summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_php_sapi.c (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2023-11-15PHP: Fix a possible file-pointer leak.Andrew Clayton1-0/+2
In nxt_php_execute() it is possible we could bail out before cleaning up the FILE * representing the PHP script to execute. At this point we only need to call fclose(3) on it. We could have possibly moved the opening of this file to later in the function, but it is probably good to bail out as early as possible if we can't open it. This was found by Coverity. Fixes: bebc03c72 ("PHP: Implement better error handling.") Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-04-11PHP: Make the filter_input() function work.Andrew Clayton1-3/+12
On GitHub, @jamesRUS52 reported that the PHP filter_input()[0] function would just return NULL. To enable this function we need to run the variables through the sapi_module.input_filter() function when we call php_register_variable_safe(). In PHP versions prior to 7.0.0, input_filter() takes 'len' as an unsigned int, while later versions take it as a size_t. Now, with this commit and the following PHP <?php var_dump(filter_input(INPUT_SERVER, 'REMOTE_ADDR')); var_dump(filter_input(INPUT_SERVER, 'REQUEST_URI')); var_dump(filter_input(INPUT_GET, 'get', FILTER_SANITIZE_SPECIAL_CHARS)); ?> you get $ curl 'http://localhost:8080/854.php?get=foo<>' string(3) "::1" string(18) "/854.php?get=foo<>" string(13) "foo&#60;&#62;" [0]: <https://www.php.net/manual/en/function.filter-input.php> Tested-by: <https://github.com/jamesRUS52> Closes: <https://github.com/nginx/unit/issues/854> Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-01-27PHP: Implement better error handling.Andrew Clayton1-5/+40
Previously the PHP module would produce one of four status codes 200 OK 301 Moved Permanently 500 Internal Server Error 503 Service Unavailable 200 for successful requests, 301 for cases where the url was a directory without a trailing '/', 500 for bad PHP or non-existing PHP file and 503 for all other errors. With this commit we now handle missing files and directories, returning 404 Not Found and files and directories that don't allow access, returning 403 Forbidden. We do these checks in two places, when we check if we should do a directory redirect (bar -> bar/) and in the nxt_php_execute() function. One snag with the latter is that the php_execute_script() function only returns success/failure (no reason). However while it took a zend_file_handle structure with the filename of the script to run, we can instead pass through an already opened file-pointer (FILE *) via that structure. So we can try opening the script ourselves and do the required checks before calling php_execute_script(). We also make use of the zend_stream_init_fp() function that initialises the zend_file_handle structure if it's available otherwise we use our own version. This is good because the zend_file_handle structure has changed over time and the zend_stream_init_fp() function should change with it. Closes: <https://github.com/nginx/unit/issues/767> Reviewed-by: Alejandro Colomar <alx@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-01-27PHP: Simplify ctx->script_filename.start in nxt_php_execute().Andrew Clayton1-4/+5
Create a const char *filename variable to hold ctx->script_filename.start, which is a much more manageable name and will negate the need for any more casting in the following commit when we switch to using a FILE * instead of a filename in php_execute_script(). Reviewed-by: Alejandro Colomar <alx@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-01-27PHP: Make use of zend_stream_init_filename().Andrew Clayton1-6/+6
Where possible make use of the zend_stream_init_filename() function introduced in PHP 7.4. This is essentially a preparatory patch for switching to using an already opened file-pointer in nxt_php_execute(). While wrapping this new code in a PHP version check with a fallback to our own function is perhaps slightly overkill, it does reduce the diff of the commit that switches to a FILE *. Reviewed-by: Alejandro Colomar <alx@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-01-27PHP: Factored out code into a helper function.Alejandro Colomar1-10/+19
We're going to use zend_stream_init_filename in a following commit. To reduce the diff of that change, move the current code that will be replaced, to a function that has the same interface. We use strlen(3) here to be able to use an interface without passing the length, but we will remove that call in a following code, so it has no performance issues. Co-developed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-01-12PHP: Fix a potential problem parsing the path.Andrew Clayton1-1/+2
@dward on GitHub reported an issue with a URL like http://foo.bar/test.php?blah=test.php/foo where we would end up trying to run the script test.php?blah=test.php In the PHP module the format 'file.php/' is treated as a special case in nxt_php_dynamic_request() where we check the _path_ part of the url for the string '.php/'. The problem is that the path actually also contains the query string, thus we were finding 'test.php/' in the above URL and treating that whole path as the script to run. The fix is simple, replace the strstr(3) with a memmem(3), where we can limit the amount of path we use for the check. The trick here and what is not obvious from the code is that while path.start points to the whole path including the query string, path.length only contains the length of the _path_ part. NOTE: memmem(3) is a GNU extension and is neither specified by POSIX or ISO C, however it is available on a number of other systems, including: FreeBSD, OpenBSD, NetBSD, illumos, and macOS. If it comes to it we can implement a simple alternative for systems which lack memmem(3). This also adds a test case (provided by @dward) to cover this. Closes: <https://github.com/nginx/unit/issues/781> Cc: Andrei Zeliankou <zelenkov@nginx.com> Reviewed-by: Alejandro Colomar <alx@nginx.com> Reviewed-by: Andrei Zeliankou <zelenkov@nginx.com> [test] Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-11-07PHP: Fix a potential problem parsing the path.Andrew Clayton1-1/+2
@dward on GitHub reported an issue with a URL like http://foo.bar/test.php?blah=test.php/foo where we would end up trying to run the script test.php?blah=test.php In the PHP module the format 'file.php/' is treated as a special case in nxt_php_dynamic_request() where we check the _path_ part of the url for the string '.php/'. The problem is that the path actually also contains the query string, thus we were finding 'test.php/' in the above URL and treating that whole path as the script to run. The fix is simple, replace the strstr(3) with a memmem(3), where we can limit the amount of path we use for the check. The trick here and what is not obvious from the code is that while path.start points to the whole path including the query string, path.length only contains the length of the _path_ part. NOTE: memmem(3) is a GNU extension and is neither specified by POSIX or ISO C, however it is available on a number of other systems, including: FreeBSD, OpenBSD, NetBSD, illumos, and macOS. If it comes to it we can implement a simple alternative for systems which lack memmem(3). This also adds a test case (provided by @dward) to cover this. Closes: <https://github.com/nginx/unit/issues/781> Cc: Andrei Zeliankou <zelenkov@nginx.com> Reviewed-by: Alejandro Colomar <alx@nginx.com> Reviewed-by: Andrei Zeliankou <zelenkov@nginx.com> [test] Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-11-04Removed the unsafe nxt_memcmp() wrapper for memcmp(3).Alejandro Colomar1-1/+1
The casts are unnecessary, since memcmp(3)'s arguments are 'void *'. It might have been necessary in the times of K&R, where 'void *' didn't exist. Nowadays, it's unnecessary, and _very_ unsafe, since casts can hide all classes of bugs by silencing most compiler warnings. The changes from nxt_memcmp() to memcmp(3) were scripted: $ find src/ -type f \ | grep '\.[ch]$' \ | xargs sed -i 's/nxt_memcmp/memcmp/' Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-11-02PHP: allowed to specify URLs without a trailing '/'.Andrew Clayton1-6/+84
Both @lucatacconi & @mwoodpatrick reported what appears to be the same issue on GitHub. Namely that when using the PHP language module and trying to access a URL that is a directory but without specifying the trailing '/', they were getting a '503 Service Unavailable' error. Note: This is when _not_ using the 'script' option. E.g with the following config { "listeners": { "[::1]:8080": { "pass": "applications/php" } }, "applications": { "php": { "type": "php", "root": "/var/tmp/unit-php" } } } and with a directory path of /var/tmp/unit-php/foo containing an index.php, you would see the following $ curl http://localhost/foo <title>Error 503</title> Error 503 However $ curl http://localhost/foo/ would work and serve up the index.php This commit fixes the above so you get the desired behaviour without specifying the trailing '/' by doing the following 1] If the URL doesn't end in .php and doesn't have a trailing '/' then check if the requested path is a directory. 2) If it is a directory then create a 301 re-direct pointing to it. This matches the behaviour of the likes of nginx, Apache and lighttpd. This also matches the behaviour of the "share" action in Unit. This doesn't effect the behaviour of the 'script' option which bypasses the nxt_php_dynamic_request() function. This also adds a couple of tests to test/test_php_application.py to ensure this continues to work. Closes: <https://github.com/nginx/unit/issues/717> Closes: <https://github.com/nginx/unit/issues/753> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-10-19Added parentheses for consistency.Remi Collet1-8/+8
Reported-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Remi Collet <remi@remirepo.net> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-10-19PHP: Fixed php_module_startup() call for PHP 8.2.Remi Collet1-0/+4
PHP 8.2 changed the prototype of the function, removing the last parameter. Signed-off-by: Remi Collet <remi@remirepo.net> Cc: Timo Stark <t.stark@nginx.com> Cc: George Peter Banyard <girgias@php.net> Tested-by: Andy Postnikov <apostnikov@gmail.com> Acked-by: Andy Postnikov <apostnikov@gmail.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-10-03Renamed a couple of members of nxt_unit_request_t.Andrew Clayton1-1/+1
This is a preparatory patch that renames the 'local' and 'local_length' members of the nxt_unit_request_t structure to 'local_addr' and 'local_addr_length' in preparation for the adding of 'local_port' and 'local_port_length' members. Suggested-by: Zhidao HONG <z.hong@f5.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2021-11-25PHP: fixed crash when calling module functions in OPcache preload.Valentin Bartenev1-2/+5
In PHP, custom fastcgi_finish_request() and overloaded chdir() functions can be invoked by an OPcache preloading script (it runs when php_module_startup() is called in the app process setup handler). In this case, there was no runtime context set so trying to access it caused a segmentation fault. This closes #602 issue on GitHub.
2021-11-25PHP: fixed crash when calling module functions in OPcache preload.Valentin Bartenev1-2/+5
In PHP, custom fastcgi_finish_request() and overloaded chdir() functions can be invoked by an OPcache preloading script (it runs when php_module_startup() is called in the app process setup handler). In this case, there was no runtime context set so trying to access it caused a segmentation fault. This closes #602 issue on GitHub.
2021-10-28Moving request limit control to libunit.Max Romanov1-2/+1
Introducting application graceful stop. For now only used when application process reach request limit value. This closes #585 issue on GitHub.
2021-05-21PHP: adopted "file_handle" to Zend API changes in 8.1.0-dev.Valentin Bartenev1-0/+10
This fixes building module with the development version of PHP after the change: https://github.com/php/php-src/commit/c732ab400af92c54eee47c487a56009f1d79dd5d
2021-05-07PHP: forced initialization of $_SERVER in fastcgi_finish_request().Valentin Bartenev1-1/+26
The "auto_globals_jit" PHP option postponed the initialization of the $_SERVER global variable until the script using it had been loaded (e. g. via the "include" expression). As a result, nxt_php_register_variables() could be called after fastcgi_finish_request() had finished the request and nulled ctx->req, which thus caused a segmentation fault.
2021-03-15Fixed building the PHP 5 module with ZTS, broken by dab8544b5440.Valentin Bartenev1-0/+4
This closes #525 issue on GitHub.
2020-12-08PHP: populating PHP_AUTH_* server variables.Valentin Bartenev1-0/+11
This closes #498 issue on GitHub.
2020-11-11PHP: implementation of the fastcgi_finish_request() function.Valentin Bartenev1-2/+76
This closes #219 issue on GitHub.
2020-11-11PHP: prevention of consuming unread request body on finalization.Valentin Bartenev1-0/+15
The php_request_shutdown() function calls sapi_deactivate() that tries to read request body into a dummy buffer. In our case it's just waste of CPU cycles. This change is also required for the following implementation of the fastcgi_finish_request() function, where the request context can be cleared by the time of finalization.
2020-10-06PHP: compatibility with 8.0.0 RC1.Valentin Bartenev1-0/+30
This closes #474 PR on GitHub.
2020-09-09PHP: fixed "rootfs" isolation dependency on system mounts.Tiago Natel de Moura1-55/+107
2020-08-25PHP: added bind mounts for extensions directory.Tiago Natel de Moura1-2/+4
2020-08-12PHP: compatibility with 8.0.0 Beta 1.Remi Collet1-1/+15
This closes #441 PR on GitHub.
2020-07-24Configuration: added checking for presence of mandatory fields.Valentin Bartenev1-5/+0
2020-07-23PHP: using nxt_unit_default_init() for module structure init.Max Romanov1-32/+4
Using this function in all language modules helps to avoid code duplication and reduce the size of future patches.
2020-07-23PHP: removing assertion to fix build on macOS.Max Romanov1-1/+5
The nxt_assert macro uses nxt_thread_context, which caused the following linker error when using it in the library: ld: illegal thread local variable reference to regular symbol _nxt_thread_context for architecture x86_64
2020-07-21PHP: logging in request context when possible.Valentin Bartenev1-2/+12
2020-07-21PHP: fixed incorrect time in interpreter error log messages.Valentin Bartenev1-5/+6
Previously, the log message callback used a generic log function, that relied on the process time cache. Since there were no time update calls in the application processes, all log lines were printed with the same time, usually correlated with the process start. Now, a non-cached logging function from libunit is used.
2020-05-28Added "rootfs" feature.Tiago Natel de Moura1-0/+2
2020-03-09Refactor of process management.Tiago Natel de Moura1-15/+17
The process abstraction has changed to: setup(task, process) start(task, process_data) prefork(task, process, mp) The prefork() occurs in the main process right before fork. The file src/nxt_main_process.c is completely free of process specific logic. The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container). The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away. In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process. The module API has changed to: setup(task, process, conf) start(task, data) As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
2020-05-20PHP: building with PHP 8 (development version).Remi Collet1-0/+8
2020-05-14PHP: implemented "targets" option.Valentin Bartenev1-205/+241
This allows to specify multiple subsequent targets inside PHP applications. For example: { "listeners": { "*:80": { "pass": "routes" } }, "routes": [ { "match": { "uri": "/info" }, "action": { "pass": "applications/my_app/phpinfo" } }, { "match": { "uri": "/hello" }, "action": { "pass": "applications/my_app/hello" } }, { "action": { "pass": "applications/my_app/rest" } } ], "applications": { "my_app": { "type": "php", "targets": { "phpinfo": { "script": "phpinfo.php", "root": "/www/data/admin", }, "hello": { "script": "hello.php", "root": "/www/data/test", }, "rest": { "root": "/www/data/example.com", "index": "index.php" }, } } } }
2020-03-04PHP: fixed log format in alert.Tiago Natel de Moura1-1/+2
Found by Coverity: CID 354832 and CID 354833.
2020-03-03PHP: optimization to avoid surplus chdir(2) calls.Tiago Natel de Moura1-99/+299
For each request, the worker calls the php_execute_script function from libphp that changes to the script directory before doing its work and then restores the process directory before returning. The chdir(2) calls it performs are unnecessary in Unit design. In simple benchmarks, profiling shows that the chdir syscall code path (syscall, FS walk, etc.) is where the CPU spends most of its time. PHP SAPI semantics requires the script to be run from the script directory. In Unit's PHP implementation, we have two use cases: - script - arbitrary path The "script" configuration doesn't have much need for a working directory change: it can be changed once at module initialization. The module needs to chdir again only if the user's PHP script also calls chdir to switch to another directory during execution. If "script" is not used in Unit configuration, we must ensure the script is run from its directory (thus calling chdir before exec), but there's no need to restore the working directory later. Our implementation disables mandatory chdir calls with the SAPI option SAPI_OPTION_NO_CHDIR, instead calling chdir only when needed. To detect the user's calls to chdir, a simple "unit" extension is added that hooks the built-in chdir() PHP call.
2020-02-25PHP: fixed php >= 7.4 with zts enabled.Tiago Natel de Moura1-13/+17
2020-01-28PHP: added check for the ".php" extension.Valentin Bartenev1-4/+11
A check for the ".php" extension is added to prevent execution of files with arbitrary extensions in cases where "index" and "script" options aren't used.
2019-12-24Adding "limits/shm" configuration validation and parsing.Max Romanov1-0/+1
2019-09-23PHP: zeroing the whole file_handle structure.Sergey Kandaurov1-2/+2
Fixes segfaults with PHP 7.4.
2019-07-16PHP: fixed script filename setting, broken after 2a71417d297f.Valentin Bartenev1-6/+8
2019-07-05PHP: added PATH_INFO support.Max Romanov1-74/+96
2019-07-05PHP: improved response status code handling.Valentin Bartenev1-12/+2
There's no reason to parse "http_status_line"; the PHP interpreter already does this. If the line contains a valid status code, it's assigned to "http_response_code". This also fixes invalid status line handling, where the nxt_int_parse() function returned -1; it was cast to unsigned, yielding response code 65535.
2019-06-28PHP: removing excessive debug message.Max Romanov1-2/+0
2019-03-21Adjusting request schema value according to connection tls state.Max Romanov1-0/+4
This closes #223 issue on GitHub.
2019-03-11Style.Andrey Zelenkov1-1/+1
2019-02-28Made QUERY_STRING mandatory.Valentin Bartenev1-4/+2
According to CGI/1.1 RFC 3875: The server MUST set this variable; if the Script-URI does not include a query component, the QUERY_STRING MUST be defined as an empty string (""). Python's PEP 333(3) allows omitting it in WSGI interface; PHP docs force no requirements; PSGI and Rack specifications require it even if empty. When nginx proxies requests over FastCGI, it always provides QUERY_STRING. and some PHP apps have been observed to fail if it is missing (see issue #201 on GitHub). A drawback of this change (besides a small overhead) is that there will be no easy way to tell a missing query string from an empty one (i.e. requests with or without the "?" character); yet, it's negligible compared to the possible benefits of wider application compatibility. This closes #226 issue on GitHub.
2019-02-28Introducing Java Servlet Container beta.Max Romanov1-0/+1
2019-02-27Fixed processing of SERVER_NAME after 77aad2c142a0.Valentin Bartenev1-24/+7
Previously, the nxt_router_prepare_msg() function expected server host among other headers unmodified. It's not true anymore since normalization of the Host header has been introduced in 77aad2c142a0. The nxt_unit_split_host() function was removed. It didn't work correctly with IPv6 literals. Anyway, after 77aad2c142a0 the port splitting is done in router while Host header processing.