Commit 24c5608c authored by Oliver Hader's avatar Oliver Hader Committed by Benjamin Franzke
Browse files

[BUGFIX] Correctly resolve instance script path

Calling a site using http://example.org/index.php/invalid/ leads to
~/index.php/whatever/ being used as internal script path, which causes
errors or internal side-effects.

This behavior seems to occur only on web-servers using Apache with
PHP-CGI or PHP-FPM, using PHP setting `cgi.fix_pathinfo = 1`.

In case `cgi.fix_pathinfo` is enabled, the current script name is
retrieved from `$_SERVER['SCRIPT_FILENAME']` instead.

Resolves: #97543
Releases: main, 11.5, 10.4
Change-Id: Ia5f6b705253d42d4fc409b90b21d0363c4b97974
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74504


Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Stefan Bürk's avatarStefan Bürk <stefan@buerk.tech>
Tested-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Reviewed-by: Stefan Bürk's avatarStefan Bürk <stefan@buerk.tech>
Reviewed-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
parent 7e213eaa
......@@ -349,6 +349,11 @@ class Environment
return in_array(PHP_SAPI, self::$supportedCgiServerApis, true);
}
public static function usesCgiFixPathInfo(): bool
{
return !empty(ini_get('cgi.fix_pathinfo'));
}
/**
* Returns the currently configured Environment information as array.
*
......
......@@ -269,8 +269,12 @@ class SystemEnvironmentBuilder
*/
protected static function getPathThisScriptNonCli()
{
$isCgi = Environment::isRunningOnCgiServer();
if ($isCgi && Environment::usesCgiFixPathInfo()) {
return $_SERVER['SCRIPT_FILENAME'];
}
$cgiPath = $_SERVER['ORIG_PATH_TRANSLATED'] ?? $_SERVER['PATH_TRANSLATED'] ?? '';
if ($cgiPath && Environment::isRunningOnCgiServer()) {
if ($cgiPath && $isCgi) {
return $cgiPath;
}
return $_SERVER['ORIG_SCRIPT_FILENAME'] ?? $_SERVER['SCRIPT_FILENAME'];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment