#25753 [Com]: php_value|flag / php_admin_* settings "leak" from vhosts/.htaccess files

2003-10-28 Thread mattias at segerdahl dot info 
 ID:   25753
 Comment by:   mattias at segerdahl dot info
 Reported By:  [EMAIL PROTECTED]
 Status:   Critical
 Bug Type: Apache related
 Operating System: *
 PHP Version:  4CVS, 5CVS
 New Comment:

This bug only appears when and if you have overlapping virtualhosts in
apache2. Using fqdn's that have IN A or CNAME to an ipaddress on the
server seems to fix it.

This is only an observation that seems to have gotten rid of the
problem for me.

// bad2da


Previous Comments:


[2003-10-26 09:58:23] thorv at tiscali dot no

One virtual server (without .htaccess) sometimes gives this warning:
---
PHP Warning:  head(): Failed opening 'themes/theme.php' for inclusion
(include_path='/first/path:/second/path') in /header.php on line 31
---
The path for this virtual server should have been the php.ini path
(include_path = ".:/usr/lib/php/"), but obviously another virtual
server has 'leaked' a local path.

The content of the "offending" virtual hosts .htaccess file is:
   php_value include_path "/first/path:/second/path"
   php_flag register_globals off

I can sometimes (but not reliably) reproduce the error by accessing the
"offending" virtual host a few times, and then access the site that
gives the error message. 

Have had no problems prior to Apache 2.0.47 (reported bug#24120), PHP
4.3.3 on Mandrake 9.2.

----------------

[2003-10-22 04:01:39] mattias at segerdahl dot info

Sniper,

I accidently ran into this bug a few moments ago. I talked to Derick
about it in the channel and we agreed I would do some testing. There
are some particular strange behaviour.

I will try to explain as well as include the files needed to reproduce
this error. But first let me point out one thing that I find really
weird.

This only occurs when the apache server has not been accessed for a
while, if you reload the page directly after you've encountered this
error message, it will work perfectly.

The error message is:

Warning: Unknown(): open_basedir restriction in effect.
File(/var/www/users.bitcom.se/index.php) is not within the allowed
path(s): (/var/www/www.sol.se) in Unknown on line 0
Warning: Unknown(/var/www/users.bitcom.se/index.php): failed to open
stream: Operation not permitted in Unknown on line 0
Warning: (null)(): Failed opening '/var/www/users.bitcom.se/index.php'
for inclusion (include_path='.:/usr/local/php//lib/php') in Unknown on
line 0

My php.ini file http://www.segerdahl.info/25753/php.ini
My httpd.conf file http://www.segerdahl.info/25753/httpd.conf

Server version: Apache/2.0.47
Server built:   Oct 20 2003 18:39:21

PHP 4.3.4RC4 configured as:

'./configure' '--with-apxs2=/usr/local/httpd/bin/apxs'
'--enable-mbstring' '--with-pear' '--with-mysql'
'--enable-magic-quotes' '--with-ftp' '--sysconfdir=/etc/php'
'--with-config-file-path=/etc/php' '--prefix=/usr/local/php/'
'--enable-mbstring' '--with-curl' '--enable-ftp' 

APACHE configured as:
./configure --sysconfdir=/etc/httpd/conf --enable-ssl
--prefix=/usr/local/httpd --enable-modules=dso,most

Contact me on efnet if you need more information... // bad2da



[2003-10-04 18:58:16] [EMAIL PROTECTED]

We do not know what causes this bug or how it can be reliably
reproduced. If you know exactly HOW this can be reproduced, add the
information here. Any other comments will be deleted.




[2003-10-04 00:48:12] [EMAIL PROTECTED]

Description:

If (for example) one virtualhost configuration has
set "php_admin_flag register_globals off", in some situations the
setting persists between requests.
-> php.ini settings are NOT reset between requests.

1. php.ini has register_globals = On
2. Request is made into www.foobar.com 
(which has "php_admin_flag register_globals off")
3. Next request (same apache child) is made into www.barfoo.com (which
does not have the setting)

This applies to ALL php.ini directives.

Some related reports:

bug #6374 (include_path in .htaccess across multiple vhosts)
bug #7174 (Round-robin -like values for include_path)
bug #19292 (Random error: open_basedir restriction..)
bug #21564 (corrupted paths coming to open_basedir)
bug #23462 ("php_admin_value open_basedir" in httpd.conf)
bug #23580 (Random values for include_path)
bug #24282 (Strange Open Base Dir Restriction Errors)
bug #24974 (random open_basedir errors)
bug #25172 ($HTTP_HOST sometimes empty)

For all who think they're experiencing this problem:
DO NOT add any comments here unless you have some extr

#25753 [Com]: php_value|flag / php_admin_* settings "leak" from vhosts/.htaccess files

2003-10-22 Thread mattias at segerdahl dot info 
 ID:   25753
 Comment by:   mattias at segerdahl dot info
 Reported By:  [EMAIL PROTECTED]
 Status:   Critical
 Bug Type: Apache related
 Operating System: *
 PHP Version:  4CVS, 5CVS
 New Comment:

Sniper,

I accidently ran into this bug a few moments ago. I talked to Derick
about it in the channel and we agreed I would do some testing. There
are some particular strange behaviour.

I will try to explain as well as include the files needed to reproduce
this error. But first let me point out one thing that I find really
weird.

This only occurs when the apache server has not been accessed for a
while, if you reload the page directly after you've encountered this
error message, it will work perfectly.

The error message is:

Warning: Unknown(): open_basedir restriction in effect.
File(/var/www/users.bitcom.se/index.php) is not within the allowed
path(s): (/var/www/www.sol.se) in Unknown on line 0
Warning: Unknown(/var/www/users.bitcom.se/index.php): failed to open
stream: Operation not permitted in Unknown on line 0
Warning: (null)(): Failed opening '/var/www/users.bitcom.se/index.php'
for inclusion (include_path='.:/usr/local/php//lib/php') in Unknown on
line 0

My php.ini file http://www.segerdahl.info/25753/php.ini
My httpd.conf file http://www.segerdahl.info/25753/httpd.conf

Server version: Apache/2.0.47
Server built:   Oct 20 2003 18:39:21

PHP 4.3.4RC4 configured as:

'./configure' '--with-apxs2=/usr/local/httpd/bin/apxs'
'--enable-mbstring' '--with-pear' '--with-mysql'
'--enable-magic-quotes' '--with-ftp' '--sysconfdir=/etc/php'
'--with-config-file-path=/etc/php' '--prefix=/usr/local/php/'
'--enable-mbstring' '--with-curl' '--enable-ftp' 

APACHE configured as:
./configure --sysconfdir=/etc/httpd/conf --enable-ssl
--prefix=/usr/local/httpd --enable-modules=dso,most

Contact me on efnet if you need more information... // bad2da


Previous Comments:


[2003-10-04 18:58:16] [EMAIL PROTECTED]

We do not know what causes this bug or how it can be reliably
reproduced. If you know exactly HOW this can be reproduced, add the
information here. Any other comments will be deleted.




[2003-10-04 00:48:12] [EMAIL PROTECTED]

Description:

If (for example) one virtualhost configuration has
set "php_admin_flag register_globals off", in some situations the
setting persists between requests.
-> php.ini settings are NOT reset between requests.

1. php.ini has register_globals = On
2. Request is made into www.foobar.com 
(which has "php_admin_flag register_globals off")
3. Next request (same apache child) is made into www.barfoo.com (which
does not have the setting)

This applies to ALL php.ini directives.

Some related reports:

bug #6374 (include_path in .htaccess across multiple vhosts)
bug #7174 (Round-robin -like values for include_path)
bug #19292 (Random error: open_basedir restriction..)
bug #21564 (corrupted paths coming to open_basedir)
bug #23462 ("php_admin_value open_basedir" in httpd.conf)
bug #23580 (Random values for include_path)
bug #24282 (Strange Open Base Dir Restriction Errors)
bug #24974 (random open_basedir errors)
bug #25172 ($HTTP_HOST sometimes empty)

For all who think they're experiencing this problem:
DO NOT add any comments here unless you have some extra information to
give which is not already given in above mentioned reports. 
Any comment which has no extra value will be deleted.







-- 
Edit this bug report at http://bugs.php.net/?id=25753&edit=1

#24493 [NEW]: ./configure to check if --with-mssql and --with-sybase/--with-sybase_ct is set

2003-07-04 Thread mattias at segerdahl dot info 
From: mattias at segerdahl dot info
Operating system: All Nix Systems
PHP version:  5.0.0b1 (beta1)
PHP Bug Type: Feature/Change Request
Bug description:  ./configure to check if --with-mssql and 
--with-sybase/--with-sybase_ct is set

Description:

Please configure the configuration script to check if both
--with-sybase(_ct) and --with-mssql has been choosen when ./configure is
running. This to prevent both modules to register the mssql_* functions


-- 
Edit bug report at http://bugs.php.net/?id=24493&edit=1
-- 
Try a CVS snapshot: http://bugs.php.net/fix.php?id=24493&r=trysnapshot
Fixed in CVS:   http://bugs.php.net/fix.php?id=24493&r=fixedcvs
Fixed in release:   http://bugs.php.net/fix.php?id=24493&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=24493&r=needtrace
Try newer version:  http://bugs.php.net/fix.php?id=24493&r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=24493&r=support
Expected behavior:  http://bugs.php.net/fix.php?id=24493&r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=24493&r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=24493&r=submittedtwice
register_globals:   http://bugs.php.net/fix.php?id=24493&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24493&r=php3
Daylight Savings:   http://bugs.php.net/fix.php?id=24493&r=dst
IIS Stability:  http://bugs.php.net/fix.php?id=24493&r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=24493&r=gnused

#24454 [Opn->Csd]: Problems with preg_match() in while(!feof()) loop

2003-07-01 Thread mattias at segerdahl dot info 
 ID:   24454
 User updated by:  mattias at segerdahl dot info
 Reported By:  mattias at segerdahl dot info
-Status:   Open
+Status:   Closed
 Bug Type: Unknown/Other Function
 Operating System: Mandrake 9.1
 PHP Version:  5.0.0b1 (beta1)
 New Comment:

Expected results and actual results should be switched.


Previous Comments:


[2003-07-02 01:48:56] mattias at segerdahl dot info

Expected results and actual results should be switched.



[2003-07-02 01:48:04] mattias at segerdahl dot info

Description:

When running the following test, php dies on the 2nd loop preg_match()

Reproduce code:
---
==[test.php]===
' . "\n";
echo
preg_replace("/\[!([^\]]+)!\]/e","\$this->tpl[\"\\1\"]",fgets($fp,1024));
echo 'there' . "\n";
  }
  
  fclose($fp);

  show_source("test2.php");
  show_source("dirlist.template.php");
?>
===

==[dirlist.template.php]===

  
  [!FILENAME!]
  [!VERSIONS!]
  [!DATETIME!]

===


Expected result:

start
end
start

Actual result:
--
start
end
start
end
start
end
start
end
start
end
start
end





-- 
Edit this bug report at http://bugs.php.net/?id=24454&edit=1

#24454 [Opn]: Problems with preg_match() in while(!feof()) loop

2003-07-01 Thread mattias at segerdahl dot info 
 ID:   24454
 User updated by:  mattias at segerdahl dot info
 Reported By:  mattias at segerdahl dot info
 Status:   Open
 Bug Type: Unknown/Other Function
 Operating System: Mandrake 9.1
 PHP Version:  5.0.0b1 (beta1)
 New Comment:

Expected results and actual results should be switched.


Previous Comments:


[2003-07-02 01:48:04] mattias at segerdahl dot info

Description:

When running the following test, php dies on the 2nd loop preg_match()

Reproduce code:
---
==[test.php]===
' . "\n";
echo
preg_replace("/\[!([^\]]+)!\]/e","\$this->tpl[\"\\1\"]",fgets($fp,1024));
echo 'there' . "\n";
  }
  
  fclose($fp);

  show_source("test2.php");
  show_source("dirlist.template.php");
?>
===

==[dirlist.template.php]===

  
  [!FILENAME!]
  [!VERSIONS!]
  [!DATETIME!]

===


Expected result:

start
end
start

Actual result:
--
start
end
start
end
start
end
start
end
start
end
start
end





-- 
Edit this bug report at http://bugs.php.net/?id=24454&edit=1

#24454 [NEW]: Problems with preg_match() in while(!feof()) loop

2003-07-01 Thread mattias at segerdahl dot info 
From: mattias at segerdahl dot info
Operating system: Mandrake 9.1
PHP version:  5.0.0b1 (beta1)
PHP Bug Type: Unknown/Other Function
Bug description:  Problems with preg_match() in while(!feof()) loop

Description:

When running the following test, php dies on the 2nd loop preg_match()

Reproduce code:
---
==[test.php]===
' . "\n";
echo
preg_replace("/\[!([^\]]+)!\]/e","\$this->tpl[\"\\1\"]",fgets($fp,1024));
echo 'there' . "\n";
  }
  
  fclose($fp);

  show_source("test2.php");
  show_source("dirlist.template.php");
?>
===

==[dirlist.template.php]===

  
  [!FILENAME!]
  [!VERSIONS!]
  [!DATETIME!]

===


Expected result:

start
end
start

Actual result:
--
start
end
start
end
start
end
start
end
start
end
start
end

-- 
Edit bug report at http://bugs.php.net/?id=24454&edit=1
-- 
Try a CVS snapshot: http://bugs.php.net/fix.php?id=24454&r=trysnapshot
Fixed in CVS:   http://bugs.php.net/fix.php?id=24454&r=fixedcvs
Fixed in release:   http://bugs.php.net/fix.php?id=24454&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=24454&r=needtrace
Try newer version:  http://bugs.php.net/fix.php?id=24454&r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=24454&r=support
Expected behavior:  http://bugs.php.net/fix.php?id=24454&r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=24454&r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=24454&r=submittedtwice
register_globals:   http://bugs.php.net/fix.php?id=24454&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24454&r=php3
Daylight Savings:   http://bugs.php.net/fix.php?id=24454&r=dst
IIS Stability:  http://bugs.php.net/fix.php?id=24454&r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=24454&r=gnused