--- includes/bootstrap.orig	2008-02-16 01:57:56.000000000 -0500
+++ includes/bootstrap.inc	2008-02-16 02:01:58.000000000 -0500
@@ -237,7 +237,8 @@ function conf_path($require_settings = T
   }
 
   $confdir = 'sites';
-  $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']);
+  $script_name = '/' . basename($_SERVER['PHP_SELF']);
+  $uri = explode('/', $script_name ? $script_name : $_SERVER['SCRIPT_FILENAME']);
   $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.')))));
   for ($i = count($uri) - 1; $i > 0; $i--) {
     for ($j = count($server); $j > 0; $j--) {
@@ -299,9 +300,7 @@ function conf_init() {
     // characters allowed in hostnames.
     $base_url = $base_root .= '://'. preg_replace('/[^a-z0-9-:._]/i', '', $_SERVER['HTTP_HOST']);
 
-    // $_SERVER['SCRIPT_NAME'] can, in contrast to $_SERVER['PHP_SELF'], not
-    // be modified by a visitor.
-    if ($dir = trim(dirname($_SERVER['SCRIPT_NAME']), '\,/')) {
+    if ($dir = trim(dirname(basename($_SERVER['PHP_SELF'])), '\,/')) {
       $base_path = "/$dir";
       $base_url .= $base_path;
       $base_path .= '/';
@@ -729,13 +728,13 @@ function request_uri() {
   }
   else {
     if (isset($_SERVER['argv'])) {
-      $uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['argv'][0];
+      $uri = '/' . basename($_SERVER['PHP_SELF']) .'?'. $_SERVER['argv'][0];
     }
     elseif (isset($_SERVER['QUERY_STRING'])) {
-      $uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['QUERY_STRING'];
+      $uri = '/' . basename($_SERVER['PHP_SELF']) .'?'. $_SERVER['QUERY_STRING'];
     }
     else {
-      $uri = $_SERVER['SCRIPT_NAME'];
+      $uri = '/' . basename($_SERVER['PHP_SELF']);
     }
   }