Say I have a block of code I would like to test like this:
<?php
require('wp-blog-header.php');
require('wp-includes/pluggable.php');
..........................
..........................
?>
Nginx:
location ~ /internal_token {
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME # is possible to execute php some how, without call to filename?
include fastcgi_params;
}
The invisible file have to be in main root directory of WordPress because use require files, I am trying to avoid creating file or symlynks.
Is there an existing solution to this problem?
Update: I building a system like WordPress toolkit of cpanel, so I will add the feature 1-Click Login
CodePudding user response:
No, it is not possible to execute random PHP code from the context of Nginx configuration.
Syntax: fastcgi_param parameter value [if_not_empty]; Default: — Context: http, server, location Sets a parameter that should be passed to the FastCGI server. The value can contain text, variables, and their combination. These directives are inherited from the previous configuration level if and only if there are no fastcgi_param directives defined on the current level.
The following example shows the minimum required settings for PHP:
fastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string;
The appropriate / intended use of that directive is to set environment variables, not to pass arbitrary code to an arbitrary fast-cgi interpreter.
If you want to execute a specific script, then use the SCRIPT_FILENAME parameter as described in the manual.
I don't think the protocol forbids such behavior, because one can send almost anything with FCGI_PARAMS, at least according to my interpretation. However, judging by this implementation the SCRIPT_FILENAME is at least a convention: PHP OOP fastcgi
CodePudding user response:
If you had an "upstream" you could use nginx's auth_request
in order to make an additional request and retrieve data (e.g. server-side authentication token) before continuing with the primary request.
e.g. all requests to /api
trigger an auth_request
to an internal location /auth/check
which returns pass/fail (and optionally data that can be bundled along). If the check passes then the request continues to /api
or whatever.
Not sure that helps you and not sure that is possible with php-fpm
but pretty useful for some use cases.