nginx 0day exploit for nginx + fastcgi PHP
Cliff Wells
cliff at develix.com
Sat May 22 06:38:35 MSD 2010
I can't even set this on PHP 5.1.6 or it won't start... PHP is a bit of
crap, isn't it?
Cliff
On Sat, 2010-05-22 at 03:17 +0200, Grzegorz Sienko wrote:
> >From php.ini
>
> ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME,
> and to not grok
> ; what PATH_INFO is. For more information on PATH_INFO, see the cgi
> specs. Setting
> ; this to 1 will cause PHP CGI to fix it's paths to conform to the
> spec. A setting
> ; of zero causes PHP to behave as before. Default is 1. You should
> fix your scripts
> ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
> cgi.fix_pathinfo=1
>
>
> 2010/5/22 Cliff Wells <cliff at develix.com>:
> > On Fri, 2010-05-21 at 10:48 -0700, Michael Shadle wrote:
> >> Default is zero.
> >
> > Indeed.
> >
> > I can't find a single installation of PHP (amongst about 35 virtual
> > servers I checked) where this option isn't commented out (so defaulting
> > to 0).
> >
> > Is there some widely-used PHP application that requires this be on?
> >
> > Cliff
> >
> > --
> >
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://nginx.org/mailman/listinfo/nginx
> >
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
--
More information about the nginx
mailing list