#6491 Fixes a redirection loop when Nginx is misconfigured and passes an incorrect PATH_INFO

ad2c0510 · Matthieu Napoli · ef4e84f2 · ad2c0510 · ad2c0510
--- a/core/Url.php
+++ b/core/Url.php
@@ -66,8 +66,7 @@ class Url
    {
        return self::getCurrentScheme() . '://'
        . self::getCurrentHost()
-        . self::getCurrentScriptName()
+        . self::getCurrentScriptName(false)
-        . self::getCurrentPathInfo()
        . self::getCurrentQueryString();
    }
@@ -84,8 +83,7 @@ class Url
    {
        return self::getCurrentScheme() . '://'
        . self::getCurrentHost($default = 'unknown', $checkTrustedHost)
-        . self::getCurrentScriptName()
+        . self::getCurrentScriptName(false);
-        . self::getCurrentPathInfo();
    }
    /**
@@ -127,11 +125,12 @@ class Url
    /**
     * Returns the path to the script being executed. Includes the script file name.
     *
+     * @param bool $removePathInfo If true (default value) then the PATH_INFO will be stripped.
     * @return string eg, `"/dir1/dir2/index.php"` if the current URL is
     *                `"http://example.org/dir1/dir2/index.php?param1=value1&param2=value2"`
     * @api
     */
-    public static function getCurrentScriptName()
+    public static function getCurrentScriptName($removePathInfo = true)
    {
        $url = '';
@@ -149,7 +148,7 @@ class Url
            }
            // strip path_info
-            if (isset($_SERVER['PATH_INFO'])) {
+            if ($removePathInfo && isset($_SERVER['PATH_INFO'])) {
                $url = substr($url, 0, -strlen($_SERVER['PATH_INFO']));
            }
        }
@@ -175,24 +174,6 @@ class Url
        return $url;
    }
-    /**
-     * Returns the current PATH_INFO from the request.
-     *
-     * Contains any client-provided pathname information trailing the actual
-     * script filename but preceding the query string, if available.
-     *
-     * For instance, if the current script was accessed via the URL
-     * http://www.example.com/php/path_info.php/some/stuff?foo=bar
-     * then getCurrentPathInfo() would return "/some/stuff".
-     *
-     * @return string
-     * @api
-     */
-    public static function getCurrentPathInfo()
-    {
-        return isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
-    }
    /**
     * Returns the current URL's protocol.
     *

--- a/tests/PHPUnit/Unit/UrlTest.php
+++ b/tests/PHPUnit/Unit/UrlTest.php
@@ -375,6 +375,34 @@ class UrlTest extends PHPUnit_Framework_TestCase
        $this->assertEquals($expected, Url::getCurrentUrlWithoutQueryString());
    }
+    /**
+     * Tests a use case that was reported by some users: Nginx is not properly configured and passes
+     * incorrect PATH_INFO values in $_SERVER.
+     * @link https://github.com/piwik/piwik/issues/6491
+     * @group Core
+     */
+    public function testMisconfiguredNginxPathInfo()
+    {
+        $this->resetGlobalVariables();
+        // these variables where taken from a bug report
+        $_SERVER = array(
+            'QUERY_STRING' => 'foo=bar',
+            'PATH_INFO' => '/test.php', // Nginx passed a wrong value here (should be empty)
+            'SCRIPT_NAME' => '/test.php',
+            'REQUEST_URI' => '/test.php?foo=bar',
+            'DOCUMENT_URI' => '/test.php',
+            'SERVER_PROTOCOL' => 'HTTP/1.1',
+            'SERVER_NAME' => 'example.com',
+            'HTTP_HOST' => 'example.com',
+            'PHP_SELF' => '/test.php/test.php', // Nginx passed a wrong value here (should be /test.php)
+        );
+        $expectedUrl = 'http://example.com/test.php?foo=bar';
+        $this->assertEquals($expectedUrl, Url::getCurrentUrl());
+    }
    private function resetGlobalVariables()
    {
        $names = array('PATH_INFO', 'REQUEST_URI', 'SCRIPT_NAME', 'SCRIPT_FILENAME', 'argv', 'HTTPS',