Skip to content

Commit

Permalink
MDL-51554 Files: Fix broken file serving under Apache + PHP-FPM
Browse files Browse the repository at this point in the history
  • Loading branch information
scara committed Oct 16, 2015
1 parent 1b7bf43 commit 3b1a3ab
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions lib/setuplib.php
Original file line number Diff line number Diff line change
Expand Up @@ -951,6 +951,29 @@ function setup_get_remote_url() {
//Apache server
$rurl['fullpath'] = $_SERVER['REQUEST_URI'];

// Fixing a known issue with:
// - Apache versions lesser than 2.4.11
// - PHP deployed in Apache as PHP-FPM via mod_proxy_fcgi
// - PHP versions lesser than 5.6.3 and 5.5.18.
if (isset($_SERVER['PATH_INFO']) && (php_sapi_name() === 'fpm-fcgi') && isset($_SERVER['SCRIPT_NAME'])) {
$pathinfodec = rawurldecode($_SERVER['PATH_INFO']);
$lenneedle = strlen($pathinfodec);
// Checks whether SCRIPT_NAME ends with PATH_INFO, URL-decoded.
if (substr($_SERVER['SCRIPT_NAME'], -$lenneedle) === $pathinfodec) {
// This is the "Apache 2.4.10- running PHP-FPM via mod_proxy_fcgi" fingerprint,
// at least on CentOS 7 (Apache/2.4.6 PHP/5.4.16) and Ubuntu 14.04 (Apache/2.4.7 PHP/5.5.9)
// => SCRIPT_NAME contains 'slash arguments' data too, which is wrongly exposed via PATH_INFO as URL-encoded.
// Fix both $_SERVER['PATH_INFO'] and $_SERVER['SCRIPT_NAME'].
$lenhaystack = strlen($_SERVER['SCRIPT_NAME']);
$pos = $lenhaystack - $lenneedle;
// Here $pos is greater than 0 but let's double check it.
if ($pos > 0) {
$_SERVER['PATH_INFO'] = $pathinfodec;
$_SERVER['SCRIPT_NAME'] = substr($_SERVER['SCRIPT_NAME'], 0, $pos);
}
}
}

} else if (stripos($_SERVER['SERVER_SOFTWARE'], 'iis') !== false) {
//IIS - needs a lot of tweaking to make it work
$rurl['fullpath'] = $_SERVER['SCRIPT_NAME'];
Expand Down

0 comments on commit 3b1a3ab

Please sign in to comment.