#25753 [Com]: php_value|flag / php_admin_* settings "leak" from vhosts/.htaccess files
ID: 25753 Comment by: dkh-php at nighttide dot net Reported By: [EMAIL PROTECTED] Status: Critical Bug Type: Apache related Operating System: * PHP Version: 4CVS, 5CVS New Comment: This appears suspiciously similar to the bug I opened in 24248, only mention it here so that it can be included at the list of related reports. Previous Comments: [2003-12-22 17:47:26] dkh-php at nighttide dot net This appears suspiciously similar to the bug I opened in 24248, only mention it here so that it can be included at the list of related reports. [2003-12-04 15:49:20] [EMAIL PROTECTED] Try the following patch: http://bb.prohost.org/ap_bug.txt [2003-10-30 09:35:44] fs at nessus dot at no thats false. this bug occours on apache 1.3.x too (tested it with 1.3.27). i think thats very essential... greetings, Florian Schicker www.nessus.at [2003-10-28 04:13:33] mattias at segerdahl dot info This bug only appears when and if you have overlapping virtualhosts in apache2. Using fqdn's that have IN A or CNAME to an ipaddress on the server seems to fix it. This is only an observation that seems to have gotten rid of the problem for me. // bad2da [2003-10-22 04:01:39] mattias at segerdahl dot info Sniper, I accidently ran into this bug a few moments ago. I talked to Derick about it in the channel and we agreed I would do some testing. There are some particular strange behaviour. I will try to explain as well as include the files needed to reproduce this error. But first let me point out one thing that I find really weird. This only occurs when the apache server has not been accessed for a while, if you reload the page directly after you've encountered this error message, it will work perfectly. The error message is: Warning: Unknown(): open_basedir restriction in effect. File(/var/www/users.bitcom.se/index.php) is not within the allowed path(s): (/var/www/www.sol.se) in Unknown on line 0 Warning: Unknown(/var/www/users.bitcom.se/index.php): failed to open stream: Operation not permitted in Unknown on line 0 Warning: (null)(): Failed opening '/var/www/users.bitcom.se/index.php' for inclusion (include_path='.:/usr/local/php//lib/php') in Unknown on line 0 My php.ini file http://www.segerdahl.info/25753/php.ini My httpd.conf file http://www.segerdahl.info/25753/httpd.conf Server version: Apache/2.0.47 Server built: Oct 20 2003 18:39:21 PHP 4.3.4RC4 configured as: './configure' '--with-apxs2=/usr/local/httpd/bin/apxs' '--enable-mbstring' '--with-pear' '--with-mysql' '--enable-magic-quotes' '--with-ftp' '--sysconfdir=/etc/php' '--with-config-file-path=/etc/php' '--prefix=/usr/local/php/' '--enable-mbstring' '--with-curl' '--enable-ftp' APACHE configured as: ./configure --sysconfdir=/etc/httpd/conf --enable-ssl --prefix=/usr/local/httpd --enable-modules=dso,most Contact me on efnet if you need more information... // bad2da The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25753 -- Edit this bug report at http://bugs.php.net/?id=25753&edit=1
#25753 [Com]: php_value|flag / php_admin_* settings "leak" from vhosts/.htaccess files
ID: 25753 Comment by: dkh-php at nighttide dot net Reported By: [EMAIL PROTECTED] Status: Critical Bug Type: Apache related Operating System: * PHP Version: 4CVS, 5CVS New Comment: This appears suspiciously similar to the bug I opened in 24248, only mention it here so that it can be included at the list of related reports. Previous Comments: [2003-12-04 15:49:20] [EMAIL PROTECTED] Try the following patch: http://bb.prohost.org/ap_bug.txt [2003-10-30 09:35:44] fs at nessus dot at no thats false. this bug occours on apache 1.3.x too (tested it with 1.3.27). i think thats very essential... greetings, Florian Schicker www.nessus.at [2003-10-28 04:13:33] mattias at segerdahl dot info This bug only appears when and if you have overlapping virtualhosts in apache2. Using fqdn's that have IN A or CNAME to an ipaddress on the server seems to fix it. This is only an observation that seems to have gotten rid of the problem for me. // bad2da [2003-10-22 04:01:39] mattias at segerdahl dot info Sniper, I accidently ran into this bug a few moments ago. I talked to Derick about it in the channel and we agreed I would do some testing. There are some particular strange behaviour. I will try to explain as well as include the files needed to reproduce this error. But first let me point out one thing that I find really weird. This only occurs when the apache server has not been accessed for a while, if you reload the page directly after you've encountered this error message, it will work perfectly. The error message is: Warning: Unknown(): open_basedir restriction in effect. File(/var/www/users.bitcom.se/index.php) is not within the allowed path(s): (/var/www/www.sol.se) in Unknown on line 0 Warning: Unknown(/var/www/users.bitcom.se/index.php): failed to open stream: Operation not permitted in Unknown on line 0 Warning: (null)(): Failed opening '/var/www/users.bitcom.se/index.php' for inclusion (include_path='.:/usr/local/php//lib/php') in Unknown on line 0 My php.ini file http://www.segerdahl.info/25753/php.ini My httpd.conf file http://www.segerdahl.info/25753/httpd.conf Server version: Apache/2.0.47 Server built: Oct 20 2003 18:39:21 PHP 4.3.4RC4 configured as: './configure' '--with-apxs2=/usr/local/httpd/bin/apxs' '--enable-mbstring' '--with-pear' '--with-mysql' '--enable-magic-quotes' '--with-ftp' '--sysconfdir=/etc/php' '--with-config-file-path=/etc/php' '--prefix=/usr/local/php/' '--enable-mbstring' '--with-curl' '--enable-ftp' APACHE configured as: ./configure --sysconfdir=/etc/httpd/conf --enable-ssl --prefix=/usr/local/httpd --enable-modules=dso,most Contact me on efnet if you need more information... // bad2da [2003-10-04 18:58:16] [EMAIL PROTECTED] We do not know what causes this bug or how it can be reliably reproduced. If you know exactly HOW this can be reproduced, add the information here. Any other comments will be deleted. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25753 -- Edit this bug report at http://bugs.php.net/?id=25753&edit=1
#24248 [Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net Status: Open -Bug Type: Apache2 related +Bug Type: PHP options/info functions Operating System: multiple -PHP Version: 4.3.3RC2-dev/4.3.4/5.0.0b1 +PHP Version: 4.3.3RC2-dev/4.3.4/5.0.0b1/5.0.0b3 New Comment: This is also a problem with 5.0.0b3. One new item, I notice that the include path is also not being reset in these instances. The local value sticks. This is not a problem for things like magic_quotes_gps wich only effects the correct local value. Previous Comments: [2003-12-22 16:17:47] dkh-php at nighttide dot net 4.3.4 with Apach 2.0.48 on FreeBSD 4.9-STABLE still seeing this problem. Default php.ini files. htaccess files described previously. I've seen a number of comments regarding this problem now coming from Linux users as well. php config info below: CPPFLAGS="-I/usr/local/include/pth" \ ./configure \ --prefix=/usr/local/php \ --with-apxs2=/usr/local/apache2/bin/apxs \ --with-mysql=/usr/local/mysql \ --with-tsrm-pth=/usr/local/lib/pth \ --with-zlib \ --with-bz2 \ --with-openssl \ --with-pspell \ --with-curl \ --with-gdbm \ --with-ndbm \ --with-gettext \ --with-mcrypt \ --with-pear \ --with-gd \ --enable-magic-quotes \ --enable-bcmath \ --enable-ftp \ --enable-memory-limit \ --enable-dba \ --with-flatfile \ --with-mime-magic \ --with-ncurses \ --with-exif \ --with-dom \ --with-dom-xslt \ --with-dom-exslt \ --with-freetype-dir=/usr/local/lib \ --enable-gd-native-ttf \ --with-wddx [2003-09-22 14:45:38] ian at MrZesty dot net I am also noticing that an auto_append_file (tried from both a .htaccess and inside an Apache virtualhost) occasionally appears appended to some pages (both PHP and static HTML pages, 3 different virtualhost domains - 1 seems to affect the other 2). Apache 2.0.47 (with both mpm worker and mpm prefork): "./configure" \ "--disable-asis" \ "--disable-imap" \ "--enable-so" \ "--enable-rewrite" \ "--enable-deflate" \ "--enable-ssl" \ "--enable-proxy" \ "--enable-cache" \ "--enable-mem-cache" PHP 4.3.3 './configure' \ '--with-apxs2=/usr/local/apache2/bin/apxs' \ '--disable-debug' \ '--enable-inline-optimization' \ '--with-openssl' \ '--with-zlib' \ '--with-bz2' \ '--with-ldap' \ '--with-imap' \ '--enable-trans-sid' \ '--with-gd' \ '--with-jpeg-dir' \ '--with-png-dir' \ '--with-gettext' \ '--with-mhash' \ '--with-mysql=/usr/local/mysql' \ '--with-pdflib' \ '--with-pgsql' \ '--enable-memory-limit' \ '--with-curl' \ '--with-xml' \ '--with-mcrypt' Unfortunately I cannot reliably duplicate the problem either. It happened with Apache 2.0.46 and PHP 4.3.2 as well. My machine is running TurboLinux 7. glibc 2.2.4 gcc 2.95.3 i. [2003-08-21 00:00:07] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. [2003-08-15 21:41:27] [EMAIL PROTECTED] Oh, my bad. We can't really do anything about this unless we can reproduce this ourselves so you need to provide us all the necessary information how to do it. So you need to create shortest possible httpd.conf, php.ini, .htaccess, etc. which we can then use to setup our own test environment. [2003-08-15 21:37:01] dkh-php at nighttide dot net Ah, responded to that in our 11 Jul exchange hence my confussion. ./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-ssl The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24248 -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [NoF->Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net -Status: No Feedback +Status: Open Bug Type: Apache2 related -Operating System: FreeBSD 4.8-STABLE +Operating System: multiple -PHP Version: 4.3.3RC2-dev/5.0.0b1 +PHP Version: 4.3.3RC2-dev/4.3.4/5.0.0b1 New Comment: 4.3.4 with Apach 2.0.48 on FreeBSD 4.9-STABLE still seeing this problem. Default php.ini files. htaccess files described previously. I've seen a number of comments regarding this problem now coming from Linux users as well. php config info below: CPPFLAGS="-I/usr/local/include/pth" \ ./configure \ --prefix=/usr/local/php \ --with-apxs2=/usr/local/apache2/bin/apxs \ --with-mysql=/usr/local/mysql \ --with-tsrm-pth=/usr/local/lib/pth \ --with-zlib \ --with-bz2 \ --with-openssl \ --with-pspell \ --with-curl \ --with-gdbm \ --with-ndbm \ --with-gettext \ --with-mcrypt \ --with-pear \ --with-gd \ --enable-magic-quotes \ --enable-bcmath \ --enable-ftp \ --enable-memory-limit \ --enable-dba \ --with-flatfile \ --with-mime-magic \ --with-ncurses \ --with-exif \ --with-dom \ --with-dom-xslt \ --with-dom-exslt \ --with-freetype-dir=/usr/local/lib \ --enable-gd-native-ttf \ --with-wddx Previous Comments: [2003-09-22 14:45:38] ian at MrZesty dot net I am also noticing that an auto_append_file (tried from both a .htaccess and inside an Apache virtualhost) occasionally appears appended to some pages (both PHP and static HTML pages, 3 different virtualhost domains - 1 seems to affect the other 2). Apache 2.0.47 (with both mpm worker and mpm prefork): "./configure" \ "--disable-asis" \ "--disable-imap" \ "--enable-so" \ "--enable-rewrite" \ "--enable-deflate" \ "--enable-ssl" \ "--enable-proxy" \ "--enable-cache" \ "--enable-mem-cache" PHP 4.3.3 './configure' \ '--with-apxs2=/usr/local/apache2/bin/apxs' \ '--disable-debug' \ '--enable-inline-optimization' \ '--with-openssl' \ '--with-zlib' \ '--with-bz2' \ '--with-ldap' \ '--with-imap' \ '--enable-trans-sid' \ '--with-gd' \ '--with-jpeg-dir' \ '--with-png-dir' \ '--with-gettext' \ '--with-mhash' \ '--with-mysql=/usr/local/mysql' \ '--with-pdflib' \ '--with-pgsql' \ '--enable-memory-limit' \ '--with-curl' \ '--with-xml' \ '--with-mcrypt' Unfortunately I cannot reliably duplicate the problem either. It happened with Apache 2.0.46 and PHP 4.3.2 as well. My machine is running TurboLinux 7. glibc 2.2.4 gcc 2.95.3 i. [2003-08-21 00:00:07] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. [2003-08-15 21:41:27] [EMAIL PROTECTED] Oh, my bad. We can't really do anything about this unless we can reproduce this ourselves so you need to provide us all the necessary information how to do it. So you need to create shortest possible httpd.conf, php.ini, .htaccess, etc. which we can then use to setup our own test environment. [2003-08-15 21:37:01] dkh-php at nighttide dot net Ah, responded to that in our 11 Jul exchange hence my confussion. ./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-ssl [2003-08-15 21:29:10] [EMAIL PROTECTED] I wanted to know what was the configure line used to configure Apache2 before running 'make'.. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24248 -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [Fbk->Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.8-STABLE PHP Version: 4.3.3RC2-dev/5.0.0b1 New Comment: Ah, responded to that in our 11 Jul exchange hence my confussion. ./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-ssl Previous Comments: [2003-08-15 21:29:10] [EMAIL PROTECTED] I wanted to know what was the configure line used to configure Apache2 before running 'make'.. [2003-08-15 21:15:12] dkh-php at nighttide dot net Do you want the whole configuration file? Its a pretty standard configuration. Regular host and a couple of virtual hosts. Lines directly relevent to php: LoadModule php4_module modules/libphp4.so DirectoryIndex index.html index.php index.shtml index.html.var AddType application/x-httpd-php .php ErrorDocument lines all pointing to /errors.php [2003-08-14 01:16:32] [EMAIL PROTECTED] How was Apache2 configured? [2003-07-16 22:17:29] dkh-php at nighttide dot net One further note. If an .htaccess file redefines the auto_prepend_file and auto_append_file variables in the second page things work as expected. [2003-07-16 22:13:28] dkh-php at nighttide dot net Ok, got time to try this tonight. Installed latest stable release of apache (2.0.47) and php4-STABLE-200307170130. Same problem. For some reason the .htaccess overrides in the first directory are sticking accross invocations. Not sure about the achitecture of the code but it sure looks the php module isn't reseting its values between transactions. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24248 -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [Fbk->Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.8-STABLE PHP Version: 4.3.3RC2-dev/5.0.0b1 New Comment: Do you want the whole configuration file? Its a pretty standard configuration. Regular host and a couple of virtual hosts. Lines directly relevent to php: LoadModule php4_module modules/libphp4.so DirectoryIndex index.html index.php index.shtml index.html.var AddType application/x-httpd-php .php ErrorDocument lines all pointing to /errors.php Previous Comments: [2003-08-14 01:16:32] [EMAIL PROTECTED] How was Apache2 configured? [2003-07-16 22:17:29] dkh-php at nighttide dot net One further note. If an .htaccess file redefines the auto_prepend_file and auto_append_file variables in the second page things work as expected. [2003-07-16 22:13:28] dkh-php at nighttide dot net Ok, got time to try this tonight. Installed latest stable release of apache (2.0.47) and php4-STABLE-200307170130. Same problem. For some reason the .htaccess overrides in the first directory are sticking accross invocations. Not sure about the achitecture of the code but it sure looks the php module isn't reseting its values between transactions. [2003-07-11 10:53:18] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip And maybe the latest Apache2 version too. (2.0.47 or higher) [2003-07-11 08:49:27] dkh-php at nighttide dot net ./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-ssl The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24248 -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.8-STABLE PHP Version: 4.3.2/5.0.0b1/4.3.3RC2-dev New Comment: One further note. If an .htaccess file redefines the auto_prepend_file and auto_append_file variables in the second page things work as expected. Previous Comments: [2003-07-16 22:13:28] dkh-php at nighttide dot net Ok, got time to try this tonight. Installed latest stable release of apache (2.0.47) and php4-STABLE-200307170130. Same problem. For some reason the .htaccess overrides in the first directory are sticking accross invocations. Not sure about the achitecture of the code but it sure looks the php module isn't reseting its values between transactions. [2003-07-11 10:53:18] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip And maybe the latest Apache2 version too. (2.0.47 or higher) [2003-07-11 08:49:27] dkh-php at nighttide dot net ./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-ssl [2003-07-11 00:07:05] [EMAIL PROTECTED] What was the configure line used to configure Apache2? [2003-06-18 21:57:07] dkh-php at nighttide dot net It does not happen with Apache 1.3.27. Though the versions I have installed are not completely congruent (no ssl in the older version for instance. I have not been able to recreate the problem with Apache2 and the same version of PHP on a FreeBSD 4.8-RC install (slightly older source). Will update both systems to the most current STABLE release and see if the behavior occurs on both. The behavior is consistant. Load the first page then load the second page (lightly loaded server so the requests are sequential with nothing intervening) and you get the problem. Reloading the second page a couple of times will see the same result but after that the second page loads as it should. Have tried compiling php without pth threads to no effect. The outward appearance is that the php var overides are not being cleared between page requests. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24248 -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [Fbk->Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.8-STABLE -PHP Version: 4.3.2/5.0.0b1 +PHP Version: 4.3.2/5.0.0b1/4.3.3RC2-dev New Comment: Ok, got time to try this tonight. Installed latest stable release of apache (2.0.47) and php4-STABLE-200307170130. Same problem. For some reason the .htaccess overrides in the first directory are sticking accross invocations. Not sure about the achitecture of the code but it sure looks the php module isn't reseting its values between transactions. Previous Comments: [2003-07-11 10:53:18] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip And maybe the latest Apache2 version too. (2.0.47 or higher) [2003-07-11 08:49:27] dkh-php at nighttide dot net ./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-ssl [2003-07-11 00:07:05] [EMAIL PROTECTED] What was the configure line used to configure Apache2? [2003-06-18 21:57:07] dkh-php at nighttide dot net It does not happen with Apache 1.3.27. Though the versions I have installed are not completely congruent (no ssl in the older version for instance. I have not been able to recreate the problem with Apache2 and the same version of PHP on a FreeBSD 4.8-RC install (slightly older source). Will update both systems to the most current STABLE release and see if the behavior occurs on both. The behavior is consistant. Load the first page then load the second page (lightly loaded server so the requests are sequential with nothing intervening) and you get the problem. Reloading the second page a couple of times will see the same result but after that the second page loads as it should. Have tried compiling php without pth threads to no effect. The outward appearance is that the php var overides are not being cleared between page requests. [2003-06-18 18:20:04] [EMAIL PROTECTED] Apache2 is not really ready for production. Could you please test and see if this happens with Apache 1.3.27 ? And does this happen randomly or..? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24248 -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [Fbk->Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.8-STABLE PHP Version: 4.3.2/5.0.0b1 New Comment: ./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-ssl Previous Comments: [2003-07-11 00:07:05] [EMAIL PROTECTED] What was the configure line used to configure Apache2? [2003-06-18 21:57:07] dkh-php at nighttide dot net It does not happen with Apache 1.3.27. Though the versions I have installed are not completely congruent (no ssl in the older version for instance. I have not been able to recreate the problem with Apache2 and the same version of PHP on a FreeBSD 4.8-RC install (slightly older source). Will update both systems to the most current STABLE release and see if the behavior occurs on both. The behavior is consistant. Load the first page then load the second page (lightly loaded server so the requests are sequential with nothing intervening) and you get the problem. Reloading the second page a couple of times will see the same result but after that the second page loads as it should. Have tried compiling php without pth threads to no effect. The outward appearance is that the php var overides are not being cleared between page requests. [2003-06-18 18:20:04] [EMAIL PROTECTED] Apache2 is not really ready for production. Could you please test and see if this happens with Apache 1.3.27 ? And does this happen randomly or..? [2003-06-18 16:10:40] dkh-php at nighttide dot net Description: FreeBSD 4.8-STABLE Apache 2.0.46 PHP 4.3.2 PHP being used as module. User 1 creates an .htaccess file in their dir at /home/user1/WWW/sub/.htaccess. This file contains php var overides for auto_prepend_file, auto_append_file, include_path etc. User 2 has a simple index.php file - html tag, body tag, single text line followed by a php invocation of phpinfo (happens with other pages as well) then closing tags. No .htaccess file here. User 1 stuff in /home/user1/WWW/sub/index.php works as expected User 2 stuff in /home/user2/WWW/index.php, if loaded immediately after /home/user1/WWW/sub/index.php will see User 1's auto_prepend_file and auto_append_file. The local values from the phpinfo invocation shows User 2's overrides. Appears as if the apache session (or thread?) that serviced the first request, doesn't clear out the local overrides before handling a new request. Potentially dangerous. -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.8-STABLE -PHP Version: 4.3.2 +PHP Version: 4.3.2/5.0.0b1 New Comment: Same problem with php5.0.0b1 Previous Comments: [2003-06-18 21:57:07] dkh-php at nighttide dot net It does not happen with Apache 1.3.27. Though the versions I have installed are not completely congruent (no ssl in the older version for instance. I have not been able to recreate the problem with Apache2 and the same version of PHP on a FreeBSD 4.8-RC install (slightly older source). Will update both systems to the most current STABLE release and see if the behavior occurs on both. The behavior is consistant. Load the first page then load the second page (lightly loaded server so the requests are sequential with nothing intervening) and you get the problem. Reloading the second page a couple of times will see the same result but after that the second page loads as it should. Have tried compiling php without pth threads to no effect. The outward appearance is that the php var overides are not being cleared between page requests. [2003-06-18 18:20:04] [EMAIL PROTECTED] Apache2 is not really ready for production. Could you please test and see if this happens with Apache 1.3.27 ? And does this happen randomly or..? [2003-06-18 16:10:40] dkh-php at nighttide dot net Description: FreeBSD 4.8-STABLE Apache 2.0.46 PHP 4.3.2 PHP being used as module. User 1 creates an .htaccess file in their dir at /home/user1/WWW/sub/.htaccess. This file contains php var overides for auto_prepend_file, auto_append_file, include_path etc. User 2 has a simple index.php file - html tag, body tag, single text line followed by a php invocation of phpinfo (happens with other pages as well) then closing tags. No .htaccess file here. User 1 stuff in /home/user1/WWW/sub/index.php works as expected User 2 stuff in /home/user2/WWW/index.php, if loaded immediately after /home/user1/WWW/sub/index.php will see User 1's auto_prepend_file and auto_append_file. The local values from the phpinfo invocation shows User 2's overrides. Appears as if the apache session (or thread?) that serviced the first request, doesn't clear out the local overrides before handling a new request. Potentially dangerous. -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [Fbk->Opn]: .htaccess php var overides not being cleared between page requests
ID: 24248 User updated by: dkh-php at nighttide dot net Reported By: dkh-php at nighttide dot net -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.8-STABLE PHP Version: 4.3.2 New Comment: It does not happen with Apache 1.3.27. Though the versions I have installed are not completely congruent (no ssl in the older version for instance. I have not been able to recreate the problem with Apache2 and the same version of PHP on a FreeBSD 4.8-RC install (slightly older source). Will update both systems to the most current STABLE release and see if the behavior occurs on both. The behavior is consistant. Load the first page then load the second page (lightly loaded server so the requests are sequential with nothing intervening) and you get the problem. Reloading the second page a couple of times will see the same result but after that the second page loads as it should. Have tried compiling php without pth threads to no effect. The outward appearance is that the php var overides are not being cleared between page requests. Previous Comments: [2003-06-18 18:20:04] [EMAIL PROTECTED] Apache2 is not really ready for production. Could you please test and see if this happens with Apache 1.3.27 ? And does this happen randomly or..? [2003-06-18 16:10:40] dkh-php at nighttide dot net Description: FreeBSD 4.8-STABLE Apache 2.0.46 PHP 4.3.2 PHP being used as module. User 1 creates an .htaccess file in their dir at /home/user1/WWW/sub/.htaccess. This file contains php var overides for auto_prepend_file, auto_append_file, include_path etc. User 2 has a simple index.php file - html tag, body tag, single text line followed by a php invocation of phpinfo (happens with other pages as well) then closing tags. No .htaccess file here. User 1 stuff in /home/user1/WWW/sub/index.php works as expected User 2 stuff in /home/user2/WWW/index.php, if loaded immediately after /home/user1/WWW/sub/index.php will see User 1's auto_prepend_file and auto_append_file. The local values from the phpinfo invocation shows User 2's overrides. Appears as if the apache session (or thread?) that serviced the first request, doesn't clear out the local overrides before handling a new request. Potentially dangerous. -- Edit this bug report at http://bugs.php.net/?id=24248&edit=1
#24248 [NEW]: .htaccess php var overides not being cleared between page requests
From: dkh-php at nighttide dot net Operating system: FreeBSD 4.8-STABLE PHP version: 4.3.2 PHP Bug Type: *Web Server problem Bug description: .htaccess php var overides not being cleared between page requests Description: FreeBSD 4.8-STABLE Apache 2.0.46 PHP 4.3.2 PHP being used as module. User 1 creates an .htaccess file in their dir at /home/user1/WWW/sub/.htaccess. This file contains php var overides for auto_prepend_file, auto_append_file, include_path etc. User 2 has a simple index.php file - html tag, body tag, single text line followed by a php invocation of phpinfo (happens with other pages as well) then closing tags. No .htaccess file here. User 1 stuff in /home/user1/WWW/sub/index.php works as expected User 2 stuff in /home/user2/WWW/index.php, if loaded immediately after /home/user1/WWW/sub/index.php will see User 1's auto_prepend_file and auto_append_file. The local values from the phpinfo invocation shows User 2's overrides. Appears as if the apache session (or thread?) that serviced the first request, doesn't clear out the local overrides before handling a new request. Potentially dangerous. -- Edit bug report at http://bugs.php.net/?id=24248&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=24248&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=24248&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=24248&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=24248&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=24248&r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=24248&r=support Expected behavior: http://bugs.php.net/fix.php?id=24248&r=notwrong Not enough info:http://bugs.php.net/fix.php?id=24248&r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=24248&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=24248&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24248&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=24248&r=dst IIS Stability: http://bugs.php.net/fix.php?id=24248&r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=24248&r=gnused