skip to Main Content
<?php
if (isset($_POST["x"])){
        exit;
}
?>
<form method="post" action="./test.php">
<input type="hidden" name="x" value="D">
<input type="submit" value="X">
</form>

I use nginx and php.

When I click the button on the above code, x=D was printed on my browser.
(As you know, it is normal that nothing is printed.)

Also, I use AWS ELB(Elastic Load Balancing) proxy, so I doubted ELB first.
However, when I turned off ELB, the problem occurs too.

This is my nginx configuration file.

server {
    listen 80;

    root /var/www/html/public;
    index index.html index.htm index.php;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    server_tokens off;
    fastcgi_hide_header X-Powered-By;
    charset utf-8;

    server_name _;

    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ .php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+.php)(/.+)$;
            fastcgi_pass php:9000;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    location ~ /.(?!well-known).* {
        deny all;
    }
}

2

Answers


  1. Chosen as BEST ANSWER

    I solved this problem.

    I forget to upload php.ini.


  2. <form method="post" action="./test.php">
    

    may redirect you to another page. Try

    <form method="post">
    

    This will always send form to the same URL.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search