Note: You are currently viewing documentation for Moodle 3.1. Up-to-date documentation for the latest stable version of Moodle is probably available here: Nginx.
I've removed the lines from this page instructing users to set the php configuration parameter cgi.fix-pathinfo=0
In summary, within the context of Nginx and php-fpm the best(?) way to handle potential PATH_INFO vulnerabilities as described in those articles is to use the default behaviour of php-fpm, i.e. within,
security.limit_extensions = .php
Either way will work just fine, but this is one step less with no real down sides...