#27110 [Com]: php_value|flag / php_admin_* settings leak from .htaccess files
ID: 27110 Comment by: j dot svoboda at phoenix dot cz Reported By: walter at brunner dot at Status: No Feedback Bug Type: Apache2 related Operating System: Linux (Gentoo) PHP Version: 4CVS-2004-02-01 Assigned To: iliaa New Comment: The problem still manifests when the directive auto_prepend_file and the Directory container are used together. Please see the reproduce code at http://www.p-i-n.cz/doc/phpbug.txt. Previous Comments: [2004-04-19 13:16:19] j dot svoboda at phoenix dot cz I am sorry, I stripped part of configure command. The full command is: './configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql=/usr/local/mysql' '--with-imap=/usr/local/src/imap' [2004-04-19 13:08:13] j dot svoboda at phoenix dot cz I can 100% reproduce this error. How to reproduce (my case): We use the supplied Apache configuration (with several insignificant changes, listed at the bottom) and these local settings (included from separate file httpd-test-local.conf): - StartServers 1 MaxClients 1 DocumentRoot /www AddType application/x-httpd-php .php Directory / Order allow,deny Allow from all php_value include_path .:/usr/local/lib/php:/www/lib /Directory # Development Directory /www/epv php_value include_path .:/usr/local/lib/php:/www/libv:/www/lib /Directory # Authentication LocationMatch ^/ep php_value auto_prepend_file a.php /LocationMatch - In /www, we have four directories, ep, epv, lib, libv. (ep* is for PHP scripts, lib* is for PHP libraries; versions with 'v' stand for 'deVelopment'). In ep*, we have simple script i.php containing the command ? echo ini_get(include_path); ? In lib, I have the empty file a.php. 1. I restart apache 2. I open the file /ep/i.php in my browser, and it prints .:/usr/local/lib/php:/www/lib 3. I open the file /epv/i.php in my browser, and it prints .:/usr/local/lib/php:/www/lib where it should print .:/usr/local/lib/php:/www/libv:/www/lib It seems that the problem manifests only in combination with auto_prepend_file. - Insignificant changes in apache configuration: diff httpd-std.conf httpd-test.conf 81c81 PidFile logs/httpd.pid PidFile logs/httpd-8080.pid 219c219 Listen 80 Listen 8080 231a232 LoadModule php4_modulemodules/libphp4.so 1049a1051 Include /usr/local/apache2/conf/httpd-test-local.conf - System settings: System: FreeBSD www.p-i-n.cz 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Wed Jan i386 Configure Command: './configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql SERVER_SOFTWARE: Apache/2.0.49 (Unix) PHP/4.3.5 - [2004-03-24 17:24:24] [EMAIL PROTECTED] It's fixed for me in 4.3.5RC3 Try the latest 4.3.5 RC, or CVS snapshot [2004-03-24 11:19:57] bfriday at lasierra dot edu Installed php-4.3.4 and this bug continues to be a problem moved to the latest RC2 when it came out last week and the bug while listed in other reports as fixed continues to be a problem. I've got a virtual host situation in which the following is occuring: 1) primary hostname is fine it is not using php so there is no error 2) this virtual host is fine but is using php and it has some additional information which is set over and above our default settings in the php.ini via .htaccess files. 3) this virtual host is using just html so is fine as well 4) this virtual host would like to use php but cannot as php demands to look for setting which is not defined in the global .htaccess but rather in the .htaccess of virtual host 2. PHP consistently errors out and is unusable on this host as no program gets past the php_value auto_prepend_file line which is located in virtual host 2's .htaccess file. Please let me know if you have need of further information I can provide the domain names to a developer to do a look see but would need to do that privately. I'd really appreciate it if this is fixed as it makes using php in a virtual host setting impossible. [2004-02-16 01:19:35] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to Open. Thank you. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/27110 -- Edit this bug report at http://bugs.php.net/?id=27110edit=1
#28729 [NEW]: php_value settings leak from apache config when auto_prepend_file is used
From: j dot svoboda at phoenix dot cz Operating system: FreeBSD PHP version: 4.3.7 PHP Bug Type: Apache2 related Bug description: php_value settings leak from apache config when auto_prepend_file is used Description: If (for example) specific directory configuration has a given include_path, in some situations the setting persists between requests (php.ini settings are NOT reset between requests). This bug is similar to the bug described in http://bugs.php.net/bug.php?id=27110. The important difference is that the problem manifests only when auto_prepend_file is used. Reproduce code: --- See: http://www.p-i-n.cz/doc/phpbug.txt Expected result: See the link given. Actual result: -- See the link given. -- Edit bug report at http://bugs.php.net/?id=28729edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28729r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28729r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=28729r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=28729r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=28729r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=28729r=needscript Try newer version: http://bugs.php.net/fix.php?id=28729r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=28729r=support Expected behavior: http://bugs.php.net/fix.php?id=28729r=notwrong Not enough info:http://bugs.php.net/fix.php?id=28729r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=28729r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=28729r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28729r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=28729r=dst IIS Stability: http://bugs.php.net/fix.php?id=28729r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=28729r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=28729r=float
#27110 [Com]: php_value|flag / php_admin_* settings leak from .htaccess files
ID: 27110 Comment by: j dot svoboda at phoenix dot cz Reported By: walter at brunner dot at Status: No Feedback Bug Type: Apache2 related Operating System: Linux (Gentoo) PHP Version: 4CVS-2004-02-01 Assigned To: iliaa New Comment: I am sorry, I stripped part of configure command. The full command is: './configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql=/usr/local/mysql' '--with-imap=/usr/local/src/imap' Previous Comments: [2004-04-19 13:08:13] j dot svoboda at phoenix dot cz I can 100% reproduce this error. How to reproduce (my case): We use the supplied Apache configuration (with several insignificant changes, listed at the bottom) and these local settings (included from separate file httpd-test-local.conf): - StartServers 1 MaxClients 1 DocumentRoot /www AddType application/x-httpd-php .php Directory / Order allow,deny Allow from all php_value include_path .:/usr/local/lib/php:/www/lib /Directory # Development Directory /www/epv php_value include_path .:/usr/local/lib/php:/www/libv:/www/lib /Directory # Authentication LocationMatch ^/ep php_value auto_prepend_file a.php /LocationMatch - In /www, we have four directories, ep, epv, lib, libv. (ep* is for PHP scripts, lib* is for PHP libraries; versions with 'v' stand for 'deVelopment'). In ep*, we have simple script i.php containing the command ? echo ini_get(include_path); ? In lib, I have the empty file a.php. 1. I restart apache 2. I open the file /ep/i.php in my browser, and it prints .:/usr/local/lib/php:/www/lib 3. I open the file /epv/i.php in my browser, and it prints .:/usr/local/lib/php:/www/lib where it should print .:/usr/local/lib/php:/www/libv:/www/lib It seems that the problem manifests only in combination with auto_prepend_file. - Insignificant changes in apache configuration: diff httpd-std.conf httpd-test.conf 81c81 PidFile logs/httpd.pid PidFile logs/httpd-8080.pid 219c219 Listen 80 Listen 8080 231a232 LoadModule php4_modulemodules/libphp4.so 1049a1051 Include /usr/local/apache2/conf/httpd-test-local.conf - System settings: System: FreeBSD www.p-i-n.cz 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Wed Jan i386 Configure Command: './configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql SERVER_SOFTWARE: Apache/2.0.49 (Unix) PHP/4.3.5 - [2004-03-24 17:24:24] [EMAIL PROTECTED] It's fixed for me in 4.3.5RC3 Try the latest 4.3.5 RC, or CVS snapshot [2004-03-24 11:19:57] bfriday at lasierra dot edu Installed php-4.3.4 and this bug continues to be a problem moved to the latest RC2 when it came out last week and the bug while listed in other reports as fixed continues to be a problem. I've got a virtual host situation in which the following is occuring: 1) primary hostname is fine it is not using php so there is no error 2) this virtual host is fine but is using php and it has some additional information which is set over and above our default settings in the php.ini via .htaccess files. 3) this virtual host is using just html so is fine as well 4) this virtual host would like to use php but cannot as php demands to look for setting which is not defined in the global .htaccess but rather in the .htaccess of virtual host 2. PHP consistently errors out and is unusable on this host as no program gets past the php_value auto_prepend_file line which is located in virtual host 2's .htaccess file. Please let me know if you have need of further information I can provide the domain names to a developer to do a look see but would need to do that privately. I'd really appreciate it if this is fixed as it makes using php in a virtual host setting impossible. [2004-02-16 01:19:35] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to Open. Thank you. [2004-02-11 12:47:16] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Unable to replicate with latest CVS. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/27110 -- Edit this bug report at http://bugs.php.net/?id=27110edit=1