From 67ebb942b66cadbcf770bcb0d4f203efe177ac18 Mon Sep 17 00:00:00 2001
From: Shane Caraveo <shane@php.net>
Date: Sun, 25 May 2003 18:35:18 +0000
Subject: [PATCH] http://bugs.php.net/bug.php?id=23800 change the default for
 those who cannot this was actually done a long time ago, but got reverted
 along the way

---
 php.ini-dist        | 8 ++++++++
 php.ini-recommended | 8 ++++++++
 sapi/cgi/cgi_main.c | 2 +-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/php.ini-dist b/php.ini-dist
index 358db2aa1d..3e2958561e 100644
--- a/php.ini-dist
+++ b/php.ini-dist
@@ -444,6 +444,14 @@ enable_dl = On
 ; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
 ; cgi.redirect_status_env = ;
 
+; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
+; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
+; this to 1 will cause PHP CGI to fix it's paths to conform to the spec.  A setting
+; of zero causes PHP to behave as before.  Default is zero.  You should fix your scripts
+; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+; cgi.fix_pathinfo=0
+
 ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
 ; security tokens of the calling client.  This allows IIS to define the
 ; security context that the request runs under.  mod_fastcgi under Apache
diff --git a/php.ini-recommended b/php.ini-recommended
index 89c60df5d7..b801ea2551 100644
--- a/php.ini-recommended
+++ b/php.ini-recommended
@@ -459,6 +459,14 @@ enable_dl = On
 ; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
 ; cgi.redirect_status_env = ;
 
+; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
+; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
+; this to 1 will cause PHP CGI to fix it's paths to conform to the spec.  A setting
+; of zero causes PHP to behave as before.  Default is zero.  You should fix your scripts
+; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+; cgi.fix_pathinfo=1
+
 ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
 ; security tokens of the calling client.  This allows IIS to define the
 ; security context that the request runs under.  mod_fastcgi under Apache
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 71c3f57920..16b4b136c0 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1062,7 +1062,7 @@ consult the installation file that came with this distribution, or visit \n\
 
 #if ENABLE_PATHINFO_CHECK
 	if (cfg_get_long("cgi.fix_pathinfo", &fix_pathinfo) == FAILURE) {
-		fix_pathinfo = 1;
+		fix_pathinfo = 0;
 	}
 #endif
 
-- 
2.50.1