ID: 41628
Updated by: [EMAIL PROTECTED]
Reported By: manuel at mausz dot at
-Status: Open
+Status: Feedback
Bug Type: Apache related
Operating System: Linux
PHP Version: 4.4.7
New Comment:
I spent quite some time on a similar problem reproducible ONLY with
Apache 2.0 and it looked pretty much the same: Apache does not call the
handlers required to re-initialize the environment before processing the
request, so the environment is "inherited" from the previous request.
I really doubt it's PHP problem that Apache does not do its job
properly, but in the same time I'm not competent enough in Apache
internals, so I can't say I'm absolutely sure (just about 95%).
Your second post just confirms my conclusions.
Previous Comments:
------------------------------------------------------------------------
[2007-06-07 16:15:37] manuel at mausz dot at
As far as I have analyzed the problem is that on startup apache calls
php_create_dir to create a hashtable holding the Directory-directive
("engine on" in our case). On viewing vhost1 this hashtable will get
passed to php_merge_dir as addv- (target) parameter so php will merge
other directives into that hashtable. On viewing vhost2 the same
hashtable will get passed to php_merge_dir already containing directives
from vhost1.
------------------------------------------------------------------------
[2007-06-07 15:54:49] manuel at mausz dot at
Description:
------------
PHP ini settings leak between different vhosts under certain
circumstances. This is reproduceable on FreeBSD and Linux (Gentoo with
and without their patchset) with Apache 1.3 and PHP4 + PHP5 running as
module. It's not reproducable with Apache 2.0.
This only occurs when putting a php_flag/value setting in a
Directory-directive, which will affected two (or more) vhosts. Please
note that the directive is totally unimportant.
Reproduce code:
---------------
(1) create test files
# cat /var/www/vhost1/dir1/index.php
<pre>
<?php
echo "register_globals: " . intval(ini_get('register_globals')) .
"\n";
echo "safe_mode: " . intval(ini_get('safe_mode')) . "\n";
echo "pid: " . getmypid() . "\n";
?>
</pre>
# cat /var/www/vhost1/dir2/index.php
... same as above ...
(2) change apache settings to only fork one worker
KeepAlive Off
MinSpareServers 1
MaxSpareServers 1
StartServers 1
MaxClients 1
<Directory "/var/www/vhost1">
AllowOverride Options
php_admin_flag engine on
</Directory>
<VirtualHost *>
DocumentRoot /var/www/vhost1/dir1/
ServerName vhost1.domain.tld
php_admin_value open_basedir /var/www/vhost1/
</VirtualHost
<VirtualHost *>
DocumentRoot /var/www/vhost1/dir2/
ServerName vhost2.domain.tld
php_admin_value open_basedir /var/www/vhost1/
php_admin_value register_globals 1
</VirtualHost>
(3) open vhosts
- open vhost1
- open vhost2
- open vhost1 again
Expected result:
----------------
vhost1 (first time):
register_globals: 0
safe_mode: 0
vhost2:
register_globals: 1
safe_mode: 0
vhost1 (second time):
register_globals: 0
safe_mode: 0
Actual result:
--------------
vhost1 (first time):
register_globals: 0
safe_mode: 0
vhost2:
register_globals: 1
safe_mode: 0
vhost1 (second time):
register_globals: 1
safe_mode: 0
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=41628&edit=1
