nginx 0day exploit for nginx + fastcgi PHP
mike503 at gmail.com
Sat May 22 05:31:08 MSD 2010
Yeah I've always had it set to 1 too. I think fastcgi_split_path_info
may be able to bridge the gap perhaps.
On May 21, 2010, at 6:17 PM, Grzegorz Sienko <staff at krecio.pl> wrote:
>> From php.ini
> ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME,
> and to not grok
> ; what PATH_INFO is. For more information on PATH_INFO, see the cgi
> specs. Setting
> ; this to 1 will cause PHP CGI to fix it's paths to conform to the
> spec. A setting
> ; of zero causes PHP to behave as before. Default is 1. You should
> fix your scripts
> ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
> 2010/5/22 Cliff Wells <cliff at develix.com>:
>> On Fri, 2010-05-21 at 10:48 -0700, Michael Shadle wrote:
>>> Default is zero.
>> I can't find a single installation of PHP (amongst about 35 virtual
>> servers I checked) where this option isn't commented out (so
>> to 0).
>> Is there some widely-used PHP application that requires this be on?
>> nginx mailing list
>> nginx at nginx.org
> nginx mailing list
> nginx at nginx.org
More information about the nginx