ID: 25753 Comment by: joris at ideeel dot nl Reported By: [EMAIL PROTECTED] Status: Critical Bug Type: Apache related Operating System: * PHP Version: 4CVS, 5CVS New Comment:
We experience this problem, but different PHP programs are differently susceptible to it problem: extra slashes before quotation marks (\" instead of ") vulnerable: PHPsysinfo & PHPnuke not vulnerable: Squirrelmail, phpBB, phpMyAdmin Tested on RH73 standard setup. joris Previous Comments: ------------------------------------------------------------------------ [2003-11-28 10:07:31] blitzer at cutery dot fi A workaround I did seems to work until this is fixed: make php.ini automatically prepend a .php file that will reload the variables from the .ini file. ------------------------------------------------------------------------ [2003-11-08 12:38:07] simon at implix dot com We have a similar problem. We've got overlapping virtualhosts (as they are required for one of our application) and sometimes PHP returns register_globals = Off, even though = On is set in php.ini. We are using php 4.3.4 + apache 2.0.48. The problem doesn't exist when we use php 4.3.1. ------------------------------------------------------------------------ [2003-10-30 09:35:44] fs at nessus dot at no thats false. this bug occours on apache 1.3.x too (tested it with 1.3.27). i think thats very essential... greetings, Florian Schicker www.nessus.at ------------------------------------------------------------------------ [2003-10-28 04:13:33] mattias at segerdahl dot info This bug only appears when and if you have overlapping virtualhosts in apache2. Using fqdn's that have IN A or CNAME to an ipaddress on the server seems to fix it. This is only an observation that seems to have gotten rid of the problem for me. // bad2da ------------------------------------------------------------------------ [2003-10-22 04:01:39] mattias at segerdahl dot info Sniper, I accidently ran into this bug a few moments ago. I talked to Derick about it in the channel and we agreed I would do some testing. There are some particular strange behaviour. I will try to explain as well as include the files needed to reproduce this error. But first let me point out one thing that I find really weird. This only occurs when the apache server has not been accessed for a while, if you reload the page directly after you've encountered this error message, it will work perfectly. The error message is: Warning: Unknown(): open_basedir restriction in effect. File(/var/www/users.bitcom.se/index.php) is not within the allowed path(s): (/var/www/www.sol.se) in Unknown on line 0 Warning: Unknown(/var/www/users.bitcom.se/index.php): failed to open stream: Operation not permitted in Unknown on line 0 Warning: (null)(): Failed opening '/var/www/users.bitcom.se/index.php' for inclusion (include_path='.:/usr/local/php//lib/php') in Unknown on line 0 My php.ini file http://www.segerdahl.info/25753/php.ini My httpd.conf file http://www.segerdahl.info/25753/httpd.conf Server version: Apache/2.0.47 Server built: Oct 20 2003 18:39:21 PHP 4.3.4RC4 configured as: './configure' '--with-apxs2=/usr/local/httpd/bin/apxs' '--enable-mbstring' '--with-pear' '--with-mysql' '--enable-magic-quotes' '--with-ftp' '--sysconfdir=/etc/php' '--with-config-file-path=/etc/php' '--prefix=/usr/local/php/' '--enable-mbstring' '--with-curl' '--enable-ftp' APACHE configured as: ./configure --sysconfdir=/etc/httpd/conf --enable-ssl --prefix=/usr/local/httpd --enable-modules=dso,most Contact me on efnet if you need more information... // bad2da ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25753 -- Edit this bug report at http://bugs.php.net/?id=25753&edit=1
