@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Fix reading of the request path when running the PHP builtin webserver
Summary:
Ref T13575. Since PHP builtin webserver support was added, the pathway for parsing request parameters became more complex. We now rebuild "$_REQUEST" later, and this rebuild will destroy any mutations made to it here, so the assignment to "__path__" is lost.
Instead of "validating" the request path, make this method "read" the request path and store it explicitly, so it will survive any later request mutations.
Test Plan:
- Submitted any POST form while running Phabricator under the builtin PHP webserver. Old behavior was an error when accessing "__path__"; new behavior is a working application.
- Loaded normal pages, etc.
Maniphest Tasks: T13575
Differential Revision: https://secure.phabricator.com/D21506
+47
-8
+2
-2
src/aphront/configuration/AphrontApplicationConfiguration.php
+2
-2
src/aphront/configuration/AphrontApplicationConfiguration.php
···
176
176
}
177
177
178
178
$host = AphrontRequest::getHTTPHeader('Host');
179
-
$path = $_REQUEST['__path__'];
179
+
$path = PhabricatorStartup::getRequestPath();
180
180
181
181
$application = new self();
182
182
···
759
759
}
760
760
761
761
private static function newSelfCheckResponse() {
762
-
$path = idx($_REQUEST, '__path__', '');
762
+
$path = PhabricatorStartup::getRequestPath();
763
763
$query = idx($_SERVER, 'QUERY_STRING', '');
764
764
765
765
$pairs = id(new PhutilQueryStringParser())
+45
-6
support/startup/PhabricatorStartup.php
+45
-6
support/startup/PhabricatorStartup.php
···
35
35
* @task validation Validation
36
36
* @task ratelimit Rate Limiting
37
37
* @task phases Startup Phase Timers
38
+
* @task request-path Request Path
38
39
*/
39
40
final class PhabricatorStartup {
40
41
···
47
48
private static $phases;
48
49
49
50
private static $limits = array();
51
+
private static $requestPath;
50
52
51
53
52
54
/* -( Accessing Request Information )-------------------------------------- */
···
119
121
self::$phases = array();
120
122
121
123
self::$accessLog = null;
124
+
self::$requestPath = null;
122
125
123
126
static $registered;
124
127
if (!$registered) {
···
140
143
141
144
self::normalizeInput();
142
145
143
-
self::verifyRewriteRules();
146
+
self::readRequestPath();
144
147
145
148
self::beginOutputCapture();
146
149
}
···
552
555
553
556
554
557
/**
555
-
* @task validation
558
+
* @task request-path
556
559
*/
557
-
private static function verifyRewriteRules() {
560
+
private static function readRequestPath() {
561
+
562
+
// See T13575. The request path may be provided in:
563
+
//
564
+
// - the "$_GET" parameter "__path__" (normal for Apache and nginx); or
565
+
// - the "$_SERVER" parameter "REQUEST_URI" (normal for the PHP builtin
566
+
// webserver).
567
+
//
568
+
// Locate it wherever it is, and store it for later use. Note that writing
569
+
// to "$_REQUEST" here won't always work, because later code may rebuild
570
+
// "$_REQUEST" from other sources.
571
+
558
572
if (isset($_REQUEST['__path__']) && strlen($_REQUEST['__path__'])) {
573
+
self::setRequestPath($_REQUEST['__path__']);
559
574
return;
560
575
}
561
576
577
+
// Compatibility with PHP 5.4+ built-in web server.
562
578
if (php_sapi_name() == 'cli-server') {
563
-
// Compatibility with PHP 5.4+ built-in web server.
564
-
$url = parse_url($_SERVER['REQUEST_URI']);
565
-
$_REQUEST['__path__'] = $url['path'];
579
+
$path = parse_url($_SERVER['REQUEST_URI']);
580
+
self::setRequestPath($path['path']);
566
581
return;
567
582
}
568
583
···
578
593
"are not configured correctly. The '__path__' should always ".
579
594
"begin with a '/'.");
580
595
}
596
+
}
597
+
598
+
/**
599
+
* @task request-path
600
+
*/
601
+
public static function getRequestPath() {
602
+
$path = self::$requestPath;
603
+
604
+
if ($path === null) {
605
+
self::didFatal(
606
+
'Request attempted to access request path, but no request path is '.
607
+
'available for this request. You may be calling web request code '.
608
+
'from a non-request context, or your webserver may not be passing '.
609
+
'a request path to Phabricator in a format that it understands.');
610
+
}
611
+
612
+
return $path;
613
+
}
614
+
615
+
/**
616
+
* @task request-path
617
+
*/
618
+
public static function setRequestPath($path) {
619
+
self::$requestPath = $path;
581
620
}
582
621
583
622