php `$_SERVER['PHP_SELF']` is empty

I have a problem with my nginx and php configuration. For some reason, $_SERVER['PHP_SELF'] is empty.

I am running:

  • Ubuntu 18.04
  • nginx (nginx version: nginx/1.14.0 (Ubuntu))
  • php (PHP 7.2.10-0ubuntu0.18.04.1)

I have no clue what may cause this issue. I've read a lot online but couldn't find any solution.

Just to see if there's more info missing, I checked what I'm getting from print_r($_SERVER); , here's what I'm getting (Censored private info...):

Array ( [USER] => www-data [HOME] => /var/www [HTTP_COOKIE] => CENSORED [HTTP_ACCEPT_LANGUAGE] => en-GB,en;q=0.9,he-IL;q=0.8,he;q=0.7,en-US;q=0.6,ru;q=0.5 [HTTP_ACCEPT_ENCODING] => gzip, deflate, br [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng, / ;q=0.8 [HTTP_USER_AGENT] => CENSORED [HTTP_UPGRADE_INSECURE_REQUESTS] => 1 [HTTP_CACHE_CONTROL] => max-age=0 [HTTP_CONNECTION] => keep-alive [HTTP_HOST] => cumta.morhaviv.com [SCRIPT_FILENAME] => /var/www/morhaviv.com/public_html/cumta/css/test.php [REDIRECT_STATUS] => 200 [SERVER_NAME] => www.cumta.morhaviv.com [SERVER_PORT] => 443 [SERVER_ADDR] => [REMOTE_PORT] => 22964 [REMOTE_ADDR] => [SERVER_SOFTWARE] => nginx/1.14.0 [GATEWAY_INTERFACE] => CGI/1.1 [HTTPS] => on [REQUEST_SCHEME] => https [SERVER_PROTOCOL] => HTTP/1.1 [DOCUMENT_ROOT] => /var/www/morhaviv.com/public_html/cumta [DOCUMENT_URI] => /css/test.php [REQUEST_URI] => /css/test.php [SCRIPT_NAME] => /css/test.p hp [CONTENT_LENGTH] => [CONTENT_TYPE] => [REQUEST_METHOD] => GET [QUERY_STRING] => [PATH_INFO] => [FCGI_ROLE] => RESPONDER [PHP_SELF] => [REQUEST_TIME_FLOAT] => 1549710420.5126 [REQUEST_TIME] => 1549710420 )

My nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;

http {
    include        fastcgi_params; 
    # Basic Settings

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # SSL Settings

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    # Logging Settings

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # Gzip Settings

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    # Virtual Host Configs

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

I'm aware that this question may lack some more info that is needed, but I really have no idea what else is important so please comment and I'll add the missing information.

Thank you for your help!

Some tutorials on installing nginx server with php, insist on changing the php.ini file's parameter cgi.fix_pathinfo , to 0.

So my solution was changing in the php.ini :

cgi.fix_pathinfo = 0 

to the default:

cgi.fix_pathinfo = 1

That's it basically.

The solution was found thank's to kenzotenma's comment on his answer, with this link: https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/

Make sure to include this line in nginx configuration file:

include fastcgi_params

Other than that, I see no reason for it to not work.

Hope it helps

Setting fix_pathinfo to 1 is a potential vulnerability. Instead add this line to nginx php_fpm section:

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

and just asign global variable manualy:

$_SERVER['PHP_SELF'] = !empty($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '/'.basename($_SERVER['SCRIPT_FILENAME']);

More info

