Don't assume URIs with dots as static (#61286). #3215
Conversation
The build-in server, on serving an URI containg dots, behaves exactly as for an URI without dots. Only if the URI ends with '.php', the server gives a 404 status if the php file is not present. Now the behaviour matches the one expected by reading the documentation. http://php.net/manual/en/features.commandline.webserver.php
|
Thanks for the report It's documented to accept Thanks |
| { | ||
| if (q) { | ||
| char *dot = strrchr(q, '.'); | ||
| if (dot && !strcmp(dot, ".php")) |
There was a problem hiding this comment.
strlen(dot) could be less than 4.
There was a problem hiding this comment.
In such case the file has not a ".php" extension. What's the problem?
There was a problem hiding this comment.
If both are \0 terminated, i meant. Should be, actually, so perhaps no worries.
Thanks.
| if (*q-- == '.') { | ||
| is_static_file = 1; | ||
| break; | ||
| q = request->vpath; |
There was a problem hiding this comment.
This part looks not quite correct. Fe how would be /hello.php/world.php handled? Iterating backwards seems to make more sense. Also some backward compatibility might be broken.
There was a problem hiding this comment.
The code before my patch, would raise a 404 unless a file corresponding to the path /hello.php/world.php is not present, because the path contains a dot.
We can choose to make the recursive search for a router script for ANY file that does not exists, and I agree with this idea. I was only trying to be the less disruptive as possible with the previous behaviour.
For what concerns the backward compatibility: the built-in server is only used for development purposes and must not be used in production.
This new implementation serves all the files that the old one did, but it serves also other paths that instead would have got a 404 status.
As an example, Drupal 8 now works, while before it did not.
|
To get a better idea of the problem, take a look at the thread of this bug https://bugs.php.net/bug.php?id=61286 In particular to the following statement by laurence.
This assumption is way too loose, because a path like This is why, I chose that ONLY in the case when the path ends with ".php" and a corresponding file does not exist, it returns a 404 code, while in all other cases the recursive search for an "index" file must be done. @weltling I don't understand the "arbitrary script" part. In the former code, if you specify a path that represents an existing PHP script file, this file is run and no recursive search is done. What do you mean? This behaviour should be conserved also in this implementation. |
|
@mperrando ok, thanks for the link. There's a bit of lack on the definition there. Perhaps the documentation doesn't mention it, but the basic dilemma is actually about the non existent path handling. Fe with your current patch - Also the other part of the patch The existing mechanism is neither a full featured router framework alike, nor it is a full featured web server. It is also not to expect to be so. IMO it would make sense to first specify the behavior to expect, considering also edge cases. The ideas from the bug #61286 seem to have no big support so far. Implementing a full featured web server just for testing seems too much. Thanks. |
|
The implementation was quite strange even before my PR, IMHO. The problems you are correctly posing ware not considered even before my patch! This patch is moving things toward a more "correct" behaviour, i.e. the one you obtain on the production site. Anyway, anything has been put under test. In case someone finds a misbehaviour it will ve very simple to add a new test and decide how to modify things. As I said, as an example, with this patch you can run a Drupal 8 installation, for development purposes, with the built-in server, while you cannot do it now: Drupal 8 uses some path containing "dots", that should be served by the main Drupal Furthermore, it does not seem to me that this patch could break things: the paths that were served before are served with this PR too. Actually the number of path served should be only incremented by this PR. Said this, I don't see any threat in merging: this should help people developing sites with the built-in server in an environment that better resembles the true world of production. |
|
The test In some circumstances, patches are under the consideration of the corresponding RMs. IMO, a good way to go would be to create a specification which would consider behaviours when a router is used or not, handling of static paths vs. virtual routing, weird edge cases and beyond. It still wouldn't have to be full featured, but at least the behaviour were discussed and well defined. Otherwise it's to see for more comments on the existing patch. Thanks. |
|
Since there has been no updates for more than 6 months, I'm closing this PR. If I'm wrong to close it and you would like to continue working on this patch, please reopen the PR or create a fresh one targeting an appropriate branch. |
|
Does it make sense to open new PR? this bug still exists( |
|
There should definitely be a bug report or something, this makes the internal webserver useless for anything that requires that path contain a dot. |
The build-in server, on serving an URI containg dots, behaves exactly as
for an URI without dots. Only if the URI ends with '.php', the server
gives a 404 status if the php file is not present.
Now the behaviour matches the one expected by reading the documentation.
http://php.net/manual/en/features.commandline.webserver.php