skip to Main Content

Say I have a block of code I would like to test like this:

<?php 
 
 require('wp-blog-header.php');
 require('wp-includes/pluggable.php');
 ..........................
 ..........................
?>

Nginx:

location ~ /internal_token { 
    fastcgi_pass   unix:/tmp/php-fpm.sock;
    fastcgi_param  SCRIPT_FILENAME  # is possible to execute php some how, without call to filename?
    include        fastcgi_params;
}

The invisible file have to be in main root directory of WordPress because use require files, I am trying to avoid creating file or symlynks.

Is there an existing solution to this problem?

Update: I building a system like WordPress toolkit of cpanel, so I will add the feature 1-Click Login

2

Answers


  1. If you had an "upstream" you could use nginx’s auth_request in order to make an additional request and retrieve data (e.g. server-side authentication token) before continuing with the primary request.

    e.g. all requests to /api trigger an auth_request to an internal location /auth/check which returns pass/fail (and optionally data that can be bundled along). If the check passes then the request continues to /api or whatever.

    Not sure that helps you and not sure that is possible with php-fpm but pretty useful for some use cases.

    Login or Signup to reply.
  2. No, it is not possible to execute random PHP code from the context of Nginx configuration.

    From the manual

    Syntax: fastcgi_param parameter value [if_not_empty];
    Default: —
    Context: http, server, location
    Sets a parameter that should be passed to the FastCGI server. The value can contain text, variables, and their combination. These directives are inherited from the previous configuration level if and only if there are no fastcgi_param directives defined on the current level.

    The following example shows the minimum required settings for PHP:

    fastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name;
    fastcgi_param QUERY_STRING $query_string;

    The appropriate / intended use of that directive is to set environment variables, not to pass arbitrary code to an arbitrary fast-cgi interpreter.

    If you want to execute a specific script, then use the SCRIPT_FILENAME parameter as described in the manual.

    I don’t think the protocol forbids such behavior, because one can send almost anything with FCGI_PARAMS, at least according to my interpretation. However, judging by this implementation the SCRIPT_FILENAME is at least a convention: PHP OOP fastcgi

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search