Passing Uncontrolled Requests to PHP

Grant emailgrant at gmail.com
Thu Feb 13 16:44:34 UTC 2014 

Does the wiki example mitigate the "Passing Uncontrolled Requests to PHP" risk?

        location ~ [^/]\.php(/|$) {
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                        return 404;
                }

                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include fastcgi_params;
        }

http://wiki.nginx.org/PHPFcgiExample

http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP

If not, I'd like to update it.

- Grant

More information about the nginx mailing list