#30282 [NEW]: Setting session.serialize_handler to none in apache config segfaults PHP
From: daniele at orlandi dot com Operating system: SuSE Linux 9.1 PHP version: 4.3.9 PHP Bug Type: Apache2 related Bug description: Setting session.serialize_handler to none in apache config segfaults PHP Description: This is an almost cosmetic issue. I incorrectly put "none" in apache's configuration file for session.serialize_handler. Starting the session, PHP segfaults; it may be a missing NULL check. php_value session.serialize_handler none [pid 31996] open("/tmp/sess_de475dfe390c0d01f35536633634db4a", O_RDWR|O_CREAT, 0600) = 28 [pid 31996] flock(28, LOCK_EX) = 0 [pid 31996] fcntl64(28, F_SETFD, FD_CLOEXEC) = 0 [pid 31996] fstat64(28, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 [pid 31996] pread(28, "", 0, 0) [pid 31996] --- SIGSEGV (Segmentation fault) @ 0 (0) --- -- Edit bug report at http://bugs.php.net/?id=30282&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=30282&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30282&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30282&r=trysnapshot51 Fixed in CVS:http://bugs.php.net/fix.php?id=30282&r=fixedcvs Fixed in release:http://bugs.php.net/fix.php?id=30282&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=30282&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=30282&r=needscript Try newer version: http://bugs.php.net/fix.php?id=30282&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=30282&r=support Expected behavior: http://bugs.php.net/fix.php?id=30282&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=30282&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=30282&r=submittedtwice register_globals:http://bugs.php.net/fix.php?id=30282&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=30282&r=php3 Daylight Savings:http://bugs.php.net/fix.php?id=30282&r=dst IIS Stability: http://bugs.php.net/fix.php?id=30282&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=30282&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=30282&r=float MySQL Configuration Error: http://bugs.php.net/fix.php?id=30282&r=mysqlcfg
#13961 [Com]: some characters in server variable names are silently changed
ID: 13961 Comment by: daniele at orlandi dot com Reported By: lampa at fee dot vutbr dot cz Status: Bogus Bug Type: Apache related Operating System: any PHP Version: 4CVS, 5CVS Assigned To: derick New Comment: It still isn't fixed in PHP 4.3.5, php still corrupts apache's environment and here's the proof: --- httpd.conf BrowserMatch "a" downgrade-1.0 force-response-1.0 nokeepalive --- a.html --- a.php GET /a.html HTTP/1.1 Host: stef.uli.it Connection: close User-Agent: a HTTP/1.0 200 OK Date: Wed, 31 Mar 2004 17:35:57 GMT Server: Apache/2.0.49 (Unix) mod_ssl/2.0.49 OpenSSL/0.9.7b PHP/4.3.5 Last-Modified: Wed, 31 Mar 2004 17:35:43 GMT ETag: "522e8-1e-c69ff9c0" Accept-Ranges: bytes Content-Length: 30 Connection: close Content-Type: text/html Connection closed by foreign host. --- GET /a.php HTTP/1.1 Host: stef.uli.it Connection: close User-Agent: a HTTP/1.1 200 OK Date: Wed, 31 Mar 2004 17:34:57 GMT Server: Apache/2.0.49 (Unix) mod_ssl/2.0.49 OpenSSL/0.9.7b PHP/4.3.5 X-Powered-By: PHP/4.3.5 Connection: close Transfer-Encoding: chunked Content-Type: text/html 4 ciao 0 Connection closed by foreign host. -- As you see, the PHP response discards force-response-1.0 and still responds with HTTP/1.1. My Cisco 7960 IP phones has a broken HTTP/1.1 client and isn't able to cope with chunked transfer encoding and I'm not able to make it work. Previous Comments: [2003-11-18 19:52:08] [EMAIL PROTECTED] This is infact fixed php_register_variable() is actually a wrapper around php_register_variable_safe() which always makes a copy of the original before passing it to php_register_variable_ex(). [2003-11-14 07:06:13] lampa at fee dot vutbr dot cz Still not fixed in 4.3.4 ---------------- [2003-11-11 18:15:11] daniele at orlandi dot com This bug is still present in php 4.3.4 and may be harmful since all the BrowserMatch functionality to workaround browser bugs in Apache is essentially disabled. As a proof of concept i patched sapi/apache2handler/sapi_apache2.c (apache2filter is probably affected too) and the problem went away. Note that the patch may not be perfect as I don't know how Apache and PHP work internally very well. --- php-4.3.4/sapi/apache2handler/sapi_apache2.c2003-10-02 05:24:43.0 +0200 +++ php-4.3.4-patched/sapi/apache2handler/sapi_apache2.c 2003-11-11 23:52:06.0 +0100 @@ -227,9 +227,14 @@ char *key, *val; zval **path_translated_zv; + char *t; + APR_ARRAY_FOREACH_OPEN(arr, key, val) if (!val) val = empty_string; - php_register_variable(key, val, track_vars_array TSRMLS_CC); + + t = estrndup(key, strlen(key)); + php_register_variable(t, val, track_vars_array TSRMLS_CC); + efree(t); APR_ARRAY_FOREACH_CLOSE() [2001-12-11 09:57:36] lampa at fee dot vutbr dot cz Not fixed in 4.1.0. Why? To be clear, one call is neccessary: for (i = 0; i < arr->nelts; i++) { char *val,*key; if (elts[i].val) { val = elts[i].val; } else { val = empty_string; } key = estrdup(elts[i].key); /* HERE */ php_register_variable(key, val, track_vars_array ELS_CC PLS_CC) ; } [2001-11-07 04:33:03] [EMAIL PROTECTED] This is not okay, PHP should not change the original key here. Checking it out. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/13961 -- Edit this bug report at http://bugs.php.net/?id=13961&edit=1
#27551 [Fbk->Opn]: strtotime fails to parse ISO 8601 timestamps with fractional seconds
ID: 27551 User updated by: daniele at orlandi dot com Reported By: daniele at orlandi dot com -Status: Feedback +Status: Open Bug Type: Date/time related Operating System: SuSE Linux 9.0 PHP Version: 4.3.5RC3 New Comment: Mmmh... do you really need an example script to test a function for two given values? :) Well... here is it: "; echo "2004-03-11 18:16:07+01 = " .strtotime("2004-03-11 18:16:07+01") .""; ?> Result: 2004-03-11 18:16:07.755155+01 = -1 2004-03-11 18:16:07+01 = 1079025367 Expected result: 2004-03-11 18:16:07.755155+01 = 1079025367 2004-03-11 18:16:07+01 = 1079025367 Previous Comments: [2004-03-10 13:27:38] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with , is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try avoid embedding huge scripts into the report. ------------ [2004-03-10 11:27:35] daniele at orlandi dot com Description: strtotime fails to parse timestamp returned by PostgreSQL in the default ISO 8601 output due to fractional seconds. This time stamp is not parsed (invalid): 2004-03-10 16:33:17.11403+01 This is correctly parsed: 2004-03-10 16:33:17+01 Fractional part could be ignored but shouldn't make strtotime consider the timestamp as invalid. -- Edit this bug report at http://bugs.php.net/?id=27551&edit=1
#27551 [NEW]: strtotime fails to parse ISO 8601 timestamps with fractional seconds
From: daniele at orlandi dot com Operating system: SuSE Linux 9.0 PHP version: 4.3.5RC3 PHP Bug Type: Date/time related Bug description: strtotime fails to parse ISO 8601 timestamps with fractional seconds Description: strtotime fails to parse timestamp returned by PostgreSQL in the default ISO 8601 output due to fractional seconds. This time stamp is not parsed (invalid): 2004-03-10 16:33:17.11403+01 This is correctly parsed: 2004-03-10 16:33:17+01 Fractional part could be ignored but shouldn't make strtotime consider the timestamp as invalid. -- Edit bug report at http://bugs.php.net/?id=27551&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27551&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27551&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27551&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27551&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27551&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27551&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27551&r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=27551&r=support Expected behavior: http://bugs.php.net/fix.php?id=27551&r=notwrong Not enough info:http://bugs.php.net/fix.php?id=27551&r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=27551&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27551&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27551&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27551&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27551&r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=27551&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27551&r=float
#13961 [Com]: some characters in incomonig variable names are silently changed
ID: 13961 Comment by: daniele at orlandi dot com Reported By: lampa at fee dot vutbr dot cz Status: No Feedback Bug Type: Apache related Operating System: FreeBSD PHP Version: 4.0.6, 4.1.0 Assigned To: derick New Comment: Is there a way to make this bug a little more alive? I provided the missing feedback... I don't want to file a duplicate, I'd just like to see it as an open bug (if it is the case). Sorry for the meta-comment Previous Comments: [2003-11-11 18:15:11] daniele at orlandi dot com This bug is still present in php 4.3.4 and may be harmful since all the BrowserMatch functionality to workaround browser bugs in Apache is essentially disabled. As a proof of concept i patched sapi/apache2handler/sapi_apache2.c (apache2filter is probably affected too) and the problem went away. Note that the patch may not be perfect as I don't know how Apache and PHP work internally very well. --- php-4.3.4/sapi/apache2handler/sapi_apache2.c2003-10-02 05:24:43.0 +0200 +++ php-4.3.4-patched/sapi/apache2handler/sapi_apache2.c 2003-11-11 23:52:06.0 +0100 @@ -227,9 +227,14 @@ char *key, *val; zval **path_translated_zv; + char *t; + APR_ARRAY_FOREACH_OPEN(arr, key, val) if (!val) val = empty_string; - php_register_variable(key, val, track_vars_array TSRMLS_CC); + + t = estrndup(key, strlen(key)); + php_register_variable(t, val, track_vars_array TSRMLS_CC); + efree(t); APR_ARRAY_FOREACH_CLOSE() [2002-10-15 01:00:02] php-bugs at lists dot php dot net No feedback was provided for this bug for over 2 weeks, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". [2002-09-29 20:41:13] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip This should be fixed in CVS (If I remember correctly) so could you please try the snapshot and verify it for us? [2001-12-11 09:57:36] lampa at fee dot vutbr dot cz Not fixed in 4.1.0. Why? To be clear, one call is neccessary: for (i = 0; i < arr->nelts; i++) { char *val,*key; if (elts[i].val) { val = elts[i].val; } else { val = empty_string; } key = estrdup(elts[i].key); /* HERE */ php_register_variable(key, val, track_vars_array ELS_CC PLS_CC) ; } [2001-11-07 04:33:03] [EMAIL PROTECTED] This is not okay, PHP should not change the original key here. Checking it out. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/13961 -- Edit this bug report at http://bugs.php.net/?id=13961&edit=1
#13961 [Com]: some characters in incomonig variable names are silently changed
ID: 13961 Comment by: daniele at orlandi dot com Reported By: lampa at fee dot vutbr dot cz Status: No Feedback Bug Type: Apache related Operating System: FreeBSD PHP Version: 4.0.6, 4.1.0 Assigned To: derick New Comment: This bug is still present in php 4.3.4 and may be harmful since all the BrowserMatch functionality to workaround browser bugs in Apache is essentially disabled. As a proof of concept i patched sapi/apache2handler/sapi_apache2.c (apache2filter is probably affected too) and the problem went away. Note that the patch may not be perfect as I don't know how Apache and PHP work internally very well. --- php-4.3.4/sapi/apache2handler/sapi_apache2.c2003-10-02 05:24:43.0 +0200 +++ php-4.3.4-patched/sapi/apache2handler/sapi_apache2.c 2003-11-11 23:52:06.0 +0100 @@ -227,9 +227,14 @@ char *key, *val; zval **path_translated_zv; + char *t; + APR_ARRAY_FOREACH_OPEN(arr, key, val) if (!val) val = empty_string; - php_register_variable(key, val, track_vars_array TSRMLS_CC); + + t = estrndup(key, strlen(key)); + php_register_variable(t, val, track_vars_array TSRMLS_CC); + efree(t); APR_ARRAY_FOREACH_CLOSE() Previous Comments: [2002-10-15 01:00:02] php-bugs at lists dot php dot net No feedback was provided for this bug for over 2 weeks, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". [2002-09-29 20:41:13] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip This should be fixed in CVS (If I remember correctly) so could you please try the snapshot and verify it for us? [2001-12-11 09:57:36] lampa at fee dot vutbr dot cz Not fixed in 4.1.0. Why? To be clear, one call is neccessary: for (i = 0; i < arr->nelts; i++) { char *val,*key; if (elts[i].val) { val = elts[i].val; } else { val = empty_string; } key = estrdup(elts[i].key); /* HERE */ php_register_variable(key, val, track_vars_array ELS_CC PLS_CC) ; } [2001-11-07 04:33:03] [EMAIL PROTECTED] This is not okay, PHP should not change the original key here. Checking it out. [2001-11-07 01:56:30] lampa at fee dot vutbr dot cz I don't think that FAQ solves that problem. Look at the source code of Apache server. There are several tests of the variable "force-response-1.0" there. The problem is not that php code variable is $force-response-1_0, that's OK, but the real problem is that apache variable name in r->subprocess_env is changed too. That's side effect and not pleasent. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/13961 -- Edit this bug report at http://bugs.php.net/?id=13961&edit=1
#22710 [Com]: an unknown filter was not added: PHP
ID: 22710 Comment by: daniele at orlandi dot com Reported By: intruderkillers at yahoo dot com dot br Status: Bogus Bug Type: Apache2 related Operating System: RedHat 8.0 PHP Version: 4.3.2RC1 New Comment: Same problem for me. Just upgraded from 4.3.0 to 4.3.2RC2, nothing else changed. Previous Comments: [2003-03-14 19:24:16] [EMAIL PROTECTED] Your httpd.conf is wrong. Please read the install instructions from http://www.php.net/manual/en/install.apache2.php [2003-03-14 13:50:28] intruderkillers at yahoo dot com dot br When I load any php page i`m getting this error in Apache/2.0.44 with 4.3.2RC1: an unknown filter was not added: PHP Best Regards, Luiz -- Edit this bug report at http://bugs.php.net/?id=22710&edit=1