Possible widespread PHP configuration issue - security risk

Michael Shadle mike503 at gmail.com
Fri Aug 27 22:41:38 MSD 2010

On Fri, Aug 27, 2010 at 11:39 AM, Igor Sysoev <igor at sysoev.ru> wrote:

>  location ~ ^(?<script>.+\.php)(?<path_info>.*)$ {
>    fastcgi_pass;
>    fastcgi_param   SCRIPT_FILENAME  $script;

Doesn't this typically have the $document_root$fastcgi_script_name -
so the full system path?

Thanks for the pointers, though.

I will begin adopting this style once I check it quick and pushing it
on everyone I know...

More information about the nginx mailing list