make sure path_info/translated are empty */ if (!orig_script_filename || - (script_path_translated != orig_script_filename) || - strcmp(script_path_translated, orig_script_filename) != 0) { + (script_path_translated != orig_script_filename && + strcmp(script_path_translated, orig_script_filename) != 0)) { if (orig_script_filename) { _sapi_cgibin_putenv("ORIG_SCRIPT_FILENAME", orig_script_filename TSRMLS_CC); } script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", script_path_translated TSRMLS_CC); } - if (orig_path_info) { - _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); - _sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC); - } - if (orig_path_translated) { - _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); - _sapi_cgibin_putenv("PATH_TRANSLATED", NULL TSRMLS_CC); + if (env_redirect_url) { + if (orig_path_info) { + _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); + _sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC); + } + if (orig_path_translated) { + _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); + _sapi_cgibin_putenv("PATH_TRANSLATED", NULL TSRMLS_CC); + } } if (env_script_name != orig_script_name) { if (orig_script_name) { @@ -951,8 +986,15 @@ static void init_request_info(TSRMLS_D) } else { SG(request_info).request_uri = env_script_name; } - } - free(real_path); + /* some server configurations allow '..' to slip through in the + translated path. We'll just refuse to handle such a path. */ + if (script_path_translated && !strstr(script_path_translated, "..")) { + SG(request_info).path_translated = estrdup(script_path_translated); + } + if (real_path) { + free(real_path); + } + } } else { #endif /* pre 4.3 behaviour, shouldn't be used but provides BC */ @@ -962,20 +1004,21 @@ static void init_request_info(TSRMLS_D) SG(request_info).request_uri = env_script_name; } #if !DISCARD_PATH - if (env_path_translated) + if (env_path_translated) { script_path_translated = env_path_translated; + } #endif + /* some server configurations allow '..' to slip through in the + translated path. We'll just refuse to handle such a path. */ + if (script_path_translated && !strstr(script_path_translated, "..")) { + SG(request_info).path_translated = estrdup(script_path_translated); + } #if ENABLE_PATHINFO_CHECK } #endif SG(request_info).request_method = sapi_cgibin_getenv("REQUEST_METHOD", sizeof("REQUEST_METHOD")-1 TSRMLS_CC); /* FIXME - Work out proto_num here */ SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC); - /* some server configurations allow '..' to slip through in the - translated path. We'll just refuse to handle such a path. */ - if (script_path_translated && !strstr(script_path_translated, "..")) { - SG(request_info).path_translated = estrdup(script_path_translated); - } SG(request_info).content_type = (content_type ? content_type : "" ); SG(request_info).content_length = (content_length ? atoi(content_length) : 0); @@ -1118,10 +1161,6 @@ int main(int argc, char *argv[]) /* end of temporary locals */ #ifdef ZTS - zend_compiler_globals *compiler_globals; - zend_executor_globals *executor_globals; - php_core_globals *core_globals; - sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif @@ -1161,6 +1200,7 @@ int main(int argc, char *argv[]) #ifdef ZTS tsrm_startup(1, 1, 0, NULL); + tsrm_ls = ts_resource(0); #endif sapi_startup(&cgi_sapi_module); @@ -1252,11 +1292,6 @@ int main(int argc, char *argv[]) php_optarg = orig_optarg; #ifdef ZTS - compiler_globals = ts_resource(compiler_globals_id); - executor_globals = ts_resource(executor_globals_id); - core_globals = ts_resource(core_globals_id); - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); SG(request_info).path_translated = NULL; #endif @@ -1682,7 +1717,9 @@ consult the installation file that came with this distribution, or visit \n\ */ retval = FAILURE; if (cgi || SG(request_info).path_translated) { - retval = php_fopen_primary_script(&file_handle TSRMLS_CC); + if (!php_check_open_basedir(SG(request_info).path_translated TSRMLS_CC)) { + retval = php_fopen_primary_script(&file_handle TSRMLS_CC); + } } /* if we are unable to open path_translated and we are not @@ -1704,9 +1741,21 @@ consult the installation file that came with this distribution, or visit \n\ goto fastcgi_request_done; } #endif + + STR_FREE(SG(request_info).path_translated); + + if (free_query_string && SG(request_info).query_string) { + free(SG(request_info).query_string); + SG(request_info).query_string = NULL; + } + php_request_shutdown((void *) 0); SG(server_context) = NULL; php_module_shutdown(TSRMLS_C); + sapi_shutdown(); +#ifdef ZTS + tsrm_shutdown(); +#endif return FAILURE; } @@ -1820,6 +1869,10 @@ fastcgi_request_done: if (bindpath) { free(bindpath); } + if (max_requests != 1) { + /* no need to return exit_status of the last request */ + exit_status = 0; + } break; } /* end of fastcgi loop */ diff --git a/sapi/cgi/config9.m4 b/sapi/cgi/config9.m4 index bd04b0cf3..26ed76618 100644 --- a/sapi/cgi/config9.m4 +++ b/sapi/cgi/config9.m4 @@ -1,61 +1,37 @@ dnl -dnl $Id: config9.m4,v 1.17.2.2.2.4 2007/05/24 23:29:59 sniper Exp $ +dnl $Id: config9.m4,v 1.17.2.2.2.6 2007/07/11 23:20:36 jani Exp $ dnl -AC_ARG_ENABLE(cgi, -[ --disable-cgi Disable building CGI version of PHP], -[ - PHP_SAPI_CGI=$enableval -],[ - PHP_SAPI_CGI=yes -]) +PHP_ARG_ENABLE(cgi,, +[ --disable-cgi Disable building CGI version of PHP], yes, no) -AC_ARG_ENABLE(force-cgi-redirect, -[ --enable-force-cgi-redirect - CGI: Enable the security check for internal server - redirects. You should use this if you are - running the CGI version with Apache], -[ - PHP_FORCE_CGI_REDIRECT=$enableval -],[ - PHP_FORCE_CGI_REDIRECT=no -]) +PHP_ARG_ENABLE(fastcgi,, +[ --enable-fastcgi CGI: Enable FastCGI support in the CGI binary], no, no) -AC_ARG_ENABLE(discard-path, -[ --enable-discard-path CGI: If this is enabled, the PHP CGI binary - can safely be placed outside of the - web tree and people will not be able - to circumvent .htaccess security], -[ - PHP_DISCARD_PATH=$enableval -],[ - PHP_DISCARD_PATH=no -]) +PHP_ARG_ENABLE(force-cgi-redirect,, +[ --enable-force-cgi-redirect + CGI: Enable security check for internal server + redirects. Use this if you run the PHP CGI with Apache], no, no) -AC_ARG_ENABLE(fastcgi, -[ --enable-fastcgi CGI: If this is enabled, the cgi module will - be built with support for fastcgi also], -[ - PHP_ENABLE_FASTCGI=$enableval -],[ - PHP_ENABLE_FASTCGI=no -]) +PHP_ARG_ENABLE(discard-path,, +[ --enable-discard-path CGI: When this is enabled the PHP CGI binary can + safely be placed outside of the web tree and people + will not be able to circumvent .htaccess security], no, no) -AC_ARG_ENABLE(path-info-check, +PHP_ARG_ENABLE(path-info-check,, [ --disable-path-info-check CGI: If this is disabled, paths such as - /info.php/test?a=b will fail to work], -[ - PHP_ENABLE_PATHINFO_CHECK=$enableval -],[ - PHP_ENABLE_PATHINFO_CHECK=yes -]) + /info.php/test?a=b will fail to work], yes, no) +dnl +dnl CGI setup +dnl if test "$PHP_SAPI" = "default"; then - AC_MSG_CHECKING(for CGI build) - if test "$PHP_SAPI_CGI" != "no"; then + AC_MSG_CHECKING(whether to build CGI binary) + if test "$PHP_CGI" != "no"; then AC_MSG_RESULT(yes) - PHP_ADD_MAKEFILE_FRAGMENT($abs_srcdir/sapi/cgi/Makefile.frag) + + dnl Set filename case $host_alias in *cygwin* ) SAPI_CGI_PATH=sapi/cgi/php-cgi.exe @@ -66,16 +42,29 @@ if test "$PHP_SAPI" = "default"; then esac PHP_SUBST(SAPI_CGI_PATH) + dnl --enable-fastcgi + AC_MSG_CHECKING(whether to enable fastcgi support) + if test "$PHP_FASTCGI" = "yes"; then + PHP_ENABLE_FASTCGI=1 + PHP_FCGI_FILES="fastcgi.c" + else + PHP_ENABLE_FASTCGI=0 + PHP_FCGI_FILES= + fi + AC_DEFINE_UNQUOTED(PHP_FASTCGI, $PHP_ENABLE_FASTCGI, [ ]) + AC_MSG_RESULT($PHP_FASTCGI) + + dnl --enable-force-cgi-redirect AC_MSG_CHECKING(whether to force Apache CGI redirect) if test "$PHP_FORCE_CGI_REDIRECT" = "yes"; then - REDIRECT=1 + CGI_REDIRECT=1 else - REDIRECT=0 + CGI_REDIRECT=0 fi - AC_DEFINE_UNQUOTED(FORCE_CGI_REDIRECT,$REDIRECT,[ ]) + AC_DEFINE_UNQUOTED(FORCE_CGI_REDIRECT, $CGI_REDIRECT, [ ]) AC_MSG_RESULT($PHP_FORCE_CGI_REDIRECT) - + dnl --enable-discard-path AC_MSG_CHECKING(whether to discard path_info + path_translated) if test "$PHP_DISCARD_PATH" = "yes"; then DISCARD_PATH=1 @@ -85,28 +74,19 @@ if test "$PHP_SAPI" = "default"; then AC_DEFINE_UNQUOTED(DISCARD_PATH, $DISCARD_PATH, [ ]) AC_MSG_RESULT($PHP_DISCARD_PATH) + dnl --enable-path-info-check AC_MSG_CHECKING(whether to enable path info checking) - if test "$PHP_ENABLE_PATHINFO_CHECK" = "yes"; then + if test "$PHP_PATH_INFO_CHECK" = "yes"; then ENABLE_PATHINFO_CHECK=1 else ENABLE_PATHINFO_CHECK=0 fi AC_DEFINE_UNQUOTED(ENABLE_PATHINFO_CHECK, $ENABLE_PATHINFO_CHECK, [ ]) - AC_MSG_RESULT($PHP_ENABLE_PATHINFO_CHECK) - - AC_MSG_CHECKING(whether to enable fastcgi support) - if test "$PHP_ENABLE_FASTCGI" = "yes"; then - PHP_FASTCGI=1 - PHP_FCGI_FILES="fastcgi.c" - else - PHP_FASTCGI=0 - PHP_FCGI_FILES="" - fi - AC_DEFINE_UNQUOTED(PHP_FASTCGI, $PHP_FASTCGI, [ ]) - AC_MSG_RESULT($PHP_ENABLE_FASTCGI) + AC_MSG_RESULT($PHP_PATH_INFO_CHECK) + dnl Set install target and select SAPI INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)" - PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c, , '$(SAPI_CGI_PATH)') + PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c,, '$(SAPI_CGI_PATH)') case $host_alias in *aix*) @@ -122,7 +102,7 @@ if test "$PHP_SAPI" = "default"; then PHP_SUBST(BUILD_CGI) - elif test "$PHP_SAPI_CLI" != "no"; then + elif test "$PHP_CLI" != "no"; then AC_MSG_RESULT(no) OVERALL_TARGET= PHP_SAPI=cli diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c index a0064888f..143b35e69 100644 --- a/sapi/cgi/fastcgi.c +++ b/sapi/cgi/fastcgi.c @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fastcgi.c,v 1.4.2.13.2.26 2007/05/21 09:08:13 dmitry Exp $ */ +/* $Id: fastcgi.c,v 1.4.2.13.2.27 2007/07/09 11:48:39 dmitry Exp $ */ #include "php.h" #include "fastcgi.h" @@ -927,7 +927,11 @@ int fcgi_accept_request(fcgi_request *req) } } +#ifdef _WIN32 if (req->fd < 0 && (in_shutdown || errno != EINTR)) { +#else + if (req->fd < 0 && (in_shutdown || (errno != EINTR && errno != ECONNABORTED))) { +#endif return -1; } diff --git a/sapi/cgi/tests/009.phpt b/sapi/cgi/tests/009.phpt index c92fc87a8..1c429ac19 100644 --- a/sapi/cgi/tests/009.phpt +++ b/sapi/cgi/tests/009.phpt @@ -14,11 +14,13 @@ $f = tempnam(sys_get_temp_dir(), 'cgitest'); putenv("TRANSLATED_PATH=".$f."/x"); putenv("SCRIPT_FILENAME=".$f."/x"); -file_put_contents($f, '<?php var_dump($_SERVER["TRANSLATED_PATH"]); '); +file_put_contents($f, '<?php var_dump($_SERVER["TRANSLATED_PATH"]); ?>'); -echo (`$php $f`); +echo (`$php -n $f`); echo "Done\n"; + +@unlink($f); ?> --EXPECTF-- X-Powered-By: PHP/%s |