ID: 41628 User updated by: manuel at mausz dot at Reported By: manuel at mausz dot at -Status: Feedback +Status: Open Bug Type: Apache related Operating System: Linux PHP Version: 4.4.7 New Comment:
I've found the problem quite quickly after looking at the example module shipped with apache. Patches: http://manuel.mausz.at/coding/patches/php/4.4.7/php4.4.7-apache-merge_dir.patch http://manuel.mausz.at/coding/patches/php/5.2.3/php5.2.3-apache-merge_dir.patch I think its pretty obvious what php was doing wrong here. But it's funny that the apache2 integration is correct although it's mostly the same api. Previous Comments: ------------------------------------------------------------------------ [2007-06-07 21:32:41] [EMAIL PROTECTED] I spent quite some time on a similar problem reproducible ONLY with Apache 2.0 and it looked pretty much the same: Apache does not call the handlers required to re-initialize the environment before processing the request, so the environment is "inherited" from the previous request. I really doubt it's PHP problem that Apache does not do its job properly, but in the same time I'm not competent enough in Apache internals, so I can't say I'm absolutely sure (just about 95%). Your second post just confirms my conclusions. ------------------------------------------------------------------------ [2007-06-07 16:15:37] manuel at mausz dot at As far as I have analyzed the problem is that on startup apache calls php_create_dir to create a hashtable holding the Directory-directive ("engine on" in our case). On viewing vhost1 this hashtable will get passed to php_merge_dir as addv- (target) parameter so php will merge other directives into that hashtable. On viewing vhost2 the same hashtable will get passed to php_merge_dir already containing directives from vhost1. ------------------------------------------------------------------------ [2007-06-07 15:54:49] manuel at mausz dot at Description: ------------ PHP ini settings leak between different vhosts under certain circumstances. This is reproduceable on FreeBSD and Linux (Gentoo with and without their patchset) with Apache 1.3 and PHP4 + PHP5 running as module. It's not reproducable with Apache 2.0. This only occurs when putting a php_flag/value setting in a Directory-directive, which will affected two (or more) vhosts. Please note that the directive is totally unimportant. Reproduce code: --------------- (1) create test files # cat /var/www/vhost1/dir1/index.php <pre> <?php echo "register_globals: " . intval(ini_get('register_globals')) . "\n"; echo "safe_mode: " . intval(ini_get('safe_mode')) . "\n"; echo "pid: " . getmypid() . "\n"; ?> </pre> # cat /var/www/vhost1/dir2/index.php ... same as above ... (2) change apache settings to only fork one worker KeepAlive Off MinSpareServers 1 MaxSpareServers 1 StartServers 1 MaxClients 1 <Directory "/var/www/vhost1"> AllowOverride Options php_admin_flag engine on </Directory> <VirtualHost *> DocumentRoot /var/www/vhost1/dir1/ ServerName vhost1.domain.tld php_admin_value open_basedir /var/www/vhost1/ </VirtualHost <VirtualHost *> DocumentRoot /var/www/vhost1/dir2/ ServerName vhost2.domain.tld php_admin_value open_basedir /var/www/vhost1/ php_admin_value register_globals 1 </VirtualHost> (3) open vhosts - open vhost1 - open vhost2 - open vhost1 again Expected result: ---------------- vhost1 (first time): register_globals: 0 safe_mode: 0 vhost2: register_globals: 1 safe_mode: 0 vhost1 (second time): register_globals: 0 safe_mode: 0 Actual result: -------------- vhost1 (first time): register_globals: 0 safe_mode: 0 vhost2: register_globals: 1 safe_mode: 0 vhost1 (second time): register_globals: 1 safe_mode: 0 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41628&edit=1
