Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

FPM with httpd ProxyPass does not decode script path #17645

Open
bukka opened this issue Jan 30, 2025 · 0 comments
Open

FPM with httpd ProxyPass does not decode script path #17645

bukka opened this issue Jan 30, 2025 · 0 comments
Labels
Bug SAPI: fpm

Comments

@bukka
Copy link
Member

bukka commented Jan 30, 2025

Description

This makes ProxyPass and ProxyPassMatch inconsistent from SetHandler as well as usual nginx setup where script path is decoded.

If space file.php is:

<?php
echo 1;

Then curl 'http://localhost:8521/space%20file.php results in 404. This is because the path is not decoded like it's done for other setups.

This is kind of known issue but the inconsistency wasn't considered before and it really doesn't make much sense not to decode and it really seems like a bug for users. To be super safe we could consider fallback to the decoded path but it seems quite unlikely that anyone would rely on this.

It seems to me that people really use SetHandler more so similar issue there has been reported for ProxyPass I guess that its users probably just use normal file paths without special characters.

PHP Version

PHP 8.3+

Operating System

Linux
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Bug SAPI: fpm
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bukka