ID: 44801
User updated by: twm at twmacinta dot com
Reported By: twm at twmacinta dot com
-Status: Feedback
+Status: Open
Bug Type: CGI related
Operating System: Red Hat Enterprise Linux ES 3
PHP Version: 5.2.5
Assigned To: fb-req-jani
New Comment:
Aha, that set off a spark. I think I found something useful...
The test script actually worked when I tried this:
./configure --disable-all --disable-cgi
Then, I tried no flags at all, and it still worked:
./configure
So I went through all of the flags I used originally and discovered
that the problem appears when all I add is the safe-mode flag:
./configure --enable-safe-mode
Here's the output:
----
Before: 'Tim'\''s Test'
After: sh: line 1: /usr/local/php/bin/echo: No such file or directory
----
Note that it was looking for "echo" at a different path. When I
created the directory that it was looking for and copied "echo" there,
then I got the same incorrect output as before:
----
Before: 'Tim'\''s Test'
After: Tim\s Test'
----
So the problem occurs when safe-mode is compiled into the executable
even though I am not using safe mode when running the script. I'm using
"php -n" which should avoid safe mode (right?) and my "php.ini" also
turns safe mode off. I checked the other versions of PHP which I
reported on earlier, and the versions which behaved incorrectly had safe
mode compiled in but turned off, and those that behaved correctly did
not have safe mode compiled in at all.
Previous Comments:
------------------------------------------------------------------------
[2008-04-24 18:01:39] [EMAIL PROTECTED]
Can you try with this instead:
# rm -f config.cache
# ./configure --disable-all --disable-cgi
ie. Eliminate everything but the core. :)
------------------------------------------------------------------------
[2008-04-24 17:52:47] twm at twmacinta dot com
I was actually using the "-n" flag from the start, so that moving part
was already eliminated.
Here are my "./configure" and "make install" commands:
----
CONF_OLD_PREFIX=/usr
CONF_PREFIX=/var/tmp2/php5_take2/targ
CONF_SYSCONFDIR=${CONF_PREFIX}/etc
CONF_BINDIR=${CONF_PREFIX}/bin
./configure \
--prefix=${CONF_PREFIX} \
--with-config-file-path=${CONF_SYSCONFDIR} \
--enable-force-cgi-redirect \
--enable-fastcgi \
--disable-debug \
--enable-pic \
--disable-rpath \
--enable-inline-optimization \
--with-bz2 \
--with-curl \
--with-dom=${CONF_PREFIX} \
--with-exec-dir=${CONF_BINDIR} \
--with-freetype-dir=${CONF_PREFIX} \
--with-png-dir=${CONF_PREFIX} \
--with-gd \
--enable-gd-native-ttf \
--with-ttf \
--with-gdbm \
--with-gettext \
--with-db4 \
--with-ncurses \
--with-gmp \
--with-iconv \
--with-jpeg-dir=${CONF_PREFIX} \
--with-mm \
--with-openssl \
--with-png \
--with-pspell \
--with-regex=system \
--with-xml \
--with-domxml \
--with-expat-dir=${CONF_PREFIX} \
--with-zlib \
--with-layout=GNU \
--enable-mcal \
--enable-bcmath \
--enable-debugger \
--enable-exif \
--enable-ftp \
--enable-magic-quotes \
--enable-safe-mode \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-discard-path \
--enable-track-vars \
--enable-trans-sid \
--enable-yp \
--enable-wddx \
--without-oci8 \
--with-imap=shared \
--with-mcrypt \
--with-imap-ssl \
--with-kerberos=/usr/kerberos \
--with-ldap=shared \
--with-mysql=shared,${CONF_PREFIX} \
--with-pgsql=shared \
--with-snmp=shared,${CONF_PREFIX} \
--with-snmp=shared \
--enable-net-snmp-hack \
--with-unixODBC=shared,${CONF_OLD_PREFIX} \
--enable-memory-limit \
--enable-bcmath \
--enable-shmop \
--enable-versioning \
--enable-calendar \
--enable-dbx \
--enable-dio \
--enable-mbstring \
--enable-mbstr-enc-trans
make install INSTALL_ROOT=/var/tmp2/php5_take2/targ
------------------------------------------------------------------------
[2008-04-24 17:44:49] [EMAIL PROTECTED]
Next obvious question is: How did you build PHP? ie. What configure
line, etc. Also to eliminate every last moving parts: run the script
like this:
# php -n script.php
------------------------------------------------------------------------
[2008-04-24 17:23:47] twm at twmacinta dot com
Good idea. I modified my test script as suggested. Here's the output
on RHEL3 with the CVS snapshot php5.2-20080423123:
----
Before: 'Tim'\''s Test'
After: sh: line 1: /var/tmp2/php5_take2/targ/bin/Tim\s: No such file or
directory
----
In case you're wondering about the path, I set "./configure --prefix"
to "/var/tmp2/php5_take2/targ" so that I could install it there and test
it before overwriting my old PHP 4 installation. PHP 4 on the same
machine gives the same output as above, except that it's the usual
"/usr/bin/" path.
For comparison, here's the output on my other RHEL3 server which has
the latest, default version of PHP 4.3 from Red Hat:
----
Before: 'Tim'\''s Test'
After: sh: line 1: /usr/bin/'Tim'\''s: No such file or directory
----
I also ran the revised test on Mac OS X 10.5, which has PHP 5.2.5, to
get what is the correct output (i.e., what you got):
----
Before: 'Tim'\''s Test'
After: sh: Tim's Test: command not found
----
------------------------------------------------------------------------
[2008-04-24 11:09:06] [EMAIL PROTECTED]
]$ php t.php
Before: 'Tim'\''s Test'
After: Tim's Test
So it works fine using latest CVS (for me).
You're using /bin/echo there, what if you simply do this:
<?php
header("Content-Type: text/plain");
$textEscaped = escapeshellarg("Tim's Test");
print("Before: {$textEscaped}\n");
print("After: ");
passthru($textEscaped);
?>
That would eliminate one "moving part" here..
Just check the resulting error message what it has. :)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/44801
--
Edit this bug report at http://bugs.php.net/?id=44801&edit=1
