21236ab51082668914b933041893a1cf45218a3dLennart Poettering<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

21236ab51082668914b933041893a1cf45218a3dLennart Poettering<html><head>

12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen<title>PATH_INFO Changes in the CGI Environment</title>

21236ab51082668914b933041893a1cf45218a3dLennart Poettering</head>

21236ab51082668914b933041893a1cf45218a3dLennart Poettering

21236ab51082668914b933041893a1cf45218a3dLennart Poettering<BODY BGCOLOR="white" TEXT="black" LINK="blue" VLINK="navy" ALINK="red">

21236ab51082668914b933041893a1cf45218a3dLennart Poettering<h1 ALIGN="CENTER">PATH_INFO Changes in the CGI Environment</h1>

21236ab51082668914b933041893a1cf45218a3dLennart Poettering

21236ab51082668914b933041893a1cf45218a3dLennart Poettering<hr>

21236ab51082668914b933041893a1cf45218a3dLennart Poettering

21236ab51082668914b933041893a1cf45218a3dLennart Poettering<h2><a name="over">Overview</a></h2>

21236ab51082668914b933041893a1cf45218a3dLennart Poettering

21236ab51082668914b933041893a1cf45218a3dLennart Poettering<p>As implemented in Apache 1.1.1 and earlier versions, the method

21236ab51082668914b933041893a1cf45218a3dLennart PoetteringApache used to create PATH_INFO in the CGI environment was

21236ab51082668914b933041893a1cf45218a3dLennart Poetteringcounterintuitive, and could result in crashes in certain cases. In

21236ab51082668914b933041893a1cf45218a3dLennart PoetteringApache 1.2 and beyond, this behavior has changed. Although this

21236ab51082668914b933041893a1cf45218a3dLennart Poetteringresults in some compatibility problems with certain legacy CGI

21236ab51082668914b933041893a1cf45218a3dLennart Poetteringapplications, the Apache 1.2 behavior is still compatible with the

21236ab51082668914b933041893a1cf45218a3dLennart PoetteringCGI/1.1 specification, and CGI scripts can be easily modified (<a

21236ab51082668914b933041893a1cf45218a3dLennart Poetteringhref="#compat">see below</a>).

e6de49abfd28098c65b8a0be05bb84cf6cf780aeMichael Biebl

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<h2><a name="prob">The Problem</a></h2>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p>Apache 1.1.1 and earlier implemented the PATH_INFO and SCRIPT_NAME

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekenvironment variables by looking at the filename, not the URL. While

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekthis resulted in the correct values in many cases, when the filesystem

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekpath was overloaded to contain path information, it could result in

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekerrant behavior. For example, if the following appeared in a config

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekfile:

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<pre>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Alias /cgi-ralph /usr/local/httpd/cgi-bin/user.cgi/ralph

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek</pre>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p>In this case, <code>user.cgi</code> is the CGI script, the "/ralph"

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekis information to be passed onto the CGI. If this configuration was in

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekplace, and a request came for "<code>/cgi-ralph/script/</code>", the

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekcode would set PATH_INFO to "<code>/ralph/script</code>", and

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-SzmekSCRIPT_NAME to "<code>/cgi-</code>". Obviously, the latter is

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekincorrect. In certain cases, this could even cause the server to

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekcrash.</p>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<h2><a name="solution">The Solution</a></h2>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p>Apache 1.2 and later now determine SCRIPT_NAME and PATH_INFO by

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmeklooking directly at the URL, and determining how much of the URL is

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekclient-modifiable, and setting PATH_INFO to it. To use the above

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekexample, PATH_INFO would be set to "<code>/script</code>", and

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-SzmekSCRIPT_NAME to "<code>/cgi-ralph</code>". This makes sense and results

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekin no server behavior problems. It also permits the script to be

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekguaranteed that

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek"<code>http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO</code>"

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekwill always be an accessible URL that points to the current script,

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmeksomething which was not necessarily true with previous versions of

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-SzmekApache.

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p>However, the "<code>/ralph</code>"

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekinformation from the <code>Alias</code> directive is lost. This is

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekunfortunate, but we feel that using the filesystem to pass along this

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmeksort of information is not a recommended method, and a script making

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekuse of it "deserves" not to work. Apache 1.2b3 and later, however, do

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekprovide <a href="#compat">a workaround.</a>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<h2><a name="compat">Compatibility with Previous Servers</a></h2>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p>It may be necessary for a script that was designed for earlier

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekversions of Apache or other servers to need the information that the

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekold PATH_INFO variable provided. For this purpose, Apache 1.2 (1.2b3

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekand later) sets an additional variable, FILEPATH_INFO. This

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekenvironment variable contains the value that PATH_INFO would have had

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekwith Apache 1.1.1.</p>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p>A script that wishes to work with both Apache 1.2 and earlier

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekversions can simply test for the existence of FILEPATH_INFO, and use

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekit if available. Otherwise, it can use PATH_INFO. For example, in

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-SzmekPerl, one might use:

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<pre>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek $path_info = $ENV{'FILEPATH_INFO'} || $ENV{'PATH_INFO'};

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek</pre>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

21236ab51082668914b933041893a1cf45218a3dLennart Poettering<p>By doing this, a script can work with all servers supporting the

21236ab51082668914b933041893a1cf45218a3dLennart PoetteringCGI/1.1 specification, including all versions of Apache.</p>

a12b0cc34d80a2d13c87d1f57059339cfc780912Lennart Poettering

7629889c86005017eb1a7f1f803c0d8e7a5bef08Lennart Poettering</BODY>

21236ab51082668914b933041893a1cf45218a3dLennart Poettering</HTML>

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek

798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek