Bug #47968 [Com]: id3_get_tag memory problem
Edit report at https://bugs.php.net/bug.php?id=47968edit=1 ID: 47968 Comment by: wenhaoz at qq dot com Reported by:lax4mike at gmail dot com Summary:id3_get_tag memory problem Status: Bogus Type: Bug Package:Reproducible crash Operating System: Windows PHP Version:5.2.9 Block user comment: N Private report: N New Comment: It has no business to do with memory. Previous Comments: [2009-04-14 17:49:04] paj...@php.net Not a bug, (increase your memory limit). Also this extension is in pecl, please report further issues in pecl.php.net. [2009-04-14 17:27:18] lax4mike at gmail dot com Description: There seems to be a problem with id3_get_tag with mp3's that contain album art images. I seem to get the following error only on those mp3's: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 1852404086 bytes) Reproduce code: --- $tag = id3_get_tag(mp3-with-album-art-image.mp3); Actual result: -- Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 1852404086 bytes) -- Edit this bug report at https://bugs.php.net/bug.php?id=47968edit=1
[PHP-BUG] Bug #55438 [NEW]: race condition: curlwapper is not sending http header randomly
From: Operating system: gentoo PHP version: 5.3.6 Package: cURL related Bug Type: Bug Bug description:race condition: curlwapper is not sending http header randomly Description: background: php is configured with curl wrapper, which make file_get_contents use curl. i haven't tested with calling curl functions directly php unset curl header too soon before curl make the request expected order: set header, build and send request. unset header actual order 1: set header, build and send request. unset header (good) actual order 2: set header, unset header, build and send request (bad) send request comes after php unset header curl behavior randomly, by sending request before or after php unset the header Test script: --- #!/usr/lib/php5.3/bin/php ?php for (;;) { $username = 'test1'; $password = mt_rand(0, 9) . ''; $authUrl = http://localhost/;; $context = stream_context_create(array( 'http' = array( 'header' = Authorization: Basic . base64_encode($username:$password) ) )); $http_response_header = array(); $data = file_get_contents($authUrl, false, $context); sleep(1); } ? tcpdump -nilo dst port 80 -w- -s0 Expected result: GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6MTQzNjEuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6NTY3MDQuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6MTQzNjEuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6NTY3MDQuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= Actual result: -- GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6MTQzNjEuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6NTY3MDQuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* gdb --args /usr/lib/php5.3/bin/php.debug test.php (gdb) l /usr/src/debug/dev-lang/php-5.3.6/sapis-build/cli/ext/curl/streams.c:367 360 slist = curl_slist_append(slist, trimmed); 361 efree(trimmed); 362 p = php_strtok_r(NULL, \r\n, token); 363 } 364 efree(copy_ctx_opt); 365 } 366 if (slist) { 367 curl_easy_setopt(curlstream-curl, CURLOPT_HTTPHEADER, slist); 368 } 369 } 370 if (SUCCESS == php_stream_context_get_option(context, http, method, ctx_opt) Z_TYPE_PP(ctx_opt) == IS_STRING) { 371 if (strcasecmp(Z_STRVAL_PP(ctx_opt), get)) { 372 if (!strcasecmp(Z_STRVAL_PP(ctx_opt), head)) { 373 curl_easy_setopt(curlstream- curl, CURLOPT_NOBODY, 1); 374 } else { (gdb) l /usr/src/debug/dev-lang/php-5.3.6/sapis-build/cli/ext/curl/streams.c:501 494 if (msg_found) { 495 goto exit_fail; 496 } 497 } 498 499 /* context headers are not needed anymore */ 500 if (slist) { 501 curl_easy_setopt(curlstream-curl, CURLOPT_HTTPHEADER, NULL); 502 curl_slist_free_all(slist); 503 } 504 return stream; 505 506 exit_fail: 507 php_stream_close(stream); 508 if (slist) { (gdb) br 367 Breakpoint 1 at 0x1c59c9: file /usr/src/debug/dev-lang/php-5.3.6/sapis- build/cli/ext/curl/streams.c, line 367. (gdb) br 501 Breakpoint 2 at
Bug #55438 [Com]: race condition: curlwapper is not sending http header randomly
Edit report at https://bugs.php.net/bug.php?id=55438edit=1 ID: 55438 Comment by: xuefer at gmail dot com Reported by:xuefer at gmail dot com Summary:race condition: curlwapper is not sending http header randomly Status: Open Type: Bug Package:cURL related Operating System: gentoo PHP Version:5.3.6 Block user comment: N Private report: N New Comment: sorry for the mismatch http url string. i was trying to remove some string for privacy Previous Comments: [2011-08-17 11:38:50] xuefer at gmail dot com Description: background: php is configured with curl wrapper, which make file_get_contents use curl. i haven't tested with calling curl functions directly php unset curl header too soon before curl make the request expected order: set header, build and send request. unset header actual order 1: set header, build and send request. unset header (good) actual order 2: set header, unset header, build and send request (bad) send request comes after php unset header curl behavior randomly, by sending request before or after php unset the header Test script: --- #!/usr/lib/php5.3/bin/php ?php for (;;) { $username = 'test1'; $password = mt_rand(0, 9) . ''; $authUrl = http://localhost/;; $context = stream_context_create(array( 'http' = array( 'header' = Authorization: Basic . base64_encode($username:$password) ) )); $http_response_header = array(); $data = file_get_contents($authUrl, false, $context); sleep(1); } ? tcpdump -nilo dst port 80 -w- -s0 Expected result: GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6MTQzNjEuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6NTY3MDQuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6MTQzNjEuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6NTY3MDQuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= Actual result: -- GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6MTQzNjEuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* Authorization: Basic dGVzdDE6NTY3MDQuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4= GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* GET / HTTP/1.1 User-Agent: PHP/5.3.6-pl0-gentoo Host: localhost Accept: */* gdb --args /usr/lib/php5.3/bin/php.debug test.php (gdb) l /usr/src/debug/dev-lang/php-5.3.6/sapis-build/cli/ext/curl/streams.c:367 360 slist = curl_slist_append(slist, trimmed); 361 efree(trimmed); 362 p = php_strtok_r(NULL, \r\n, token); 363 } 364 efree(copy_ctx_opt); 365 } 366 if (slist) { 367 curl_easy_setopt(curlstream-curl, CURLOPT_HTTPHEADER, slist); 368 } 369 } 370 if (SUCCESS == php_stream_context_get_option(context, http, method, ctx_opt) Z_TYPE_PP(ctx_opt) == IS_STRING) { 371 if (strcasecmp(Z_STRVAL_PP(ctx_opt), get)) { 372 if (!strcasecmp(Z_STRVAL_PP(ctx_opt), head)) { 373 curl_easy_setopt(curlstream- curl, CURLOPT_NOBODY, 1); 374 } else { (gdb) l /usr/src/debug/dev-lang/php-5.3.6/sapis-build/cli/ext/curl/streams.c:501 494 if (msg_found) { 495 goto exit_fail; 496 } 497 } 498 499 /*
Bug #55431 [Fbk-Csd]: SIGSEV11 mysqli_result::fetch_fields
Edit report at https://bugs.php.net/bug.php?id=55431edit=1 ID: 55431 User updated by:lgandras at gmail dot com Reported by:lgandras at gmail dot com Summary:SIGSEV11 mysqli_result::fetch_fields -Status: Feedback +Status: Closed Type: Bug Package:Reproducible crash Operating System: Cent OS 5.6 PHP Version:5.3.6 Block user comment: N Private report: N New Comment: This is a duplicate of https://bugs.php.net/bug.php?id=55414 Previous Comments: [2011-08-16 03:57:23] larue...@php.net Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with ?php and ends with ?, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. [2011-08-16 01:21:39] lgandras at gmail dot com Definitively the problematic function is mysqli_result::fetch_fields [2011-08-16 01:12:32] lgandras at gmail dot com Description: Hi, I was using phpunit 3.5.13 during this crash. I'm executing a query of type SHOW CREATE TABLE `name`. I'm also using Zend framework 1.11.6. This means the query es being executed using prepare. I believe this has something to do with the fact that the field returned by mysql has a space in between Create table. I've got to have a crash executing the same query in other environment, but without being able to reproduce. That time the error came up executing mysqli_result::fetch_fields. This time i don't really know. './configure' '--disable-fileinfo' '--disable-pdo' '--disable-phar' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-libxml' '--enable-magic-quotes' '--enable-mbstring' '--enable-pcntl' '--enable-shmop' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-zip' '--prefix=/usr' '--with-curl=/opt/curlssl/' '--with-gd' '--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libxml-dir=/opt/xml2' '--with-libxml-dir=/opt/xml2/' '--with-mcrypt=/opt/libmcrypt/' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-mysqli=/usr/bin/mysql_config' '--with-openssl=/usr' '--with-openssl-dir=/usr' '--with-pcre-regex=/opt/pcre' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--with-zlib' '--with-zlib-dir=/usr' '--without-sqlite3' #0 0x0841f2e8 in add_property_string_ex (arg=0xa2cce98, key=0x87ad4cc catalog, key_len=8, str=0x79726100 Address 0x79726100 out of bounds, duplicate=1) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_API.c:1524 #1 0x081d7628 in php_add_field_properties (value=0xa2cce98, field=0x9c65874) at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1056 #2 0x081d79b7 in zif_mysqli_fetch_fields (ht=0, return_value=0xa2ea190, return_value_ptr=0x0, this_ptr=0xa2ea310, return_value_used=1) at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1114 #3 0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x9c16e40) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316 #4 0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x9c16e40) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421 #5 0x084456fe in execute (op_array=0xa022ae8) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107 #6 0x0840b5a3 in zend_call_function (fci=0xbf80a798, fci_cache=0xbf80a784) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_execute_API.c:964 #7 0x081ed8f6 in zim_reflection_method_invokeArgs (ht=2, return_value=0xa2eb2fc, return_value_ptr=0x0, this_ptr=0xa2eb450, return_value_used=1) at /home/cpeasyapache/src/php-5.3.6/ext/reflection/php_reflection.c:2745 #8 0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x9c15a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316 #9 0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x9c15a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421 #10 0x084456fe in execute (op_array=0xa18b944) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107 #11 0x08419b44 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cpeasyapache/src/php-5.3.6/Zend/zend.c:1194 #12 0x083ad584 in php_execute_script (primary_file=0xbf80cc94) at /home/cpeasyapache/src/php-5.3.6/main/main.c:2268 #13 0x084e6f64 in main (argc=2, argv=0xbf80cdf4) at
[PHP-BUG] Bug #55439 [NEW]: crypt() returns only the salt for MD5
From: Operating system: Linux PHP version: 5.3.7RC5 Package: *Encryption and hash functions Bug Type: Bug Bug description:crypt() returns only the salt for MD5 Description: If crypt() is executed with MD5 salts, the return value conists of the salt only. DES and BLOWFISH salts work as expected. I tested with php from openSUSE PHP5 repository php -v PHP 5.3.7RC6-dev (cli) rpm -q php5 php5-5.3.6.201108112132-94.1.x86_64 Test script: --- printf(MD5: %s\n, crypt('password', '$1$U7AjYB.O$')); Expected result: MD5: $1$U7AjYB.O$L1N7ux7twaMIMw0En8UUR1 Actual result: -- MD5: $1$U7AjYB.O -- Edit bug report at https://bugs.php.net/bug.php?id=55439edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55439r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55439r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55439r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55439r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55439r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55439r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55439r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55439r=needscript Try newer version: https://bugs.php.net/fix.php?id=55439r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55439r=support Expected behavior: https://bugs.php.net/fix.php?id=55439r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55439r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55439r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55439r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55439r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55439r=dst IIS Stability: https://bugs.php.net/fix.php?id=55439r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55439r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55439r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55439r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55439r=mysqlcfg
[PHP-BUG] Req #55440 [NEW]: Internal state of the execution engine
From: Operating system: PHP version: 5.3.6 Package: *General Issues Bug Type: Feature/Change Request Bug description:Internal state of the execution engine Description: While developing in PHP, I've learned that the execution engine is sometimes set in special states that alter its capabilities. As far as I know, their is no way for us developers to write code that test for one of these particular state and branch code appropriately. By special state, I mean : - execute/compile stage, where for eg autoloading doesn't work (http://bugs.php.net/42098), - outside/inside output buffering handler, where for eg print_r($v, true) doesn't work (http://bugs.php.net/55428), - before/after shutdown time, where for eg uncatched exceptions generate the cryptic Fatal error: Exception thrown without a stack frame in Unknown on line 0 and set_exception_handler() is disabled. Adding a centralized way to check for these states is maybe a good idea ? For example, get_engine_state( void ) would return a bit field, each bit for each possible state? -- Edit bug report at https://bugs.php.net/bug.php?id=55440edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55440r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55440r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55440r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55440r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55440r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55440r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55440r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55440r=needscript Try newer version: https://bugs.php.net/fix.php?id=55440r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55440r=support Expected behavior: https://bugs.php.net/fix.php?id=55440r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55440r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55440r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55440r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55440r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55440r=dst IIS Stability: https://bugs.php.net/fix.php?id=55440r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55440r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55440r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55440r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55440r=mysqlcfg
[PHP-BUG] Bug #55441 [NEW]: \Phar::createDefaultStub() does not handle its arguments
From: Operating system: MacOS X 10.6.8 PHP version: 5.3.6 Package: PHAR related Bug Type: Bug Bug description:\Phar::createDefaultStub() does not handle its arguments Description: \Phar::createDefaultStub() takes two optional arguments. With these arguments, the user can defined file in phar archive which will be used in stub. However, these arguments seems to be not used by \Phar::createDefaultStub(). Test script: --- ?php # In CLI, do php -d phar.readonly=0 path/to/this/script to generate my.phar. # In CLI, do php my.phar $phar = new \phar('my.phar'); $phar['stub.php'] = '?php echo 'This is the stub !'; ?'; $phar-createDefaultStub('stub.php'); Expected result: This is the stub ! Actual result: -- PHP Warning: include(phar:///path/to/my.phar/index.php): failed to open stream: phar error: index.php is not a file in phar /path/to/my.phar in /path/to/my.phar on line 9 -- Edit bug report at https://bugs.php.net/bug.php?id=55441edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55441r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55441r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55441r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55441r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55441r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55441r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55441r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55441r=needscript Try newer version: https://bugs.php.net/fix.php?id=55441r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55441r=support Expected behavior: https://bugs.php.net/fix.php?id=55441r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55441r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55441r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55441r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55441r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55441r=dst IIS Stability: https://bugs.php.net/fix.php?id=55441r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55441r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55441r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55441r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55441r=mysqlcfg
Bug #54114 [Com]: Output Buffer Dumps Data On Error
Edit report at https://bugs.php.net/bug.php?id=54114edit=1 ID: 54114 Comment by: nicolas dot grekas+php at gmail dot com Reported by:danhstevens at gmail dot com Summary:Output Buffer Dumps Data On Error Status: Open Type: Bug Package:Output Control Operating System: all PHP Version:5.3.5 Block user comment: N Private report: N New Comment: Here is an other example that can't be workaround using danhstevens' technique: ?php function my_shutdown() { echo secret\n; throw new Exception; } function ob_custom_filter($b) { return str_replace('secret', '**', $b); } register_shutdown_function('my_shutdown'); ob_start('ob_custom_filter'); ? Previous Comments: [2011-03-10 19:41:28] danhstevens at gmail dot com I've found a viable work-around for this bug (although a patch of the core would still be ideal so people don't discover this potential security issue the hard-way). By registering the following shutdown handler before any output buffering the dump of data can be prevented: ?php function shutdown_fn() { //If ob_start has been called at least once if(ob_get_level() 1) { //Prevent data in buffer from dumping ob_end_clean(); } } register_shutdown_function('shutdown_fn'); Now when using the examples above that normally cause the buffer to dump to the client the buffer data is disposed of. Of course, this can be extended to use ob_get_contents and redirect the data to file or other means if necessary. This approach is working for me (on PHP 5.3.5). ~Dan [2011-03-06 16:51:52] neweracracker at gmail dot com I've managed to reproduce this in Windows 7 running php 5.2.17 (with php.ini-dist) and php 5.3.5 (with php.ini-development). Here is my test script: ?php set_time_limit(1); ob_start(); echo You shouldn't see this!; sleep(2); //comment this and you won't see the line above in output ;) ob_end_clean(); ? I've reported this as bug #54174 which got closed due being a dupe of this one so I am leaving this comment here for reference purposes. Regards, NewEraCracker. [2011-02-28 21:40:36] danhstevens at gmail dot com Hi Rasmus, I was still able to create the problem by calling on a non-existing class to create a fatal error. Here is a variation of your code: function eh($errno, $errstr, $errfile, $errline) { $contents = ob_get_contents(); ob_end_clean(); echo Error: $errno, $errstr, $errfile, $errline\n; } set_error_handler('eh'); ob_start(); echo 123; nonExistantClass::nonExistantMethod(); echo After error\n; Output is: 123 Fatal error: Class 'nonExistantClass' not found in ... Hopefully the above should more accurately illustrate the issue. [2011-02-28 19:37:32] ras...@php.net I am unable to reproduce this. My test script: ?php function eh($errno, $errstr, $errfile, $errline) { $contents = ob_get_contents(); ob_end_clean(); echo Error: $errno, $errstr, $errfile, $errline\n; } set_error_handler('eh'); ob_start(); echo 123; trigger_error('test error', E_USER_ERROR); echo After error\n; And my output is: Error: 256, test error, /var/www/testing/o.php, 10 After error No sign of 123 there. [2011-02-28 07:43:46] danhstevens at gmail dot com Description: When output buffering is turned on (via ob_start()) and an error is encountered before a call to ob_end_* is called the entire contents of the output buffer is dumped (to STDOUT) and there appears to be no way to prevent the buffer from dumping - not even by setting an error handler, etc. This is a security issue since the output buffer may contain sensitive information that is them dumped over to the user. Using set_error_handler does not stop the dump - it appears the dump simply happens with no way to intercept or prevent it. Test script: --- ?php ob_start(); echo 123; trigger_error('test error', E_USER_ERROR); $contents = ob_get_contents(); ob_end_clean(); ? Expected result: (no output) Actual result: -- 123 Fatal error: test error in ... -- Edit this bug report at https://bugs.php.net/bug.php?id=54114edit=1
Bug #50547 [Com]: SoapServer Fatal errror in WSDL mode
Edit report at https://bugs.php.net/bug.php?id=50547edit=1 ID: 50547 Comment by: chinigo at gmail dot com Reported by:rsumibcay at reddoor dot biz Summary:SoapServer Fatal errror in WSDL mode Status: Open Type: Bug Package:SOAP related Operating System: Ubuntu Linux PHP Version:5.2.12 Block user comment: N Private report: N New Comment: mdekrijger's suggestion about disabling Xdebug worked for me too. Adding xdebug_disable() immediately before the SOAP call resulted in a Fatal SOAP error being converted to a catchable SOAP fault. Previous Comments: [2011-02-24 16:00:36] mdekrijger at e-sites dot nl Xdebug might be the problem. When using xdebug_disable() before calling the handle() method, the server responds with a proper SOAP message which says that something went wrong. [2011-02-24 09:54:31] mdekrijger at e-sites dot nl Does anyone have an alternative solution for this problem? (while this bug remains open?) We really want to provide some information about the wrong type in the return soap response. So implementing our SOAP services would be a much easier job. [2010-02-01 09:48:05] jitka at darbujanova dot cz I can confirm this. (http://bugs.php.net/bug.php?id=50895) [2009-12-21 20:18:01] rsumibcay at reddoor dot biz Description: SoapServer dies with fatal error in WSDL mode when a soap argument is a ComplexType with a member defined as int in the XSD, but the member value is passed as a non-numeric string. Reproduce code: --- 1. Define a ComplexType with an int data member: http://crkt190.reddoor.biz/fatalerror/complex_types.xsd 2. Define a WSDL that uses the ComplexType as an argument to the soap function: http://crkt190.reddoor.biz/fatalerror/fatalerror.wsdl 3. Create a soap envelope with a non-numeric string as the value for the int data member: http://crkt190.reddoor.biz/fatalerror/fatalerror-soap-envelope.xml 4. Make a soap request using the soap envelope in step 3. Expected result: The SoapServer should not die with a fatal error. The SoapServer should respond with a SoapFault, or let the call pass through so the business logic (mapped handler) can do validation and handle the error appropriately. Actual result: -- 500 HTTP response from server. The HTTP response body contains an error message and stack trace. Fatal error: SOAP-ERROR: Encoding Violation of encoding rules in ... -- Edit this bug report at https://bugs.php.net/bug.php?id=50547edit=1
[PHP-BUG] Bug #55442 [NEW]: ID3-0.2 Comments tag.
From: Operating system: Federa 13 PHP version: 5.3.6 Package: Unknown/Other Function Bug Type: Bug Bug description:ID3-0.2 Comments tag. Description: --- THe Comments tag (COMM) is not appearing in ID3-0.2. I have verified that the Comments tag is not null in EasyTag, Kid3 or a Flash application I have that reads ID3 Tags. --- Test script: --- ? $tag_version = id3_get_version($new_mp3_file); if ($tag_version ID3_V1_0) { echo div class=\text\This file contains a 1.x tag/div; } if ($tag_version ID3_V1_1) { echo div class=\text\This file contains a 1.1 tag/div; } if ($tag_version ID3_V2) { echo div class=\text\This file contains a 2.x tag/div; } if ($tag_version ID3_V2_3) { echo div class=\text\This file contains a 2.3 tag/div; } if ($tag_version ID3_V2_4) { echo div class=\text\This file contains a 2.4 tag/div; } echo br /; $tag = id3_get_tag($new_mp3_file); while(list($key,$value) = each($tag)){ echo div class=\text\$key: $value; if($key == genre){echo ( . id3_get_genre_name($value) . );} echo /div; } unlink($new_mp3_file); ? Expected result: The comments tag should display in the tag output. Actual result: -- This file contains a 1.x tag This file contains a 1.1 tag This file contains a 2.3 tag This file contains a 2.4 tag encoderSettings: LAME 32bits version 3.98.2 (http://www.mp3dev.org/) length: 27414 title: My name is Sulaiman The WordSmith artist: Sulaiman The WordSmith album: What Is A WordSmith recTime: 2010 track: 03/03 genre: 7 (Hip-Hop) composer: Sulaiman The WordSmith originalArtist: Sulaiman The WordSmith copyright: U.S: PAU003376550 / 1-407766721 encodedBy: Lame webOffPubl: http://thewordsmith.info webOffAudioFile: http://thewordsmith.info webOffAudioSrc: http://thewordsmith.info webOffIRS: http://thewordsmith.info publisher: The WordSmith World Wide mood: Educational webOffArtist: http://thewordsmith.info language: EN -- Edit bug report at https://bugs.php.net/bug.php?id=55442edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55442r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55442r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55442r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55442r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55442r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55442r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55442r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55442r=needscript Try newer version: https://bugs.php.net/fix.php?id=55442r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55442r=support Expected behavior: https://bugs.php.net/fix.php?id=55442r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55442r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55442r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55442r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55442r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55442r=dst IIS Stability: https://bugs.php.net/fix.php?id=55442r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55442r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55442r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55442r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55442r=mysqlcfg
[PHP-BUG] Req #55443 [NEW]: 4nd params double_encode
From: Operating system: any PHP version: 5.3.6 Package: *General Issues Bug Type: Feature/Change Request Bug description:4nd params double_encode Description: Path in Bug #43101: htmlentities(): double_quote vs. double_encode typo --- From manual page: http://www.php.net/function.htmlspecialchars%23%D0%9E%D0%BF%D0%B8%D1%81%D0%B0%D0%BD%D0%B8%D0%B5 --- four params double_encode=true|false present in real, and absent in documentation Test script: --- $links_str = http://ya.ru?q=searchamp;mmm; $links_str = htmlspecialchars($links_str,ENT_COMPAT,'UTF-8',$double_encode=false); -- Edit bug report at https://bugs.php.net/bug.php?id=55443edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55443r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55443r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55443r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55443r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55443r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55443r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55443r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55443r=needscript Try newer version: https://bugs.php.net/fix.php?id=55443r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55443r=support Expected behavior: https://bugs.php.net/fix.php?id=55443r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55443r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55443r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55443r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55443r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55443r=dst IIS Stability: https://bugs.php.net/fix.php?id=55443r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55443r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55443r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55443r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55443r=mysqlcfg
Bug #46025 [Com]: zend_bailout can deadlock APC
Edit report at https://bugs.php.net/bug.php?id=46025edit=1 ID: 46025 Comment by: pierre at archlinux dot de Reported by:askalski at gmail dot com Summary:zend_bailout can deadlock APC Status: Feedback Type: Bug Package:Reproducible crash Operating System: redhat PHP Version:5.2.6 Assigned To:gopalv Block user comment: N Private report: N New Comment: This issue is still reproducable using php-fpm and PHP 5.3.6 with APC 3.1.9 Previous Comments: [2010-11-07 21:08:38] fel...@php.net Gopal, this issue has been already fixed? [2010-06-24 18:52:07] askalski at gmail dot com A note about the above patches: They work with the stable 3.0.19 release of APC, but not the beta 3.1.3p1. In the beta version, compilation was moved inside a HANDLE_BLOCK_INTERRUPTIONS/HANDLE_UNBLOCK_INTERRUPTIONS block, so the zend_bailout deferral is no longer safe. For example, a syntax error in the script will result in a partially compiled opcode array to be cached in APC. I don't yet have an alternate solution. [2010-05-31 06:54:14] askalski at gmail dot com I uploaded patches against the latest 5.1, 5.2, and 5.3 versions of PHP, for sites with production issues that can't afford to wait years for an upstream fix. [2009-10-21 18:42:04] askalski at gmail dot com We are using a modified 5.2 in production, so a patch against 5.2.11 (the latest release in that series) would be good. Thanks, Andy [2009-10-21 18:01:00] sh...@php.net Lucas Nealan and I are working on fixing some items in the signals patch, and would like to push forward on this getting integrated in core. Would you be willing to try the patch for PHP to see if it corrects your problem? It would be of great use to know that it fixes your specific issue. If so let me know which specific version of PHP you want a patch against and I'll make sure we get you the latest one that cleanly patches against it. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=46025 -- Edit this bug report at https://bugs.php.net/bug.php?id=46025edit=1
[PHP-BUG] Bug #55444 [NEW]: trans-sid enabled; PHPSESSID inserted after end of href on links
From: Operating system: Ubuntu 10.04.3 LTS PHP version: Irrelevant Package: Session related Bug Type: Bug Bug description:trans-sid enabled; PHPSESSID inserted after end of href on links Description: In more detail, OS: Linux 2.6.32-32-server x86_64 #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) (built: May 3 2011 00:45:52) This is the standard PHP package from Ubuntu Lucid's main repo. I did not compile it. I have enabled the trans- sid option. When generating a long list of links, occasionally the trans-sid function will miss the end of the href attribute and add ?PHPSESSID=73...07 outside the closing double quote mark. eg: tda href=index.php? area=gallerypage=edit_photofile=gallery_36.jpgamp;PHPSESSID=73...07img src=images/edit.png /gallery_36.jpg/a/td ... tda href=index.php?area=gallerypage=edit_photofile=gallery_37.jpg? PHPSESSID=73...07img src=images/edit.png /gallery_37.jpg/a/td Note that since it is outside the quote mark, it is generated with a ? instead of amp;. This reliably happens on the gallery_37.jpg link, and the gallery_18.jpg link, and a few others. Test script: --- The relevant loop: while ($row = mysql_fetch_assoc($result)) { $file = sanitise_html($row[filename]); $title = sanitise_html($row[title]); ? tr tda href=index.php?area=gallerypage=edit_photofile=?=$file?img src=images/edit.png /?=$file?/a/td td?=$title?/td tda href=index.php?area=gallerypage=delete_photofile=?=$file?img src=images/delete.png //a/td /tr ? } Expected result: In the example above, I would expect: amp;PHPSESSID=73...07 to be added to the end of every link, in the proper place, *inside* the end of the href attribute. Actual result: -- On some links, the PHPSESSID appears *outside* the end of the href attribute. This causes the PHPSESSID not to be included in the link. -- Edit bug report at https://bugs.php.net/bug.php?id=55444edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55444r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55444r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55444r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55444r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55444r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55444r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55444r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55444r=needscript Try newer version: https://bugs.php.net/fix.php?id=55444r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55444r=support Expected behavior: https://bugs.php.net/fix.php?id=55444r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55444r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55444r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55444r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55444r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55444r=dst IIS Stability: https://bugs.php.net/fix.php?id=55444r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55444r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55444r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55444r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55444r=mysqlcfg
[PHP-BUG] Bug #55445 [NEW]: Short echo tag still depends on short_open_tag setting
From: sixd Operating system: All PHP version: 5.4SVN-2011-08-17 (SVN) Package: *General Issues Bug Type: Bug Bug description:Short echo tag still depends on short_open_tag setting Description: Use of ?= still depends on short_open_tag. Also note the NEWS file regarding this change references short_tags which is the internal GC() name. It says: - ?= is now always available regardless of the short_tags setting (Rasmus) Test script: --- ?php $u = chris; ?pWelcome ?= $u ?/p Expected result: $ php54 -d short_open_tag=0 t.php pWelcome chris/p $ php54 -d short_open_tag=1 t.php pWelcome chris/p Actual result: -- $ php54 -d short_open_tag=0 t.php pWelcome ?= $u ?/p $ php54 -d short_open_tag=1 t.php pWelcome chris/p -- Edit bug report at https://bugs.php.net/bug.php?id=55445edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55445r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55445r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55445r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55445r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55445r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55445r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55445r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55445r=needscript Try newer version: https://bugs.php.net/fix.php?id=55445r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55445r=support Expected behavior: https://bugs.php.net/fix.php?id=55445r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55445r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55445r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55445r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55445r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55445r=dst IIS Stability: https://bugs.php.net/fix.php?id=55445r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55445r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55445r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55445r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55445r=mysqlcfg
Bug #55445 [Opn-Asn]: Short echo tag still depends on short_open_tag setting
Edit report at https://bugs.php.net/bug.php?id=55445edit=1 ID: 55445 Updated by: col...@php.net Reported by:s...@php.net Summary:Short echo tag still depends on short_open_tag setting -Status: Open +Status: Assigned Type: Bug Package:*General Issues Operating System: All PHP Version:5.4SVN-2011-08-17 (SVN) -Assigned To: +Assigned To:colder Block user comment: N Private report: N Previous Comments: [2011-08-17 22:44:56] s...@php.net Description: Use of ?= still depends on short_open_tag. Also note the NEWS file regarding this change references short_tags which is the internal GC() name. It says: - ?= is now always available regardless of the short_tags setting (Rasmus) Test script: --- ?php $u = chris; ?pWelcome ?= $u ?/p Expected result: $ php54 -d short_open_tag=0 t.php pWelcome chris/p $ php54 -d short_open_tag=1 t.php pWelcome chris/p Actual result: -- $ php54 -d short_open_tag=0 t.php pWelcome ?= $u ?/p $ php54 -d short_open_tag=1 t.php pWelcome chris/p -- Edit this bug report at https://bugs.php.net/bug.php?id=55445edit=1
Bug #55445 [Asn-Csd]: Short echo tag still depends on short_open_tag setting
Edit report at https://bugs.php.net/bug.php?id=55445edit=1 ID: 55445 Updated by: col...@php.net Reported by:s...@php.net Summary:Short echo tag still depends on short_open_tag setting -Status: Assigned +Status: Closed Type: Bug Package:*General Issues Operating System: All PHP Version:5.4SVN-2011-08-17 (SVN) Assigned To:colder Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Previous Comments: [2011-08-17 23:49:58] col...@php.net Automatic comment from SVN on behalf of colder Revision: http://svn.php.net/viewvc/?view=revisionamp;revision=315119 Log: Fix bug #55445 (Incomplete implementation of lt;?= being independant of short_open_tag) [2011-08-17 22:44:56] s...@php.net Description: Use of ?= still depends on short_open_tag. Also note the NEWS file regarding this change references short_tags which is the internal GC() name. It says: - ?= is now always available regardless of the short_tags setting (Rasmus) Test script: --- ?php $u = chris; ?pWelcome ?= $u ?/p Expected result: $ php54 -d short_open_tag=0 t.php pWelcome chris/p $ php54 -d short_open_tag=1 t.php pWelcome chris/p Actual result: -- $ php54 -d short_open_tag=0 t.php pWelcome ?= $u ?/p $ php54 -d short_open_tag=1 t.php pWelcome chris/p -- Edit this bug report at https://bugs.php.net/bug.php?id=55445edit=1
Bug #55283 [Com]: SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections
Edit report at https://bugs.php.net/bug.php?id=55283edit=1 ID: 55283 Comment by: spam2 at rhsoft dot net Reported by:aleksey at wepay dot com Summary:SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections Status: Verified Type: Bug Package:MySQLi related Operating System: Cent OS PHP Version:5.3.6 Assigned To:mysql Block user comment: N Private report: N New Comment: well i guess this change results in connections hanging around and after a hughe timeout filling my mailbox with cron-mails since upgraded to 5.3.7 using MYSQLND so Changing mysqli to make libmysql happy will cause leaks with mysqlnd seems to be true - but why done this change if knowing it? mysqlnd 5.0.8-dev - 20102224 - $Revision: 310735 $ without ssl_set() all works fine but unencyrpted how can i revert this change for the 5.3.7-final.tar.bz2? ___ MySQL server has gone away $this-ssl_key = '/etc/mysql-ssl/client.pem'; $this-ssl_crt = '/etc/mysql-ssl/client.pem'; $this-ssl_ca = '/etc/mysql-ssl/ca.crt'; $conn-ssl_set($this-ssl_key, $this-ssl_crt, $this-ssl_ca, NULL, NULL); Previous Comments: [2011-08-05 13:39:28] and...@php.net Automatic comment from SVN on behalf of andrey Revision: http://svn.php.net/viewvc/?view=revisionamp;revision=314330 Log: Fix for bug #55283 SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections [2011-08-05 13:17:59] u...@php.net The actual issue here is in mysqlnd (or in the mysqli user API, however you put it :-)): if using mysqli_init() to create a connection object we don't yet know if it needs to be persistent or not. mysqli was changed to meet the needs of mysqlnd. Unfortunately, this has an unforeseen side-effect on mysqli @ libmysql [@ SSL]. Changing mysqli to make libmysql happy will cause leaks with mysqlnd. This needs some think time. [2011-08-05 11:53:47] u...@php.net Reproducible with PHP 5.3.7RC4-dev (cli) (built: Jul 26 2011 17:35:20) (DEBUG) using *libmysql* to connect to 5.1.45-debug-log Configure Command = './configure' '--with-mysql=mysqlnd' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--with-pdo-mysql=/usr/local/mysql/bin/mysql_config' '--enable-debug' '--enable-maintainer-zts' '--enable-mysqlnd-ms' '--enable-mysqlenterprise' '--enable-mysqlnd-uh' '--enable-pcntl' nixnutz@linux-fuxh:~/php/php-src/branches/PHP_5_3 sapi/cli/php bar.php array(2) { [0]= string(10) Ssl_cipher [1]= string(18) DHE-RSA-AES256-SHA } array(2) { [0]= string(10) Ssl_cipher [1]= string(7) RC4-MD5 } [2011-07-26 00:25:00] aleksey at wepay dot com Please note that while the example shows the problem with the cipher, all other parameters are also ignored. In particular, ssl cert info is critical. [2011-07-26 00:20:58] aleksey at wepay dot com Description: The MySQLi ignores SSL options set with mysqli_ssl_set() for persistent connections (works fine for non-persistent connections). To reproduce: 1) Configure MySQL server with SSL support (http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html) 2) Run the attached test script Test script: --- ? $host = 'localhost'; $user = 'root'; $pass = ''; $db= null; $port = 3306; $flags = MYSQLI_CLIENT_SSL; /* persistent connection */ $link = mysqli_init(); mysqli_ssl_set($link, null, null, null, null, RC4-MD5); if (mysqli_real_connect($link, 'p:' . $host, $user, $pass, $db, $port, null, $flags)) { $r = $link-query(SHOW STATUS LIKE 'Ssl_cipher'); var_dump($r-fetch_row()); } /* non-persistent connection */ $link = mysqli_init(); mysqli_ssl_set($link, null, null, null, null, RC4-MD5); if (mysqli_real_connect($link, $host, $user, $pass, $db, $port, null, $flags)) { $r = $link-query(SHOW STATUS LIKE 'Ssl_cipher'); var_dump($r-fetch_row()); } Expected result: array(2) { [0]= string(10) Ssl_cipher [1]= string(18) RC4-MD5 } array(2) { [0]= string(10) Ssl_cipher [1]= string(7) RC4-MD5 } Actual result: -- array(2) { [0]= string(10) Ssl_cipher [1]= string(18) DHE-RSA-AES256-SHA } array(2) { [0]= string(10) Ssl_cipher [1]= string(7) RC4-MD5 } -- Edit this bug report at https://bugs.php.net/bug.php?id=55283edit=1