summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_php_sapi.c (follow)
AgeCommit message (Collapse)AuthorFilesLines
2022-11-07PHP: Fix a potential problem parsing the path.Andrew Clayton1-1/+2
@dward on GitHub reported an issue with a URL like http://foo.bar/test.php?blah=test.php/foo where we would end up trying to run the script test.php?blah=test.php In the PHP module the format 'file.php/' is treated as a special case in nxt_php_dynamic_request() where we check the _path_ part of the url for the string '.php/'. The problem is that the path actually also contains the query string, thus we were finding 'test.php/' in the above URL and treating that whole path as the script to run. The fix is simple, replace the strstr(3) with a memmem(3), where we can limit the amount of path we use for the check. The trick here and what is not obvious from the code is that while path.start points to the whole path including the query string, path.length only contains the length of the _path_ part. NOTE: memmem(3) is a GNU extension and is neither specified by POSIX or ISO C, however it is available on a number of other systems, including: FreeBSD, OpenBSD, NetBSD, illumos, and macOS. If it comes to it we can implement a simple alternative for systems which lack memmem(3). This also adds a test case (provided by @dward) to cover this. Closes: <https://github.com/nginx/unit/issues/781> Cc: Andrei Zeliankou <zelenkov@nginx.com> Reviewed-by: Alejandro Colomar <alx@nginx.com> Reviewed-by: Andrei Zeliankou <zelenkov@nginx.com> [test] Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-11-04Removed the unsafe nxt_memcmp() wrapper for memcmp(3).Alejandro Colomar1-1/+1
The casts are unnecessary, since memcmp(3)'s arguments are 'void *'. It might have been necessary in the times of K&R, where 'void *' didn't exist. Nowadays, it's unnecessary, and _very_ unsafe, since casts can hide all classes of bugs by silencing most compiler warnings. The changes from nxt_memcmp() to memcmp(3) were scripted: $ find src/ -type f \ | grep '\.[ch]$' \ | xargs sed -i 's/nxt_memcmp/memcmp/' Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-11-02PHP: allowed to specify URLs without a trailing '/'.Andrew Clayton1-6/+84
Both @lucatacconi & @mwoodpatrick reported what appears to be the same issue on GitHub. Namely that when using the PHP language module and trying to access a URL that is a directory but without specifying the trailing '/', they were getting a '503 Service Unavailable' error. Note: This is when _not_ using the 'script' option. E.g with the following config { "listeners": { "[::1]:8080": { "pass": "applications/php" } }, "applications": { "php": { "type": "php", "root": "/var/tmp/unit-php" } } } and with a directory path of /var/tmp/unit-php/foo containing an index.php, you would see the following $ curl http://localhost/foo <title>Error 503</title> Error 503 However $ curl http://localhost/foo/ would work and serve up the index.php This commit fixes the above so you get the desired behaviour without specifying the trailing '/' by doing the following 1] If the URL doesn't end in .php and doesn't have a trailing '/' then check if the requested path is a directory. 2) If it is a directory then create a 301 re-direct pointing to it. This matches the behaviour of the likes of nginx, Apache and lighttpd. This also matches the behaviour of the "share" action in Unit. This doesn't effect the behaviour of the 'script' option which bypasses the nxt_php_dynamic_request() function. This also adds a couple of tests to test/test_php_application.py to ensure this continues to work. Closes: <https://github.com/nginx/unit/issues/717> Closes: <https://github.com/nginx/unit/issues/753> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-10-19Added parentheses for consistency.Remi Collet1-8/+8
Reported-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Remi Collet <remi@remirepo.net> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-10-19PHP: Fixed php_module_startup() call for PHP 8.2.Remi Collet1-0/+4
PHP 8.2 changed the prototype of the function, removing the last parameter. Signed-off-by: Remi Collet <remi@remirepo.net> Cc: Timo Stark <t.stark@nginx.com> Cc: George Peter Banyard <girgias@php.net> Tested-by: Andy Postnikov <apostnikov@gmail.com> Acked-by: Andy Postnikov <apostnikov@gmail.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-10-03Renamed a couple of members of nxt_unit_request_t.Andrew Clayton1-1/+1
This is a preparatory patch that renames the 'local' and 'local_length' members of the nxt_unit_request_t structure to 'local_addr' and 'local_addr_length' in preparation for the adding of 'local_port' and 'local_port_length' members. Suggested-by: Zhidao HONG <z.hong@f5.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2021-11-25PHP: fixed crash when calling module functions in OPcache preload.Valentin Bartenev1-2/+5
In PHP, custom fastcgi_finish_request() and overloaded chdir() functions can be invoked by an OPcache preloading script (it runs when php_module_startup() is called in the app process setup handler). In this case, there was no runtime context set so trying to access it caused a segmentation fault. This closes #602 issue on GitHub.
2021-10-28Moving request limit control to libunit.Max Romanov1-2/+1
Introducting application graceful stop. For now only used when application process reach request limit value. This closes #585 issue on GitHub.
2021-05-21PHP: adopted "file_handle" to Zend API changes in 8.1.0-dev.Valentin Bartenev1-0/+10
This fixes building module with the development version of PHP after the change: https://github.com/php/php-src/commit/c732ab400af92c54eee47c487a56009f1d79dd5d
2021-05-07PHP: forced initialization of $_SERVER in fastcgi_finish_request().Valentin Bartenev1-1/+26
The "auto_globals_jit" PHP option postponed the initialization of the $_SERVER global variable until the script using it had been loaded (e. g. via the "include" expression). As a result, nxt_php_register_variables() could be called after fastcgi_finish_request() had finished the request and nulled ctx->req, which thus caused a segmentation fault.
2021-03-15Fixed building the PHP 5 module with ZTS, broken by dab8544b5440.Valentin Bartenev1-0/+4
This closes #525 issue on GitHub.
2020-12-08PHP: populating PHP_AUTH_* server variables.Valentin Bartenev1-0/+11
This closes #498 issue on GitHub.
2020-11-11PHP: implementation of the fastcgi_finish_request() function.Valentin Bartenev1-2/+76
This closes #219 issue on GitHub.
2020-11-11PHP: prevention of consuming unread request body on finalization.Valentin Bartenev1-0/+15
The php_request_shutdown() function calls sapi_deactivate() that tries to read request body into a dummy buffer. In our case it's just waste of CPU cycles. This change is also required for the following implementation of the fastcgi_finish_request() function, where the request context can be cleared by the time of finalization.
2020-10-06PHP: compatibility with 8.0.0 RC1.Valentin Bartenev1-0/+30
This closes #474 PR on GitHub.
2020-09-09PHP: fixed "rootfs" isolation dependency on system mounts.Tiago Natel de Moura1-55/+107
2020-08-25PHP: added bind mounts for extensions directory.Tiago Natel de Moura1-2/+4
2020-08-12PHP: compatibility with 8.0.0 Beta 1.Remi Collet1-1/+15
This closes #441 PR on GitHub.
2020-07-24Configuration: added checking for presence of mandatory fields.Valentin Bartenev1-5/+0
2020-07-23PHP: using nxt_unit_default_init() for module structure init.Max Romanov1-32/+4
Using this function in all language modules helps to avoid code duplication and reduce the size of future patches.
2020-07-23PHP: removing assertion to fix build on macOS.Max Romanov1-1/+5
The nxt_assert macro uses nxt_thread_context, which caused the following linker error when using it in the library: ld: illegal thread local variable reference to regular symbol _nxt_thread_context for architecture x86_64
2020-07-21PHP: logging in request context when possible.Valentin Bartenev1-2/+12
2020-07-21PHP: fixed incorrect time in interpreter error log messages.Valentin Bartenev1-5/+6
Previously, the log message callback used a generic log function, that relied on the process time cache. Since there were no time update calls in the application processes, all log lines were printed with the same time, usually correlated with the process start. Now, a non-cached logging function from libunit is used.
2020-05-28Added "rootfs" feature.Tiago Natel de Moura1-0/+2
2020-03-09Refactor of process management.Tiago Natel de Moura1-15/+17
The process abstraction has changed to: setup(task, process) start(task, process_data) prefork(task, process, mp) The prefork() occurs in the main process right before fork. The file src/nxt_main_process.c is completely free of process specific logic. The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container). The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away. In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process. The module API has changed to: setup(task, process, conf) start(task, data) As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
2020-05-20PHP: building with PHP 8 (development version).Remi Collet1-0/+8
2020-05-14PHP: implemented "targets" option.Valentin Bartenev1-205/+241
This allows to specify multiple subsequent targets inside PHP applications. For example: { "listeners": { "*:80": { "pass": "routes" } }, "routes": [ { "match": { "uri": "/info" }, "action": { "pass": "applications/my_app/phpinfo" } }, { "match": { "uri": "/hello" }, "action": { "pass": "applications/my_app/hello" } }, { "action": { "pass": "applications/my_app/rest" } } ], "applications": { "my_app": { "type": "php", "targets": { "phpinfo": { "script": "phpinfo.php", "root": "/www/data/admin", }, "hello": { "script": "hello.php", "root": "/www/data/test", }, "rest": { "root": "/www/data/example.com", "index": "index.php" }, } } } }
2020-03-04PHP: fixed log format in alert.Tiago Natel de Moura1-1/+2
Found by Coverity: CID 354832 and CID 354833.
2020-03-03PHP: optimization to avoid surplus chdir(2) calls.Tiago Natel de Moura1-99/+299
For each request, the worker calls the php_execute_script function from libphp that changes to the script directory before doing its work and then restores the process directory before returning. The chdir(2) calls it performs are unnecessary in Unit design. In simple benchmarks, profiling shows that the chdir syscall code path (syscall, FS walk, etc.) is where the CPU spends most of its time. PHP SAPI semantics requires the script to be run from the script directory. In Unit's PHP implementation, we have two use cases: - script - arbitrary path The "script" configuration doesn't have much need for a working directory change: it can be changed once at module initialization. The module needs to chdir again only if the user's PHP script also calls chdir to switch to another directory during execution. If "script" is not used in Unit configuration, we must ensure the script is run from its directory (thus calling chdir before exec), but there's no need to restore the working directory later. Our implementation disables mandatory chdir calls with the SAPI option SAPI_OPTION_NO_CHDIR, instead calling chdir only when needed. To detect the user's calls to chdir, a simple "unit" extension is added that hooks the built-in chdir() PHP call.
2020-02-25PHP: fixed php >= 7.4 with zts enabled.Tiago Natel de Moura1-13/+17
2020-01-28PHP: added check for the ".php" extension.Valentin Bartenev1-4/+11
A check for the ".php" extension is added to prevent execution of files with arbitrary extensions in cases where "index" and "script" options aren't used.
2019-12-24Adding "limits/shm" configuration validation and parsing.Max Romanov1-0/+1
2019-09-23PHP: zeroing the whole file_handle structure.Sergey Kandaurov1-2/+2
Fixes segfaults with PHP 7.4.
2019-07-16PHP: fixed script filename setting, broken after 2a71417d297f.Valentin Bartenev1-6/+8
2019-07-05PHP: added PATH_INFO support.Max Romanov1-74/+96
2019-07-05PHP: improved response status code handling.Valentin Bartenev1-12/+2
There's no reason to parse "http_status_line"; the PHP interpreter already does this. If the line contains a valid status code, it's assigned to "http_response_code". This also fixes invalid status line handling, where the nxt_int_parse() function returned -1; it was cast to unsigned, yielding response code 65535.
2019-06-28PHP: removing excessive debug message.Max Romanov1-2/+0
2019-03-21Adjusting request schema value according to connection tls state.Max Romanov1-0/+4
This closes #223 issue on GitHub.
2019-03-11Style.Andrey Zelenkov1-1/+1
2019-02-28Made QUERY_STRING mandatory.Valentin Bartenev1-4/+2
According to CGI/1.1 RFC 3875: The server MUST set this variable; if the Script-URI does not include a query component, the QUERY_STRING MUST be defined as an empty string (""). Python's PEP 333(3) allows omitting it in WSGI interface; PHP docs force no requirements; PSGI and Rack specifications require it even if empty. When nginx proxies requests over FastCGI, it always provides QUERY_STRING. and some PHP apps have been observed to fail if it is missing (see issue #201 on GitHub). A drawback of this change (besides a small overhead) is that there will be no easy way to tell a missing query string from an empty one (i.e. requests with or without the "?" character); yet, it's negligible compared to the possible benefits of wider application compatibility. This closes #226 issue on GitHub.
2019-02-28Introducing Java Servlet Container beta.Max Romanov1-0/+1
2019-02-27Fixed processing of SERVER_NAME after 77aad2c142a0.Valentin Bartenev1-24/+7
Previously, the nxt_router_prepare_msg() function expected server host among other headers unmodified. It's not true anymore since normalization of the Host header has been introduced in 77aad2c142a0. The nxt_unit_split_host() function was removed. It didn't work correctly with IPv6 literals. Anyway, after 77aad2c142a0 the port splitting is done in router while Host header processing.
2018-11-27PHP: fixed "disable_functions" and "disable_classes" options.Valentin Bartenev1-10/+87
It turned out they need additional processing to work. This closes #183 issue on GitHub.
2018-11-22PHP: workaround for bug #71041.Valentin Bartenev1-2/+6
Since PHP 7, a zend_signal_startup() call is required if the interpreter was built with ZEND_SIGNALS defined; such a call was added in 3fd76e4ce70a. However, the zend_signal_startup() export is missing from the PHP library; as the result, dlopen() fails with the 'Undefined symbol "zend_signal_startup"' error while loading the PHP module. Meanwhile, if PHP is built without ZTS, the zend_signal_startup() call can be omitted; otherwise, the missing call causes segmentation fault. The PHP fix already was committed to upstream, but we still have to deal with numerous unpatched versions remaining at large. See the related PHP bug: https://bugs.php.net/bug.php?id=71041
2018-11-21PHP: fixed compatibility with ZTS.Valentin Bartenev1-6/+25
This closes #184 issue on GitHub.
2018-08-06Unit application library.Max Romanov1-351/+305
Library now used in all language modules. Old 'nxt_app_*' code removed. See src/test/nxt_unit_app_test.c for usage sample.
2018-07-05PHP: fixed request body processing.Valentin Bartenev1-2/+37
The implementation of module was based on the assumption that PHP reads request body and headers in the particular order. For the POST request the body goes before headers and vice versa for all other requests. But as it appeared later, this order is unspecified and depends on many factors, including the particular code of PHP application. Among other factors those can affect ordering: - presence of "Content-Type" header; - "variables_order" php.ini setting; - "enable_post_data_reading" php.ini setting; - reading php://input by application; and this list can be incomplete. As a temporary workaround, request body now is always put before headers and it is gracefully skipped whenever PHP wants to get headers. This closes #144 issue on GitHub.
2018-07-03PHP: fixed setting of individual configuration options.Valentin Bartenev1-29/+87
The previous method changed PHP options only for the first request. On the request completion the options were rolled back. This closes #145 issue on GitHub.
2018-06-28Removed usage of nxt_thread_context in loadable modules.Igor Sysoev1-1/+6
This change allows to use __thread class storage on MacOSX.
2018-06-25Introduced nxt_length() macro.Valentin Bartenev1-6/+6