Possible widespread PHP configuration issue - security risk

Michael Shadle mike503 at gmail.com
Fri Aug 27 22:06:00 MSD 2010

Let's stop debating and start with a clean fix. It sounds like this is
all that is needed. Anyone want to verify?

php config:

then just make sure nginx splits the path info for you in case your
app needs it with fastcgi_split_path_info:
location ~ \.php$ {
   include fastcgi_params;
   fastcgi_split_path_info ^(.+\.php)(.*)$; # just throw this in
fastcgi_params too, then!

Is this the right solution? Yes or no?

More information about the nginx mailing list