ID: 44801 User updated by: twm at twmacinta dot com Reported By: twm at twmacinta dot com -Status: Feedback +Status: Open Bug Type: CGI related Operating System: Red Hat Enterprise Linux ES 3 PHP Version: 5.2.5 Assigned To: fb-req-jani New Comment:
OK, that's the problem. But given that it is the problem, the test script "bug22414.phpt", which is part of "make test", is bound to fail any time safe mode is compiled in. It makes nested calls to the PHP binary with the "-n" option, which apparently causes safe mode to be turned on since it ignores the test script's custom "php.ini" in that case. So in that respect, maybe this is a bug in "bug22414.phpt"? I'd like to suggest that the manual be annotated to reflect the changing behavior of the safe mode default. Currently, http://www.php.net/manual/en/ini.php says that default value for "safe_mode" in "php.ini" is 0. There is no mention that the default changes depending on how the binary was compiled. In fact, I had assumed that the default of 0 only applied when safe mode was compiled into the binary since it would be meaningless otherwise. This page on safe mode also indicates that the safe mode features aren't applied to command line scripts. http://www.php.net/manual/en/features.safe-mode.php says "Warning: These PHP restrictions are not valid in executed binaries, of course." That's doesn't seem entirely correct given that it was affecting passthru() in the command line scripts referenced in this bug. Previous Comments: ------------------------------------------------------------------------ [2008-04-25 16:29:04] [EMAIL PROTECTED] Using --enable-safe-mode makes the default be "on". (without this configure option it defaults to "off"). And in the manual it is mentioned that: "Warning: With safe mode enabled, the command string is escaped with escapeshellcmd(). Thus, echo y | echo x becomes echo y \| echo x." The question remains: Did you really turn off safe-mode in php.ini and was it really turned off? (check with phpinfo()) ------------------------------------------------------------------------ [2008-04-24 19:48:19] twm at twmacinta dot com Aha, that set off a spark. I think I found something useful... The test script actually worked when I tried this: ./configure --disable-all --disable-cgi Then, I tried no flags at all, and it still worked: ./configure So I went through all of the flags I used originally and discovered that the problem appears when all I add is the safe-mode flag: ./configure --enable-safe-mode Here's the output: ---- Before: 'Tim'\''s Test' After: sh: line 1: /usr/local/php/bin/echo: No such file or directory ---- Note that it was looking for "echo" at a different path. When I created the directory that it was looking for and copied "echo" there, then I got the same incorrect output as before: ---- Before: 'Tim'\''s Test' After: Tim\s Test' ---- So the problem occurs when safe-mode is compiled into the executable even though I am not using safe mode when running the script. I'm using "php -n" which should avoid safe mode (right?) and my "php.ini" also turns safe mode off. I checked the other versions of PHP which I reported on earlier, and the versions which behaved incorrectly had safe mode compiled in but turned off, and those that behaved correctly did not have safe mode compiled in at all. ------------------------------------------------------------------------ [2008-04-24 18:01:39] [EMAIL PROTECTED] Can you try with this instead: # rm -f config.cache # ./configure --disable-all --disable-cgi ie. Eliminate everything but the core. :) ------------------------------------------------------------------------ [2008-04-24 17:52:47] twm at twmacinta dot com I was actually using the "-n" flag from the start, so that moving part was already eliminated. Here are my "./configure" and "make install" commands: ---- CONF_OLD_PREFIX=/usr CONF_PREFIX=/var/tmp2/php5_take2/targ CONF_SYSCONFDIR=${CONF_PREFIX}/etc CONF_BINDIR=${CONF_PREFIX}/bin ./configure \ --prefix=${CONF_PREFIX} \ --with-config-file-path=${CONF_SYSCONFDIR} \ --enable-force-cgi-redirect \ --enable-fastcgi \ --disable-debug \ --enable-pic \ --disable-rpath \ --enable-inline-optimization \ --with-bz2 \ --with-curl \ --with-dom=${CONF_PREFIX} \ --with-exec-dir=${CONF_BINDIR} \ --with-freetype-dir=${CONF_PREFIX} \ --with-png-dir=${CONF_PREFIX} \ --with-gd \ --enable-gd-native-ttf \ --with-ttf \ --with-gdbm \ --with-gettext \ --with-db4 \ --with-ncurses \ --with-gmp \ --with-iconv \ --with-jpeg-dir=${CONF_PREFIX} \ --with-mm \ --with-openssl \ --with-png \ --with-pspell \ --with-regex=system \ --with-xml \ --with-domxml \ --with-expat-dir=${CONF_PREFIX} \ --with-zlib \ --with-layout=GNU \ --enable-mcal \ --enable-bcmath \ --enable-debugger \ --enable-exif \ --enable-ftp \ --enable-magic-quotes \ --enable-safe-mode \ --enable-sockets \ --enable-sysvsem \ --enable-sysvshm \ --enable-discard-path \ --enable-track-vars \ --enable-trans-sid \ --enable-yp \ --enable-wddx \ --without-oci8 \ --with-imap=shared \ --with-mcrypt \ --with-imap-ssl \ --with-kerberos=/usr/kerberos \ --with-ldap=shared \ --with-mysql=shared,${CONF_PREFIX} \ --with-pgsql=shared \ --with-snmp=shared,${CONF_PREFIX} \ --with-snmp=shared \ --enable-net-snmp-hack \ --with-unixODBC=shared,${CONF_OLD_PREFIX} \ --enable-memory-limit \ --enable-bcmath \ --enable-shmop \ --enable-versioning \ --enable-calendar \ --enable-dbx \ --enable-dio \ --enable-mbstring \ --enable-mbstr-enc-trans make install INSTALL_ROOT=/var/tmp2/php5_take2/targ ------------------------------------------------------------------------ [2008-04-24 17:44:49] [EMAIL PROTECTED] Next obvious question is: How did you build PHP? ie. What configure line, etc. Also to eliminate every last moving parts: run the script like this: # php -n script.php ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44801 -- Edit this bug report at http://bugs.php.net/?id=44801&edit=1
