Bug #55450 [Asn]: Built in web server not accepting file uploads
Edit report at https://bugs.php.net/bug.php?id=55450&edit=1 ID: 55450 Updated by: larue...@php.net Reported by:scott at aubrey dot org dot uk Summary:Built in web server not accepting file uploads Status: Assigned Type: Bug Package:Built-in web server Operating System: Mac OS X 10.7.1 (Lion ) PHP Version:5.4.0alpha3 Assigned To:moriyoshi Block user comment: N Private report: N New Comment: this should due to the following code in sapi/cli/php_cli_server.c 2161 : php_cli_server_client_populate_request_info: ... { char **val; const char delimiter[] = ";"; if (SUCCESS == zend_hash_find(&client->request.headers, "Content-Type", sizeof("Content-Type"), (void**)&val)) { request_info->content_type = strtok(*val, delimiter); } } ... which erased the boundary content of "multipart/form-data; boundary=", Previous Comments: [2011-08-18 14:22:03] scott at aubrey dot org dot uk forgot to add, that I started the server with: php -nS localhost:8001 -t. and the server output was: [Thu Aug 18 15:13:56 2011] ::1:54367 GET /testUpload.php - Request read [Thu Aug 18 15:13:56 2011] ::1:54367 GET /testUpload.php - Response sent successfully (200) [Thu Aug 18 15:14:01 2011] ::1:54369 POST /testUpload.php - Request read [Thu Aug 18 15:14:01 2011] ::1:54369 POST /testUpload.php - Response sent successfully (200) [2011-08-18 14:19:47] scott at aubrey dot org dot uk Description: The built in web server does not handle file uploads, instead throwing an error. This is a fairly clean build of alpha 3. Test script: --- Select a file to upload: Expected result: array(1) { ["file"]=> array(5) { ["name"]=> string(7) "testupload.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> string(26) "/private/var/tmp/phpynOZom" ["error"]=> int(0) ["size"]=> int(12) } } Actual result: -- array(0) { } -- Error log throws: PHP Warning: Missing boundary in multipart/form-data POST data in Unknown on line 0 -- Edit this bug report at https://bugs.php.net/bug.php?id=55450&edit=1
Bug #55455 [Opn->Fbk]: unknown entry 'access.log' and access.format
Edit report at https://bugs.php.net/bug.php?id=55455&edit=1 ID: 55455 Updated by: f...@php.net Reported by:tavares dot wladimir at gmail dot com Summary:unknown entry 'access.log' and access.format -Status: Open +Status: Feedback Type: Bug Package:FPM related PHP Version:Irrelevant -Assigned To: +Assigned To:fat Block user comment: N Private report: N New Comment: The PHP version is missing Previous Comments: [2011-08-19 04:20:50] tavares dot wladimir at gmail dot com Description: php-fpm config file parser does not recognize access.log and access.format tokens. I'm using the php-fpm sample config file. access.log = /var/log/php-fpm/$pool.access.log access.format = %R - %u %t "%m %r%Q%q" %s %f %{mili}d %{kilo}M %C%% When I uncomment those line I get: unknown entry 'access.log' and 'access.format' -- Edit this bug report at https://bugs.php.net/bug.php?id=55455&edit=1
[PHP-BUG] Req #55456 [NEW]: Fatal error: Call to undefined function
From: Operating system: Any PHP version: Irrelevant Package: *General Issues Bug Type: Feature/Change Request Bug description:Fatal error: Call to undefined function Description: code: sdlfkjsldkfjsl(); expected result: a warning / an exception actual result: script suddenly terminates Test script: --- sdlfkjsldkfjsl(); Expected result: a warning / an exception Actual result: -- script suddenly terminates -- Edit bug report at https://bugs.php.net/bug.php?id=55456&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55456&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55456&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55456&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55456&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55456&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55456&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55456&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55456&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55456&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55456&r=support Expected behavior: https://bugs.php.net/fix.php?id=55456&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55456&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55456&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55456&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55456&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55456&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55456&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55456&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55456&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55456&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55456&r=mysqlcfg
[PHP-BUG] Bug #55455 [NEW]: unknown entry 'access.log' and access.format
From: Operating system: PHP version: Irrelevant Package: FPM related Bug Type: Bug Bug description:unknown entry 'access.log' and access.format Description: php-fpm config file parser does not recognize access.log and access.format tokens. I'm using the php-fpm sample config file. access.log = /var/log/php-fpm/$pool.access.log access.format = %R - %u %t "%m %r%Q%q" %s %f %{mili}d %{kilo}M %C%% When I uncomment those line I get: unknown entry 'access.log' and 'access.format' -- Edit bug report at https://bugs.php.net/bug.php?id=55455&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55455&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55455&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55455&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55455&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55455&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55455&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55455&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55455&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55455&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55455&r=support Expected behavior: https://bugs.php.net/fix.php?id=55455&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55455&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55455&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55455&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55455&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55455&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55455&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55455&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55455&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55455&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55455&r=mysqlcfg
Bug #55258 [Com]: Windows Version Detecting Error
Edit report at https://bugs.php.net/bug.php?id=55258&edit=1 ID: 55258 Comment by: virsacer at web dot de Reported by:xiaomao5 at live dot com Summary:Windows Version Detecting Error Status: Closed Type: Bug Package:Unknown/Other Function Operating System: Windows PHP Version:5.3SVN-2011-07-21 (SVN) Assigned To:pajoye Block user comment: N Private report: N New Comment: This is a dupplicate of #52461 Previous Comments: [2011-07-21 10:50:11] paj...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Thanks for the report and patch, forgot to merge that fix in 5.3 back then. [2011-07-21 10:49:49] paj...@php.net Automatic comment from SVN on behalf of pajoye Revision: http://svn.php.net/viewvc/?view=revision&revision=313538 Log: - Fixed bug #55258 (Windows Version Detecting Error) (already fixed in trunk/5.4) [2011-07-21 09:31:14] xiaomao5 at live dot com Although the patch is generated from the older version, the bug still exists in branches/PHP_5_3. [2011-07-21 09:28:37] xiaomao5 at live dot com Description: In PHP 5.3, and of course all version before it, Windows 7 is detected as 6.2, which would be Windows 8, which isn't released. So Windows 7, as 6.1 will turn into Unknow Windows version.(It's also should be Unknown, not Unknow). Test script: --- https://bugs.php.net/bug.php?id=55258&edit=1
Req #55403 [Asn->Csd]: $_SERVER['HTTPS'] should be undefined on unsecure connection
Edit report at https://bugs.php.net/bug.php?id=55403&edit=1 ID: 55403 Updated by: theta...@php.net Reported by:theta...@php.net Summary:$_SERVER['HTTPS'] should be undefined on unsecure connection -Status: Assigned +Status: Closed Type: Feature/Change Request Package:iPlanet related PHP Version:Irrelevant Assigned To:thetaphi Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Committed to 5.3.8 branch, 5.4, trunk Previous Comments: [2011-08-18 19:12:42] theta...@php.net Automatic comment from SVN on behalf of thetaphi Revision: http://svn.php.net/viewvc/?view=revision&revision=315149 Log: Bug #55403: Don't set $_SERVER['HTTPS'] on unsecure connection [2011-08-11 20:26:27] theta...@php.net I will keep this open until committing to 5.3 is possible again. [2011-08-11 20:25:20] theta...@php.net Automatic comment from SVN on behalf of thetaphi Revision: http://svn.php.net/viewvc/?view=revision&revision=314799 Log: Bug #55403: Don't set $_SERVER['HTTPS'] on unsecure connection [2011-08-11 17:24:45] theta...@php.net I will commit this patch to trunk and 5.4, also after 5.3.7 is released, I will merge there, too. [2011-08-11 17:21:49] theta...@php.net The following patch has been added/updated: Patch Name: PatchForTrunk.patch Revision: 1313083309 URL: https://bugs.php.net/patch-display.php?bug=55403&patch=PatchForTrunk.patch&revision=1313083309 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55403 -- Edit this bug report at https://bugs.php.net/bug.php?id=55403&edit=1
Bug #55453 [Opn]: SoapClient out of memory when SOAP_COMPRESSION_GZIP enabled
Edit report at https://bugs.php.net/bug.php?id=55453&edit=1 ID: 55453 User updated by:johnston dot joshua at gmail dot com Reported by:johnston dot joshua at gmail dot com Summary:SoapClient out of memory when SOAP_COMPRESSION_GZIP enabled Status: Open Type: Bug Package:SOAP related Operating System: 2.6.38-10-generic #46-Ubuntu PHP Version:5.3.5 Block user comment: N Private report: N New Comment: SOAP_COMPRESSION_DEFLATE or'd with a compression level works as expected. Previous Comments: [2011-08-18 16:29:16] johnston dot joshua at gmail dot com Updating to real php version since you can't select < 5.4 on create [2011-08-18 16:28:31] johnston dot joshua at gmail dot com Description: Adding request compression either does not work or causes Fatal error: Out of memory (allocated 2359296) (tried to allocate 18446744073709551596 bytes). When I use the gzip flag in the compression options the client call fails with an Out of memory notice (-1). If I use the deflate flag then nothing happens, no request compression. This looks like it might be a regression of https://bugs.php.net/bug.php?id=36283 jjohnston@jjohnston:~$ php -v PHP 5.3.5-1ubuntu7.2 with Suhosin-Patch (cli) (built: May 2 2011 23:00:17) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans P.S. The earliest php version you can pick is 5.4.0alpha3. Why can't I pick a recent stable php version? Test script: --- $client = new SoapClient( "https://example.org/service.asmx?WSDL";, array( 'cache_wsdl' => WSDL_CACHE_DISK, 'connection_timeout' => '120', 'soap_version' => SOAP_1_1, 'compression'=> SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP | 5 ) ); $out = $client->MethodCall(array( 'type' => 'test' )); Expected result: I expect the request to work and be compressed Actual result: -- Fatal error: Out of memory (allocated 2359296) (tried to allocate 18446744073709551596 bytes) -- Edit this bug report at https://bugs.php.net/bug.php?id=55453&edit=1
Bug #55453 [Opn]: SoapClient out of memory when SOAP_COMPRESSION_GZIP enabled
Edit report at https://bugs.php.net/bug.php?id=55453&edit=1 ID: 55453 User updated by:johnston dot joshua at gmail dot com Reported by:johnston dot joshua at gmail dot com Summary:SoapClient out of memory when SOAP_COMPRESSION_GZIP enabled Status: Open Type: Bug Package:SOAP related Operating System: 2.6.38-10-generic #46-Ubuntu -PHP Version:5.4.0alpha3 +PHP Version:5.3.5 Block user comment: N Private report: N New Comment: Updating to real php version since you can't select < 5.4 on create Previous Comments: [2011-08-18 16:28:31] johnston dot joshua at gmail dot com Description: Adding request compression either does not work or causes Fatal error: Out of memory (allocated 2359296) (tried to allocate 18446744073709551596 bytes). When I use the gzip flag in the compression options the client call fails with an Out of memory notice (-1). If I use the deflate flag then nothing happens, no request compression. This looks like it might be a regression of https://bugs.php.net/bug.php?id=36283 jjohnston@jjohnston:~$ php -v PHP 5.3.5-1ubuntu7.2 with Suhosin-Patch (cli) (built: May 2 2011 23:00:17) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans P.S. The earliest php version you can pick is 5.4.0alpha3. Why can't I pick a recent stable php version? Test script: --- $client = new SoapClient( "https://example.org/service.asmx?WSDL";, array( 'cache_wsdl' => WSDL_CACHE_DISK, 'connection_timeout' => '120', 'soap_version' => SOAP_1_1, 'compression'=> SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP | 5 ) ); $out = $client->MethodCall(array( 'type' => 'test' )); Expected result: I expect the request to work and be compressed Actual result: -- Fatal error: Out of memory (allocated 2359296) (tried to allocate 18446744073709551596 bytes) -- Edit this bug report at https://bugs.php.net/bug.php?id=55453&edit=1
[PHP-BUG] Bug #55453 [NEW]: SoapClient out of memory when SOAP_COMPRESSION_GZIP enabled
From: Operating system: 2.6.38-10-generic #46-Ubuntu PHP version: 5.4.0alpha3 Package: SOAP related Bug Type: Bug Bug description:SoapClient out of memory when SOAP_COMPRESSION_GZIP enabled Description: Adding request compression either does not work or causes Fatal error: Out of memory (allocated 2359296) (tried to allocate 18446744073709551596 bytes). When I use the gzip flag in the compression options the client call fails with an Out of memory notice (-1). If I use the deflate flag then nothing happens, no request compression. This looks like it might be a regression of https://bugs.php.net/bug.php?id=36283 jjohnston@jjohnston:~$ php -v PHP 5.3.5-1ubuntu7.2 with Suhosin-Patch (cli) (built: May 2 2011 23:00:17) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans P.S. The earliest php version you can pick is 5.4.0alpha3. Why can't I pick a recent stable php version? Test script: --- $client = new SoapClient( "https://example.org/service.asmx?WSDL";, array( 'cache_wsdl' => WSDL_CACHE_DISK, 'connection_timeout' => '120', 'soap_version' => SOAP_1_1, 'compression'=> SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP | 5 ) ); $out = $client->MethodCall(array( 'type' => 'test' )); Expected result: I expect the request to work and be compressed Actual result: -- Fatal error: Out of memory (allocated 2359296) (tried to allocate 18446744073709551596 bytes) -- Edit bug report at https://bugs.php.net/bug.php?id=55453&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55453&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55453&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55453&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55453&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55453&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55453&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55453&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55453&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55453&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55453&r=support Expected behavior: https://bugs.php.net/fix.php?id=55453&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55453&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55453&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55453&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55453&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55453&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55453&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55453&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55453&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55453&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55453&r=mysqlcfg
Req #55451 [PATCH]: substr_compare and case sensitivity
Edit report at https://bugs.php.net/bug.php?id=55451&edit=1 ID: 55451 Patch added by: datib...@php.net Reported by:datib...@php.net Summary:substr_compare and case sensitivity Status: Open Type: Feature/Change Request Package:Unknown/Other Function Operating System: NA PHP Version:Irrelevant Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: substr_compare_optlen Revision: 1313682989 URL: https://bugs.php.net/patch-display.php?bug=55451&patch=substr_compare_optlen&revision=1313682989 Previous Comments: [2011-08-18 15:55:57] datib...@php.net Description: The $length parameter of this function is optional in the documentation, but currently it can't be skipped to only set the case sensitivity flag. Values like null or false get converted into 0 which causes a warning and the function returns false. Using null to skip the $length parameter would be nice. Test script: --- Expected result: 0 Actual result: -- Warning: substr_compare(): The length must be greater than zero -- Edit this bug report at https://bugs.php.net/bug.php?id=55451&edit=1
[PHP-BUG] Req #55451 [NEW]: substr_compare and case sensitivity
From: datibbaw Operating system: NA PHP version: Irrelevant Package: Unknown/Other Function Bug Type: Feature/Change Request Bug description:substr_compare and case sensitivity Description: The $length parameter of this function is optional in the documentation, but currently it can't be skipped to only set the case sensitivity flag. Values like null or false get converted into 0 which causes a warning and the function returns false. Using null to skip the $length parameter would be nice. Test script: --- Expected result: 0 Actual result: -- Warning: substr_compare(): The length must be greater than zero -- Edit bug report at https://bugs.php.net/bug.php?id=55451&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55451&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55451&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55451&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55451&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55451&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55451&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55451&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55451&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55451&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55451&r=support Expected behavior: https://bugs.php.net/fix.php?id=55451&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55451&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55451&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55451&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55451&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55451&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55451&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55451&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55451&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55451&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55451&r=mysqlcfg
Bug #55449 [Bgs]: Static private and static protected properties have a backdoor.
Edit report at https://bugs.php.net/bug.php?id=55449&edit=1 ID: 55449 User updated by:0gb dot us at 0gb dot us Reported by:0gb dot us at 0gb dot us Summary:Static private and static protected properties have a backdoor. Status: Bogus Type: Bug Package:Class/Object related Operating System: Mac OS X PHP Version:5.3.6 Block user comment: N Private report: N New Comment: Opps, I posted that note before I saw your response. You were quick! Thanks for the information, and have a nice day. Previous Comments: [2011-08-18 14:47:51] 0gb dot us at 0gb dot us I just realized a smaller script would have gotten the point across better. Sorry. http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php If one shoots oneself in the foot that's ok. If people really want to bypass such checks we don't prevent them. They aren't a security thing or something but a help to structure and isolate code. For reading out there are things like var_dump() which give access to them, too. [2011-08-18 14:16:12] 0gb dot us at 0gb dot us Description: I use a static private property in one of my classes, so objects in that class can track data, while keeping it away from other parts of the script. However, I found you can exploit a backdoor to reach the property from places that should be outside the property's visibility, by using variable variables. Upon further testing, I found the same backdoor exists for static protected properties. Using this backdoor, you can get or set the property's value. Non-static properties seem to be unaffected by this bug. It doesn't seem particularly dangerous, but I thought I'd report it just the same. Test script: --- $test2;//Fatal error: Cannot access property started with '\0' in ... echo $object->$test3;//Fatal error: Cannot access property started with '\0' in ... echo $object->{"\0*\0private"};//Fatal error: Cannot access property started with '\0' in ... echo $object->{"\0*\0protected"};//Fatal error: Cannot access property started with '\0' in ... Expected result: All six echo()s should cause a fatal error. Actual result: -- Only the last four echo()s cause a fatal error. -- Edit this bug report at https://bugs.php.net/bug.php?id=55449&edit=1
Bug #55449 [Bgs]: Static private and static protected properties have a backdoor.
Edit report at https://bugs.php.net/bug.php?id=55449&edit=1 ID: 55449 User updated by:0gb dot us at 0gb dot us Reported by:0gb dot us at 0gb dot us Summary:Static private and static protected properties have a backdoor. Status: Bogus Type: Bug Package:Class/Object related Operating System: Mac OS X PHP Version:5.3.6 Block user comment: N Private report: N New Comment: I just realized a smaller script would have gotten the point across better. Sorry. http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php If one shoots oneself in the foot that's ok. If people really want to bypass such checks we don't prevent them. They aren't a security thing or something but a help to structure and isolate code. For reading out there are things like var_dump() which give access to them, too. [2011-08-18 14:16:12] 0gb dot us at 0gb dot us Description: I use a static private property in one of my classes, so objects in that class can track data, while keeping it away from other parts of the script. However, I found you can exploit a backdoor to reach the property from places that should be outside the property's visibility, by using variable variables. Upon further testing, I found the same backdoor exists for static protected properties. Using this backdoor, you can get or set the property's value. Non-static properties seem to be unaffected by this bug. It doesn't seem particularly dangerous, but I thought I'd report it just the same. Test script: --- $test2;//Fatal error: Cannot access property started with '\0' in ... echo $object->$test3;//Fatal error: Cannot access property started with '\0' in ... echo $object->{"\0*\0private"};//Fatal error: Cannot access property started with '\0' in ... echo $object->{"\0*\0protected"};//Fatal error: Cannot access property started with '\0' in ... Expected result: All six echo()s should cause a fatal error. Actual result: -- Only the last four echo()s cause a fatal error. -- Edit this bug report at https://bugs.php.net/bug.php?id=55449&edit=1
Bug #55450 [Opn->Asn]: Built in web server not accepting file uploads
Edit report at https://bugs.php.net/bug.php?id=55450&edit=1 ID: 55450 Updated by: johan...@php.net Reported by:scott at aubrey dot org dot uk Summary:Built in web server not accepting file uploads -Status: Open +Status: Assigned Type: Bug Package:Built-in web server Operating System: Mac OS X 10.7.1 (Lion ) PHP Version:5.4.0alpha3 -Assigned To: +Assigned To:moriyoshi Block user comment: N Private report: N Previous Comments: [2011-08-18 14:22:03] scott at aubrey dot org dot uk forgot to add, that I started the server with: php -nS localhost:8001 -t. and the server output was: [Thu Aug 18 15:13:56 2011] ::1:54367 GET /testUpload.php - Request read [Thu Aug 18 15:13:56 2011] ::1:54367 GET /testUpload.php - Response sent successfully (200) [Thu Aug 18 15:14:01 2011] ::1:54369 POST /testUpload.php - Request read [Thu Aug 18 15:14:01 2011] ::1:54369 POST /testUpload.php - Response sent successfully (200) [2011-08-18 14:19:47] scott at aubrey dot org dot uk Description: The built in web server does not handle file uploads, instead throwing an error. This is a fairly clean build of alpha 3. Test script: --- Select a file to upload: Expected result: array(1) { ["file"]=> array(5) { ["name"]=> string(7) "testupload.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> string(26) "/private/var/tmp/phpynOZom" ["error"]=> int(0) ["size"]=> int(12) } } Actual result: -- array(0) { } -- Error log throws: PHP Warning: Missing boundary in multipart/form-data POST data in Unknown on line 0 -- Edit this bug report at https://bugs.php.net/bug.php?id=55450&edit=1
Bug #55449 [Opn->Bgs]: Static private and static protected properties have a backdoor.
Edit report at https://bugs.php.net/bug.php?id=55449&edit=1 ID: 55449 Updated by: johan...@php.net Reported by:0gb dot us at 0gb dot us Summary:Static private and static protected properties have a backdoor. -Status: Open +Status: Bogus Type: Bug Package:Class/Object related Operating System: Mac OS X PHP Version:5.3.6 Block user comment: N Private report: N New Comment: Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php If one shoots oneself in the foot that's ok. If people really want to bypass such checks we don't prevent them. They aren't a security thing or something but a help to structure and isolate code. For reading out there are things like var_dump() which give access to them, too. Previous Comments: [2011-08-18 14:16:12] 0gb dot us at 0gb dot us Description: I use a static private property in one of my classes, so objects in that class can track data, while keeping it away from other parts of the script. However, I found you can exploit a backdoor to reach the property from places that should be outside the property's visibility, by using variable variables. Upon further testing, I found the same backdoor exists for static protected properties. Using this backdoor, you can get or set the property's value. Non-static properties seem to be unaffected by this bug. It doesn't seem particularly dangerous, but I thought I'd report it just the same. Test script: --- $test2;//Fatal error: Cannot access property started with '\0' in ... echo $object->$test3;//Fatal error: Cannot access property started with '\0' in ... echo $object->{"\0*\0private"};//Fatal error: Cannot access property started with '\0' in ... echo $object->{"\0*\0protected"};//Fatal error: Cannot access property started with '\0' in ... Expected result: All six echo()s should cause a fatal error. Actual result: -- Only the last four echo()s cause a fatal error. -- Edit this bug report at https://bugs.php.net/bug.php?id=55449&edit=1
Bug #55447 [Opn->Bgs]: Global constant declared as const parsed as class constant with token_get_all()
Edit report at https://bugs.php.net/bug.php?id=55447&edit=1 ID: 55447 Updated by: johan...@php.net Reported by:andre at neo-anime dot org Summary:Global constant declared as const parsed as class constant with token_get_all() -Status: Open +Status: Bogus Type: Bug Package:Scripting Engine problem Operating System: Linux PHP Version:5.3SVN-2011-08-18 (SVN) Block user comment: N Private report: N New Comment: Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php The const keyword and the define() function work completely different. The const keyword is handled at compile time whereas define(), for the engine, is a regular function. Different tokens therefore are identifed as different code is generated internally, too. Previous Comments: [2011-08-18 13:54:45] andre at neo-anime dot org Test script should be https://bugs.php.net/bug.php?id=55447&edit=1
Bug #55448 [Opn]: Error at a Soap request
Edit report at https://bugs.php.net/bug.php?id=55448&edit=1 ID: 55448 User updated by:sunfundev at gmail dot com Reported by:sunfundev at gmail dot com -Summary:XML Error when +Summary:Error at a Soap request Status: Open Type: Bug Package:SOAP related Operating System: Windows/FreeBSD PHP Version:5.3.6 Block user comment: N Private report: N New Comment: Change title Previous Comments: [2011-08-18 14:10:56] sunfundev at gmail dot com Description: PHP 5.3.6 on Windows and FreeBSD There is a problem with soap-call when one of the parameters contains control characters. Expected result: $options = array( "location" => Config::$config['soap_location'], "uri" => Config::$config['soap_uri'], "trace" => 1, "exceptions" => true ); $soap_client = new SoapClient(null, $options); $result = $soap_client->login(array('user_name'=>Config::$config['login'],'password'=Config::$config['password'])); $session_id = $result->id; $entrie = array( array('name' => 'first_name', 'value' => 'normal string'), array('name' => 'last_name', 'value' => (string)chr(0x1A)), array('name' => 'email1', 'value' => 'soapt...@soaptest.com') ); $soap_client->__soapCall("set_entries", array($session_id, 'Leads', array($entrie))); Actual result: -- Fatal error: Uncaught SoapFault exception: [SOAP-ENV:Client] error in msg parsing: XML error parsing SOAP payload on line 2: Invalid character in H:\xampp\htdocs\test.php:55 Stack trace: #0 H:\xampp\htdocs\test.php(55): SoapClient->__soapCall('set_entries', Array) #1 {main} thrown in H:\xampp\htdocs\test.php on line 55 -- Edit this bug report at https://bugs.php.net/bug.php?id=55448&edit=1
Bug #55450 [Com]: Built in web server not accepting file uploads
Edit report at https://bugs.php.net/bug.php?id=55450&edit=1 ID: 55450 Comment by: scott at aubrey dot org dot uk Reported by:scott at aubrey dot org dot uk Summary:Built in web server not accepting file uploads Status: Open Type: Bug Package:Built-in web server Operating System: Mac OS X 10.7.1 (Lion ) PHP Version:5.4.0alpha3 Block user comment: N Private report: N New Comment: forgot to add, that I started the server with: php -nS localhost:8001 -t. and the server output was: [Thu Aug 18 15:13:56 2011] ::1:54367 GET /testUpload.php - Request read [Thu Aug 18 15:13:56 2011] ::1:54367 GET /testUpload.php - Response sent successfully (200) [Thu Aug 18 15:14:01 2011] ::1:54369 POST /testUpload.php - Request read [Thu Aug 18 15:14:01 2011] ::1:54369 POST /testUpload.php - Response sent successfully (200) Previous Comments: [2011-08-18 14:19:47] scott at aubrey dot org dot uk Description: The built in web server does not handle file uploads, instead throwing an error. This is a fairly clean build of alpha 3. Test script: --- Select a file to upload: Expected result: array(1) { ["file"]=> array(5) { ["name"]=> string(7) "testupload.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> string(26) "/private/var/tmp/phpynOZom" ["error"]=> int(0) ["size"]=> int(12) } } Actual result: -- array(0) { } -- Error log throws: PHP Warning: Missing boundary in multipart/form-data POST data in Unknown on line 0 -- Edit this bug report at https://bugs.php.net/bug.php?id=55450&edit=1
[PHP-BUG] Bug #55450 [NEW]: Built in web server not accepting file uploads
From: Operating system: Mac OS X 10.7.1 (Lion ) PHP version: 5.4.0alpha3 Package: Built-in web server Bug Type: Bug Bug description:Built in web server not accepting file uploads Description: The built in web server does not handle file uploads, instead throwing an error. This is a fairly clean build of alpha 3. Test script: --- Select a file to upload: Expected result: array(1) { ["file"]=> array(5) { ["name"]=> string(7) "testupload.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> string(26) "/private/var/tmp/phpynOZom" ["error"]=> int(0) ["size"]=> int(12) } } Actual result: -- array(0) { } -- Error log throws: PHP Warning: Missing boundary in multipart/form-data POST data in Unknown on line 0 -- Edit bug report at https://bugs.php.net/bug.php?id=55450&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55450&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55450&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55450&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55450&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55450&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55450&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55450&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55450&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55450&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55450&r=support Expected behavior: https://bugs.php.net/fix.php?id=55450&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55450&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55450&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55450&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55450&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55450&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55450&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55450&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55450&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55450&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55450&r=mysqlcfg
[PHP-BUG] Bug #55449 [NEW]: Static private and static protected properties have a backdoor.
From: Operating system: Mac OS X PHP version: 5.3.6 Package: Class/Object related Bug Type: Bug Bug description:Static private and static protected properties have a backdoor. Description: I use a static private property in one of my classes, so objects in that class can track data, while keeping it away from other parts of the script. However, I found you can exploit a backdoor to reach the property from places that should be outside the property's visibility, by using variable variables. Upon further testing, I found the same backdoor exists for static protected properties. Using this backdoor, you can get or set the property's value. Non-static properties seem to be unaffected by this bug. It doesn't seem particularly dangerous, but I thought I'd report it just the same. Test script: --- $test2;//Fatal error: Cannot access property started with '\0' in ... echo $object->$test3;//Fatal error: Cannot access property started with '\0' in ... echo $object->{"\0*\0private"};//Fatal error: Cannot access property started with '\0' in ... echo $object->{"\0*\0protected"};//Fatal error: Cannot access property started with '\0' in ... Expected result: All six echo()s should cause a fatal error. Actual result: -- Only the last four echo()s cause a fatal error. -- Edit bug report at https://bugs.php.net/bug.php?id=55449&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55449&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55449&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55449&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55449&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55449&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55449&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55449&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55449&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55449&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55449&r=support Expected behavior: https://bugs.php.net/fix.php?id=55449&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55449&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55449&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55449&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55449&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55449&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55449&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55449&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55449&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55449&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55449&r=mysqlcfg
[PHP-BUG] Bug #55448 [NEW]: XML Error when
From: Operating system: Windows/FreeBSD PHP version: 5.3.6 Package: SOAP related Bug Type: Bug Bug description:XML Error when Description: PHP 5.3.6 on Windows and FreeBSD There is a problem with soap-call when one of the parameters contains control characters. Expected result: $options = array( "location" => Config::$config['soap_location'], "uri" => Config::$config['soap_uri'], "trace" => 1, "exceptions" => true ); $soap_client = new SoapClient(null, $options); $result = $soap_client->login(array('user_name'=>Config::$config['login'],'password'=Config::$config['password'])); $session_id = $result->id; $entrie = array( array('name' => 'first_name', 'value' => 'normal string'), array('name' => 'last_name', 'value' => (string)chr(0x1A)), array('name' => 'email1', 'value' => 'soapt...@soaptest.com') ); $soap_client->__soapCall("set_entries", array($session_id, 'Leads', array($entrie))); Actual result: -- Fatal error: Uncaught SoapFault exception: [SOAP-ENV:Client] error in msg parsing: XML error parsing SOAP payload on line 2: Invalid character in H:\xampp\htdocs\test.php:55 Stack trace: #0 H:\xampp\htdocs\test.php(55): SoapClient->__soapCall('set_entries', Array) #1 {main} thrown in H:\xampp\htdocs\test.php on line 55 -- Edit bug report at https://bugs.php.net/bug.php?id=55448&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55448&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55448&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55448&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55448&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55448&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55448&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55448&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55448&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55448&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55448&r=support Expected behavior: https://bugs.php.net/fix.php?id=55448&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55448&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55448&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55448&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55448&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55448&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55448&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55448&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55448&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55448&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55448&r=mysqlcfg
Bug #55447 [Opn]: Global constant declared as const parsed as class constant with token_get_all()
Edit report at https://bugs.php.net/bug.php?id=55447&edit=1 ID: 55447 User updated by:andre at neo-anime dot org Reported by:andre at neo-anime dot org Summary:Global constant declared as const parsed as class constant with token_get_all() Status: Open Type: Bug Package:Scripting Engine problem Operating System: Linux PHP Version:5.3SVN-2011-08-18 (SVN) Block user comment: N Private report: N New Comment: Test script should be https://bugs.php.net/bug.php?id=55447&edit=1
[PHP-BUG] Bug #55447 [NEW]: Global constant declared as const parsed as class constant with token_get_all()
From: Operating system: Linux PHP version: 5.3SVN-2011-08-18 (SVN) Package: Scripting Engine problem Bug Type: Bug Bug description:Global constant declared as const parsed as class constant with token_get_all() Description: As of PHP 5.3.0 global constants can be declared using the const keyword in addition to the define() function. However token_get_all() incorrectly recognizes the former as a class constant. Test script: --- https://bugs.php.net/bug.php?id=55447&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55447&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55447&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55447&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55447&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55447&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55447&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55447&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55447&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55447&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55447&r=support Expected behavior: https://bugs.php.net/fix.php?id=55447&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55447&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55447&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55447&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55447&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55447&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55447&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55447&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55447&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55447&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55447&r=mysqlcfg
Bug #55442 [Opn->Bgs]: ID3-0.2 Comments tag.
Edit report at https://bugs.php.net/bug.php?id=55442&edit=1 ID: 55442 Updated by: johan...@php.net Reported by:thephpguru at hotmai dot com Summary:ID3-0.2 Comments tag. -Status: Open +Status: Bogus Type: Bug Package:Unknown/Other Function Operating System: Federa 13 PHP Version:5.3.6 Block user comment: N Private report: N New Comment: Please report this issue at http://pecl.php.net/id3 Sorry for the inconvenience. Previous Comments: [2011-08-17 14:43:46] thephpguru at hotmai dot com Description: --- THe Comments tag (COMM) is not appearing in ID3-0.2. I have verified that the Comments tag is not null in EasyTag, Kid3 or a Flash application I have that reads ID3 Tags. --- Test script: --- This file contains a 1.x tag"; } if ($tag_version & ID3_V1_1) { echo "This file contains a 1.1 tag"; } if ($tag_version & ID3_V2) { echo "This file contains a 2.x tag"; } if ($tag_version & ID3_V2_3) { echo "This file contains a 2.3 tag"; } if ($tag_version & ID3_V2_4) { echo "This file contains a 2.4 tag"; } echo ""; $tag = id3_get_tag("$new_mp3_file"); while(list($key,$value) = each($tag)){ echo "$key: $value"; if($key == "genre"){echo " (" . id3_get_genre_name($value) . ")";} echo ""; } unlink($new_mp3_file); ?> Expected result: The comments tag should display in the tag output. Actual result: -- This file contains a 1.x tag This file contains a 1.1 tag This file contains a 2.3 tag This file contains a 2.4 tag encoderSettings: LAME 32bits version 3.98.2 (http://www.mp3dev.org/) length: 27414 title: My name is Sulaiman The WordSmith artist: Sulaiman The WordSmith album: What Is A WordSmith recTime: 2010 track: 03/03 genre: 7 (Hip-Hop) composer: Sulaiman The WordSmith originalArtist: Sulaiman The WordSmith copyright: U.S: PAU003376550 / 1-407766721 encodedBy: Lame webOffPubl: http://thewordsmith.info webOffAudioFile: http://thewordsmith.info webOffAudioSrc: http://thewordsmith.info webOffIRS: http://thewordsmith.info publisher: The WordSmith World Wide mood: Educational webOffArtist: http://thewordsmith.info language: EN -- Edit this bug report at https://bugs.php.net/bug.php?id=55442&edit=1
Bug #55283 [Ver]: SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections
Edit report at https://bugs.php.net/bug.php?id=55283&edit=1 ID: 55283 Updated by: paj...@php.net Reported by:aleksey at wepay dot com Summary:SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections Status: Verified Type: Bug Package:MySQLi related Operating System: Cent OS PHP Version:5.3.6 Assigned To:mysql Block user comment: N Private report: N New Comment: You can try in German then as you both speak German as well. However it looks to me that the code speaks for itself. The connection fails after the timeout. This comment is based on this discussion on internals, http://news.php.net/php.internals/54667 . Previous Comments: [2011-08-18 07:51:51] and...@php.net English is neither my mother tongue. [2011-08-18 07:17:15] spam2 at rhsoft dot net what try you to tell me with "I don't get your comment :(" remember that not everfybody has english as nmative language i need a way to revert this change to get PHP 5.3.7 working with mysqlnd/ssl the same way as it did the whole last year [2011-08-18 06:08:55] and...@php.net I don't get your comment :( [2011-08-18 01:34:33] spam2 at rhsoft dot net well i guess this change results in connections hanging around and after a hughe timeout filling my mailbox with cron-mails since upgraded to 5.3.7 using MYSQLND so "Changing mysqli to make libmysql happy will cause leaks with mysqlnd" seems to be true -> but why done this change if knowing it? mysqlnd 5.0.8-dev - 20102224 - $Revision: 310735 $ without ssl_set() all works fine but unencyrpted how can i revert this change for the 5.3.7-final.tar.bz2? ___ MySQL server has gone away $this->ssl_key = '/etc/mysql-ssl/client.pem'; $this->ssl_crt = '/etc/mysql-ssl/client.pem'; $this->ssl_ca = '/etc/mysql-ssl/ca.crt'; $>conn->ssl_set($this->ssl_key, $this->ssl_crt, $this->ssl_ca, NULL, NULL); [2011-08-05 13:39:28] and...@php.net Automatic comment from SVN on behalf of andrey Revision: http://svn.php.net/viewvc/?view=revision&revision=314330 Log: Fix for bug #55283 SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55283 -- Edit this bug report at https://bugs.php.net/bug.php?id=55283&edit=1
Bug #55283 [Ver]: SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections
Edit report at https://bugs.php.net/bug.php?id=55283&edit=1 ID: 55283 Updated by: and...@php.net Reported by:aleksey at wepay dot com Summary:SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections Status: Verified Type: Bug Package:MySQLi related Operating System: Cent OS PHP Version:5.3.6 Assigned To:mysql Block user comment: N Private report: N New Comment: English is neither my mother tongue. Previous Comments: [2011-08-18 07:17:15] spam2 at rhsoft dot net what try you to tell me with "I don't get your comment :(" remember that not everfybody has english as nmative language i need a way to revert this change to get PHP 5.3.7 working with mysqlnd/ssl the same way as it did the whole last year [2011-08-18 06:08:55] and...@php.net I don't get your comment :( [2011-08-18 01:34:33] spam2 at rhsoft dot net well i guess this change results in connections hanging around and after a hughe timeout filling my mailbox with cron-mails since upgraded to 5.3.7 using MYSQLND so "Changing mysqli to make libmysql happy will cause leaks with mysqlnd" seems to be true -> but why done this change if knowing it? mysqlnd 5.0.8-dev - 20102224 - $Revision: 310735 $ without ssl_set() all works fine but unencyrpted how can i revert this change for the 5.3.7-final.tar.bz2? ___ MySQL server has gone away $this->ssl_key = '/etc/mysql-ssl/client.pem'; $this->ssl_crt = '/etc/mysql-ssl/client.pem'; $this->ssl_ca = '/etc/mysql-ssl/ca.crt'; $>conn->ssl_set($this->ssl_key, $this->ssl_crt, $this->ssl_ca, NULL, NULL); [2011-08-05 13:39:28] and...@php.net Automatic comment from SVN on behalf of andrey Revision: http://svn.php.net/viewvc/?view=revision&revision=314330 Log: Fix for bug #55283 SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections [2011-08-05 13:17:59] u...@php.net The actual issue here is in mysqlnd (or in the mysqli user API, however you put it :-)): if using mysqli_init() to create a connection object we don't yet know if it needs to be persistent or not. mysqli was changed to meet the needs of mysqlnd. Unfortunately, this has an unforeseen side-effect on mysqli @ libmysql [@ SSL]. Changing mysqli to make libmysql happy will cause leaks with mysqlnd. This needs some think time. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55283 -- Edit this bug report at https://bugs.php.net/bug.php?id=55283&edit=1
Bug #55283 [Com]: SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections
Edit report at https://bugs.php.net/bug.php?id=55283&edit=1 ID: 55283 Comment by: spam2 at rhsoft dot net Reported by:aleksey at wepay dot com Summary:SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections Status: Verified Type: Bug Package:MySQLi related Operating System: Cent OS PHP Version:5.3.6 Assigned To:mysql Block user comment: N Private report: N New Comment: what try you to tell me with "I don't get your comment :(" remember that not everfybody has english as nmative language i need a way to revert this change to get PHP 5.3.7 working with mysqlnd/ssl the same way as it did the whole last year Previous Comments: [2011-08-18 06:08:55] and...@php.net I don't get your comment :( [2011-08-18 01:34:33] spam2 at rhsoft dot net well i guess this change results in connections hanging around and after a hughe timeout filling my mailbox with cron-mails since upgraded to 5.3.7 using MYSQLND so "Changing mysqli to make libmysql happy will cause leaks with mysqlnd" seems to be true -> but why done this change if knowing it? mysqlnd 5.0.8-dev - 20102224 - $Revision: 310735 $ without ssl_set() all works fine but unencyrpted how can i revert this change for the 5.3.7-final.tar.bz2? ___ MySQL server has gone away $this->ssl_key = '/etc/mysql-ssl/client.pem'; $this->ssl_crt = '/etc/mysql-ssl/client.pem'; $this->ssl_ca = '/etc/mysql-ssl/ca.crt'; $>conn->ssl_set($this->ssl_key, $this->ssl_crt, $this->ssl_ca, NULL, NULL); [2011-08-05 13:39:28] and...@php.net Automatic comment from SVN on behalf of andrey Revision: http://svn.php.net/viewvc/?view=revision&revision=314330 Log: Fix for bug #55283 SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections [2011-08-05 13:17:59] u...@php.net The actual issue here is in mysqlnd (or in the mysqli user API, however you put it :-)): if using mysqli_init() to create a connection object we don't yet know if it needs to be persistent or not. mysqli was changed to meet the needs of mysqlnd. Unfortunately, this has an unforeseen side-effect on mysqli @ libmysql [@ SSL]. Changing mysqli to make libmysql happy will cause leaks with mysqlnd. This needs some think time. [2011-08-05 11:53:47] u...@php.net Reproducible with PHP 5.3.7RC4-dev (cli) (built: Jul 26 2011 17:35:20) (DEBUG) using *libmysql* to connect to 5.1.45-debug-log Configure Command => './configure' '--with-mysql=mysqlnd' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--with-pdo-mysql=/usr/local/mysql/bin/mysql_config' '--enable-debug' '--enable-maintainer-zts' '--enable-mysqlnd-ms' '--enable-mysqlenterprise' '--enable-mysqlnd-uh' '--enable-pcntl' nixnutz@linux-fuxh:~/php/php-src/branches/PHP_5_3> sapi/cli/php bar.php array(2) { [0]=> string(10) "Ssl_cipher" [1]=> string(18) "DHE-RSA-AES256-SHA" } array(2) { [0]=> string(10) "Ssl_cipher" [1]=> string(7) "RC4-MD5" } The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55283 -- Edit this bug report at https://bugs.php.net/bug.php?id=55283&edit=1
Bug #55425 [Fbk->Csd]: closure with use of referenced array -> SEGV
Edit report at https://bugs.php.net/bug.php?id=55425&edit=1 ID: 55425 Updated by: larue...@php.net Reported by:ajrattink at correct dot net Summary:closure with use of referenced array -> SEGV -Status: Feedback +Status: Closed Type: Bug Package:Reproducible crash Operating System: linux2.4.25 PHP Version:5.3.6 -Assigned To: +Assigned To:laruence Block user comment: N Private report: N New Comment: okey, well, I am going to close this report Previous Comments: [2011-08-16 12:43:30] ajrattink at correct dot net Tested with 5.3.7RC5, no more SEGV. [2011-08-16 04:54:28] larue...@php.net Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ Hi, I can reproduct this in php 5.3.6, and I have a quick look at php 5.3.7, seems there is no such issue in PHP 5.3.7, so plz try with php 5.3.7. [2011-08-15 16:00:53] ajrattink at correct dot net Description: If you reference an array (with instances) and 'use' that array in a closure (without referencing it again) you get a segmentation fault Using 'use (&$ar)' iso 'use ($ar)' fixes it. Test script: --- http://www.correct.nl/bug_closure_b338f79f99c96c55fc879211ca2fe370.php.txt Expected result: exit 0, I guess Actual result: -- SEGV, gdb where -> #0 0x0827e6ff in zend_objects_store_del_ref_by_handle_ex () #1 0x0827e684 in zend_objects_store_del_ref () #2 0x082595a3 in _zval_dtor_func () #3 0x0824d238 in _zval_dtor () #4 0x0824d464 in _zval_ptr_dtor () #5 0x0826692a in _zend_hash_index_update_or_next_insert () #6 0x082677df in zend_hash_copy () #7 0x0825971f in _zval_copy_ctor_func () #8 0x0827f259 in _zval_copy_ctor () #9 0x08299456 in zend_send_by_var_helper_SPEC_VAR () #10 0x08299e34 in ZEND_SEND_VAR_SPEC_VAR_HANDLER () #11 0x08280901 in execute () #12 0x0825b513 in zend_execute_scripts () #13 0x0820088b in php_execute_script () #14 0x082ff885 in main () -- Edit this bug report at https://bugs.php.net/bug.php?id=55425&edit=1