<?php
if (isset($_POST["x"])){
exit;
}
?>
<form method="post" action="./test.php">
<input type="hidden" name="x" value="D">
<input type="submit" value="X">
</form>
I use nginx and php.
When I click the button on the above code, x=D was printed on my browser. (As you know, it is normal that nothing is printed.)
Also, I use AWS ELB(Elastic Load Balancing) proxy, so I doubted ELB first. However, when I turned off ELB, the problem occurs too.
This is my nginx configuration file.
server {
listen 80;
root /var/www/html/public;
index index.html index.htm index.php;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
server_tokens off;
fastcgi_hide_header X-Powered-By;
charset utf-8;
server_name _;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /.(?!well-known).* {
deny all;
}
}
Advertisement
Answer
I solved this problem.
I forget to upload php.ini.