Possible widespread PHP configuration issue - security risk

[Michael Shadle]

On Fri, Aug 27, 2010 at 11:39 AM, Igor Sysoev <igor at sysoev.ru> wrote:

>  location ~ ^(?<script>.+\.php)(?<path_info>.*)$ {
>    fastcgi_pass 127.0.0.1:11000;
>    fastcgi_param   SCRIPT_FILENAME  $script;

Doesn't this typically have the $document_root$fastcgi_script_name -
so the full system path?

Thanks for the pointers, though.

I will begin adopting this style once I check it quick and pushing it
on everyone I know...