2

UPDATE: Mostly solved. Now it only doesn't work if in the situation where you are trying to access http://www.example.com/any-real-file-without-an-extension/anything-afterwards-that-doesnt-end-in-a-slash. I guess the server thinks that any-real-file-without-an-extension might be a directory... not sure how to fix that.

PHP defines "PATH_INFO" as a part of the URL that:

Contains any client-provided pathname information trailing the actual script filename but preceding the query string, if available. For instance, if the current script was accessed via the URL http://www.example.com/php/path_info.php/some/stuff?foo=bar, then $_SERVER['PATH_INFO'] would contain /some/stuff.

As of right now, my website treats http://example.com/ contact_us.php/ANYTEXTCANGOHERE as http://example.com/contact_us.php

In this case, /ANYTEXTCANGOHERE is PATH_INFO. I would like to make it so that either this path info is deleted up to the filename, or otherwise a 404 is returned. Is there any way that I can do that?

Here is what my .htaccess looks like now. It's pretty simple. Just a 301 redirect to www and a stripslashes at the end, as well as something to force association to files without extensions and a rewrite without extensions. I do not have server root access.

ErrorDocument 404 /404.php
ErrorDocument 503 /503.php

#Force www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^foodthing.org [NC]
RewriteRule ^(.*)$ http://www.foodthing.org/$1 [L,R=301,NC]

#get rid of trailing slashes
RewriteCond %{HTTP_HOST} ^(www.)?foodthing\.org$ [NC]
RewriteRule ^(.+)/$ http://%{HTTP_HOST}/$1 [R=301,L]

#1)externally redirect "/file.php" to "/file"   
RewriteCond %{THE_REQUEST} /([^.]+)\.php [NC]
RewriteRule ^ /%1 [NC,L,R]
#2)Internally map "/file" back to "/file.php"
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*?)/?$ /$1.php [NC,L]
MrWhite
  • 12,647
  • 4
  • 29
  • 41
Ben Yep
  • 23
  • 5

1 Answers1

1

To disable additional path information you just need to disable AcceptPathInfo in the server config (or .htaccess file). For example:

AcceptPathInfo Off

Any URL that contains path info will now trigger a 404.

MrWhite
  • 12,647
  • 4
  • 29
  • 41
  • Unfortunately, I could not get that to work. I added "AcceptPathInfo Off" above the rewrites and then closed out of chrome and completely emptied the cache folder and it is still not working. http://www.foodthing.org/index.php/dfsfdsf/adfadsfasdf is still a valid url. – Ben Yep Aug 23 '17 at 16:36
  • UPDATE: It does work, but only under these conditions: The filename has an extention (e.g. cannot be www.example.com/index/adafdsf ) OR The entire url ends in a slash.... I'm not sure WHY this is, but it is good enough for me. – Ben Yep Aug 23 '17 at 17:24
  • Hhhmm, strange, if should have worked before. (If your mod-rewrite directives are working OK then `AcceptPathInfo` should also work.) This is not dependent on the URL _ending with a slash_. However, you have something else going on now... the `.php` extension is also missing - is that intentional? Are these all static `.php` files? – MrWhite Aug 23 '17 at 17:28
  • Path info is only path info, if it follows an actual file. (By the sounds of it you might have `MutliViews` enabled? Are you rewriting to append the file extension, or is this happening "as if by magic"?) – MrWhite Aug 23 '17 at 17:30
  • multiviews IS enabled, although I am not sure if it needs to be enabled. I added new features to the htaccess (edited my post as well) so that is why things changed, I am sure... It is "done" now. I don't plan to make changes unless someone can figure out the edge case that I listed at the top of my post. – Ben Yep Aug 23 '17 at 17:35
  • `MultiViews` should not be enabled if you are manually appending file extensions with mod_rewrite, otherwise you'll like get a conflict (`MultiViews`/mod_negotiation will tack priority). – MrWhite Aug 23 '17 at 17:37
  • I tried turning off MultiViews with Options -MultiViews and nothing works... Internal server errors and 500s. Is it because of some server setting, or is my syntax wrong or something? I added it right under AcceptPathInfo off. This has happened to me previously. Any thoughts? Thanks for your help. – Ben Yep Aug 23 '17 at 17:40
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/64302/discussion-between-ben-yep-and-mrwhite). – Ben Yep Aug 23 '17 at 17:43
  • Your syntax looks OK. But if you get a 500 error then check your server's error log for the details of that error. – MrWhite Aug 24 '17 at 14:28