nginx PATH_INFO的配置可能会暴露出来的问题

防止1.png/2.php这种路由会执行1.png中的代码(1.png是代码文件，只是改了后缀)。
备注:2016/2/23 真的是执行1.png里面的php代码啊

看了张宴大神的博客，配置如下

if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
http://www.jb51.net/article/54198.htm
http://zhidao.baidu.com/link?url=EHG-aC6_xBtJ-zMwokI1J87lBRSJYF3dl6YUslRrT0PmQ0CeBB5wShdaLTQfaHtvAzdoAg7wSLZdxgflWmPYI35TNaF5aCpmRchfh8tHVqC
http://www.nginx.cn/426.html
http://www.smzdy.com/nginx-kai-qi-pathinfo-di-ling-yi-zhong-xie-fa-yi-jing-yong.html
http://www.thinkphp.cn/topic/3228.html
http://www.php100.com/html/program/nginx/2013/0905/5500.html
http://blog.csdn.net/sean_cd/article/details/7365216
http://www.54chen.com/php-tech/nginx-php-cgi-of-security-hole.html
http://waiting.iteye.com/blog/1202216
http://www.80sec.com/nginx-securit.html
http://zyan.cc/nginx_0day/
https://bugs.php.net/bug.php?id=50852&edit=1
https://www.baidu.com/baidu?wd=nginx+%21-e&tn=monline_dg
http://zhidao.baidu.com/link?url=ImO-yQDPt79xDL56e_418h_NcUUSh2B4bnW5EBudccMcACDvCLsscYjG7i_KV0rwDiiROoOwY5AZbN5sw1yEla