[Rejected] Profile status location shows fastcgi path rather than actual location
#1
Hi there. So I've discovered an issue that occurs in MyBB when using the apache webserver in combination with the fastcgi module and php-fpm. It breaks profile status location and could confuse a user.
The issue
On user profiles where the user is online the status will say:

Unknown Location

and the link will be:

[BoardURLHERE]/php7-fcgi?[WhateverQueryStringDataBelongsToTheRequest]

This results in an invalid link. It's worth looking into. Below is more technical information which is probably important to know so the issue may be resolved.
Server Setup
nginx accepts all incoming requests and sets the real ip from the reverse proxies that mitigate DoS and forwards any php requests to apache which uses the rpaf module to set the real ip from nginx (apache runs on non standard port and cannot be called directly). Apache uses fastcgi to utilize php fpm. Apache also runs modsecurity in detectiononly mode to detect SQLi attempts so I can learn which files are attacked the most and audit them more frequently.


PHP Version is 7.0.13-0ubuntu0.16.04.1 and it's php fpm.

FastCGI.conf

<IfModule mod_fastcgi.c>
  AddHandler fastcgi-script .fcgi
  #FastCgiWrapper /usr/lib/apache2/suexec
  FastCgiIpcDir /var/lib/apache2/fastcgi

        AddHandler php7-fcgi .php
        Action php7-fcgi /php7-fcgi virtual
        Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
        FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php/php7.0-fpm.sock -pass-header WebDeflect-Real-IP

</IfModule>

        <Directory /usr/lib/cgi-bin>
                Require all granted
        </Directory>
Software Engineer specializing in C# Program Development
Reply
#2
I don't think this is a bug. MyBB uses $_SERVER variables to determine the location which are set by the server.

Have you tried enabling cgi.fix_pathinfo?
[Image: banner.png]
Reply
#3
(2017-01-29, 01:31 PM)StefanT Wrote: I don't think this is a bug. MyBB uses $_SERVER variables to determine the location which are set by the server.

Have you tried enabling cgi.fix_pathinfo?

Nice catch! I had that disabled back when I was on pure nginx. This thread may be closed now Smile
Software Engineer specializing in C# Program Development
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)