From 19cc1b1839cc6611d619405825a584ca1a71acfe Mon Sep 17 00:00:00 2001 From: Matteo Scaramuccia Date: Fri, 25 Sep 2015 03:07:49 +0200 Subject: [PATCH] MDL-51554 Files: Fix broken file serving under Apache + PHP-FPM --- lib/setuplib.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/lib/setuplib.php b/lib/setuplib.php index 954ab6fe645aa..70e1e2b1b3e6e 100644 --- a/lib/setuplib.php +++ b/lib/setuplib.php @@ -951,6 +951,29 @@ function setup_get_remote_url() { //Apache server $rurl['fullpath'] = $_SERVER['REQUEST_URI']; + // Fixing a known issue with: + // - Apache versions lesser than 2.4.11 + // - PHP deployed in Apache as PHP-FPM via mod_proxy_fcgi + // - PHP versions lesser than 5.6.3 and 5.5.18. + if (isset($_SERVER['PATH_INFO']) && (php_sapi_name() === 'fpm-fcgi') && isset($_SERVER['SCRIPT_NAME'])) { + $pathinfodec = rawurldecode($_SERVER['PATH_INFO']); + $lenneedle = strlen($pathinfodec); + // Checks whether SCRIPT_NAME ends with PATH_INFO, URL-decoded. + if (substr($_SERVER['SCRIPT_NAME'], -$lenneedle) === $pathinfodec) { + // This is the "Apache 2.4.10- running PHP-FPM via mod_proxy_fcgi" fingerprint, + // at least on CentOS 7 (Apache/2.4.6 PHP/5.4.16) and Ubuntu 14.04 (Apache/2.4.7 PHP/5.5.9) + // => SCRIPT_NAME contains 'slash arguments' data too, which is wrongly exposed via PATH_INFO as URL-encoded. + // Fix both $_SERVER['PATH_INFO'] and $_SERVER['SCRIPT_NAME']. + $lenhaystack = strlen($_SERVER['SCRIPT_NAME']); + $pos = $lenhaystack - $lenneedle; + // Here $pos is greater than 0 but let's double check it. + if ($pos > 0) { + $_SERVER['PATH_INFO'] = $pathinfodec; + $_SERVER['SCRIPT_NAME'] = substr($_SERVER['SCRIPT_NAME'], 0, $pos); + } + } + } + } else if (stripos($_SERVER['SERVER_SOFTWARE'], 'iis') !== false) { //IIS - needs a lot of tweaking to make it work $rurl['fullpath'] = $_SERVER['SCRIPT_NAME'];