在 laravel 5 生产环境中添加了流氓 $_GET 输入密钥
Rogue $_GET input key added in laravel 5 production environment
我遇到了一个非常奇怪的问题。我有一个应用程序可以在我的本地环境中完美运行,并且最近在生产环境中运行良好。现在,在生产中,它在我的输入中添加了一个流氓反斜杠键。它出现在 Input::all()
中,但没有出现在 $_POST
中。我正在使用以下代码进行调试。
routes.php
Route::post('/', function() {
return [
'$_FILES' => $_FILES,
'$_GET' => $_GET,
'$_POST' => $_POST,
'Input::all()' => Input::all()
];
});
回应
{
"$_FILES": [],
"$_GET": {
"\": ""
},
"$_POST": {
"start_date": "2015-02-17",
"end_date": "2015-02-23",
"name": "Test Data"
},
"Input::all()": {
"start_date": "2015-02-17",
"end_date": "2015-02-23",
"name": "Test Data",
"\": ""
}
}
其他详细信息
$_SERVER['REQUEST_URI']
returns 类似 /example/path
的路径,没有任何异常。
这似乎是一个与 nginx 相关的问题。我不确定它为什么突然出现,但我能够在我的 nginx 主机文件中替换以下块来解决问题。
破解版
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
工作版本(从另一个配置复制而来)
location ~ \.php$ {
# Security risk mitigation
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_read_timeout 360;
# added these from tmberg's recommedation (on freenode)
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
# connect to FPM on a unix socket
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME /www/mydomain.com/public$fastcgi_script_name;
# Added to allow for larger error headers to output
fastcgi_temp_file_write_size 10m;
fastcgi_busy_buffers_size 512k;
fastcgi_buffer_size 512k;
fastcgi_buffers 16 512k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_intercept_errors on;
fastcgi_next_upstream error invalid_header timeout http_500;
}
我遇到了一个非常奇怪的问题。我有一个应用程序可以在我的本地环境中完美运行,并且最近在生产环境中运行良好。现在,在生产中,它在我的输入中添加了一个流氓反斜杠键。它出现在 Input::all()
中,但没有出现在 $_POST
中。我正在使用以下代码进行调试。
routes.php
Route::post('/', function() {
return [
'$_FILES' => $_FILES,
'$_GET' => $_GET,
'$_POST' => $_POST,
'Input::all()' => Input::all()
];
});
回应
{
"$_FILES": [],
"$_GET": {
"\": ""
},
"$_POST": {
"start_date": "2015-02-17",
"end_date": "2015-02-23",
"name": "Test Data"
},
"Input::all()": {
"start_date": "2015-02-17",
"end_date": "2015-02-23",
"name": "Test Data",
"\": ""
}
}
其他详细信息
$_SERVER['REQUEST_URI']
returns 类似 /example/path
的路径,没有任何异常。
这似乎是一个与 nginx 相关的问题。我不确定它为什么突然出现,但我能够在我的 nginx 主机文件中替换以下块来解决问题。
破解版
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
工作版本(从另一个配置复制而来)
location ~ \.php$ {
# Security risk mitigation
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_read_timeout 360;
# added these from tmberg's recommedation (on freenode)
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
# connect to FPM on a unix socket
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME /www/mydomain.com/public$fastcgi_script_name;
# Added to allow for larger error headers to output
fastcgi_temp_file_write_size 10m;
fastcgi_busy_buffers_size 512k;
fastcgi_buffer_size 512k;
fastcgi_buffers 16 512k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_intercept_errors on;
fastcgi_next_upstream error invalid_header timeout http_500;
}