#25753 [Com]: php_value|flag / php_admin_* settings "leak" from vhosts/.htaccess files
ID: 25753 Comment by: mattias at segerdahl dot info Reported By: [EMAIL PROTECTED] Status: Critical Bug Type: Apache related Operating System: * PHP Version: 4CVS, 5CVS New Comment: This bug only appears when and if you have overlapping virtualhosts in apache2. Using fqdn's that have IN A or CNAME to an ipaddress on the server seems to fix it. This is only an observation that seems to have gotten rid of the problem for me. // bad2da Previous Comments: [2003-10-26 09:58:23] thorv at tiscali dot no One virtual server (without .htaccess) sometimes gives this warning: --- PHP Warning: head(): Failed opening 'themes/theme.php' for inclusion (include_path='/first/path:/second/path') in /header.php on line 31 --- The path for this virtual server should have been the php.ini path (include_path = ".:/usr/lib/php/"), but obviously another virtual server has 'leaked' a local path. The content of the "offending" virtual hosts .htaccess file is: php_value include_path "/first/path:/second/path" php_flag register_globals off I can sometimes (but not reliably) reproduce the error by accessing the "offending" virtual host a few times, and then access the site that gives the error message. Have had no problems prior to Apache 2.0.47 (reported bug#24120), PHP 4.3.3 on Mandrake 9.2. ---------------- [2003-10-22 04:01:39] mattias at segerdahl dot info Sniper, I accidently ran into this bug a few moments ago. I talked to Derick about it in the channel and we agreed I would do some testing. There are some particular strange behaviour. I will try to explain as well as include the files needed to reproduce this error. But first let me point out one thing that I find really weird. This only occurs when the apache server has not been accessed for a while, if you reload the page directly after you've encountered this error message, it will work perfectly. The error message is: Warning: Unknown(): open_basedir restriction in effect. File(/var/www/users.bitcom.se/index.php) is not within the allowed path(s): (/var/www/www.sol.se) in Unknown on line 0 Warning: Unknown(/var/www/users.bitcom.se/index.php): failed to open stream: Operation not permitted in Unknown on line 0 Warning: (null)(): Failed opening '/var/www/users.bitcom.se/index.php' for inclusion (include_path='.:/usr/local/php//lib/php') in Unknown on line 0 My php.ini file http://www.segerdahl.info/25753/php.ini My httpd.conf file http://www.segerdahl.info/25753/httpd.conf Server version: Apache/2.0.47 Server built: Oct 20 2003 18:39:21 PHP 4.3.4RC4 configured as: './configure' '--with-apxs2=/usr/local/httpd/bin/apxs' '--enable-mbstring' '--with-pear' '--with-mysql' '--enable-magic-quotes' '--with-ftp' '--sysconfdir=/etc/php' '--with-config-file-path=/etc/php' '--prefix=/usr/local/php/' '--enable-mbstring' '--with-curl' '--enable-ftp' APACHE configured as: ./configure --sysconfdir=/etc/httpd/conf --enable-ssl --prefix=/usr/local/httpd --enable-modules=dso,most Contact me on efnet if you need more information... // bad2da [2003-10-04 18:58:16] [EMAIL PROTECTED] We do not know what causes this bug or how it can be reliably reproduced. If you know exactly HOW this can be reproduced, add the information here. Any other comments will be deleted. [2003-10-04 00:48:12] [EMAIL PROTECTED] Description: If (for example) one virtualhost configuration has set "php_admin_flag register_globals off", in some situations the setting persists between requests. -> php.ini settings are NOT reset between requests. 1. php.ini has register_globals = On 2. Request is made into www.foobar.com (which has "php_admin_flag register_globals off") 3. Next request (same apache child) is made into www.barfoo.com (which does not have the setting) This applies to ALL php.ini directives. Some related reports: bug #6374 (include_path in .htaccess across multiple vhosts) bug #7174 (Round-robin -like values for include_path) bug #19292 (Random error: open_basedir restriction..) bug #21564 (corrupted paths coming to open_basedir) bug #23462 ("php_admin_value open_basedir" in httpd.conf) bug #23580 (Random values for include_path) bug #24282 (Strange Open Base Dir Restriction Errors) bug #24974 (random open_basedir errors) bug #25172 ($HTTP_HOST sometimes empty) For all who think they're experiencing this problem: DO NOT add any comments here unless you have some extr
#25753 [Com]: php_value|flag / php_admin_* settings "leak" from vhosts/.htaccess files
ID: 25753 Comment by: mattias at segerdahl dot info Reported By: [EMAIL PROTECTED] Status: Critical Bug Type: Apache related Operating System: * PHP Version: 4CVS, 5CVS New Comment: Sniper, I accidently ran into this bug a few moments ago. I talked to Derick about it in the channel and we agreed I would do some testing. There are some particular strange behaviour. I will try to explain as well as include the files needed to reproduce this error. But first let me point out one thing that I find really weird. This only occurs when the apache server has not been accessed for a while, if you reload the page directly after you've encountered this error message, it will work perfectly. The error message is: Warning: Unknown(): open_basedir restriction in effect. File(/var/www/users.bitcom.se/index.php) is not within the allowed path(s): (/var/www/www.sol.se) in Unknown on line 0 Warning: Unknown(/var/www/users.bitcom.se/index.php): failed to open stream: Operation not permitted in Unknown on line 0 Warning: (null)(): Failed opening '/var/www/users.bitcom.se/index.php' for inclusion (include_path='.:/usr/local/php//lib/php') in Unknown on line 0 My php.ini file http://www.segerdahl.info/25753/php.ini My httpd.conf file http://www.segerdahl.info/25753/httpd.conf Server version: Apache/2.0.47 Server built: Oct 20 2003 18:39:21 PHP 4.3.4RC4 configured as: './configure' '--with-apxs2=/usr/local/httpd/bin/apxs' '--enable-mbstring' '--with-pear' '--with-mysql' '--enable-magic-quotes' '--with-ftp' '--sysconfdir=/etc/php' '--with-config-file-path=/etc/php' '--prefix=/usr/local/php/' '--enable-mbstring' '--with-curl' '--enable-ftp' APACHE configured as: ./configure --sysconfdir=/etc/httpd/conf --enable-ssl --prefix=/usr/local/httpd --enable-modules=dso,most Contact me on efnet if you need more information... // bad2da Previous Comments: [2003-10-04 18:58:16] [EMAIL PROTECTED] We do not know what causes this bug or how it can be reliably reproduced. If you know exactly HOW this can be reproduced, add the information here. Any other comments will be deleted. [2003-10-04 00:48:12] [EMAIL PROTECTED] Description: If (for example) one virtualhost configuration has set "php_admin_flag register_globals off", in some situations the setting persists between requests. -> php.ini settings are NOT reset between requests. 1. php.ini has register_globals = On 2. Request is made into www.foobar.com (which has "php_admin_flag register_globals off") 3. Next request (same apache child) is made into www.barfoo.com (which does not have the setting) This applies to ALL php.ini directives. Some related reports: bug #6374 (include_path in .htaccess across multiple vhosts) bug #7174 (Round-robin -like values for include_path) bug #19292 (Random error: open_basedir restriction..) bug #21564 (corrupted paths coming to open_basedir) bug #23462 ("php_admin_value open_basedir" in httpd.conf) bug #23580 (Random values for include_path) bug #24282 (Strange Open Base Dir Restriction Errors) bug #24974 (random open_basedir errors) bug #25172 ($HTTP_HOST sometimes empty) For all who think they're experiencing this problem: DO NOT add any comments here unless you have some extra information to give which is not already given in above mentioned reports. Any comment which has no extra value will be deleted. -- Edit this bug report at http://bugs.php.net/?id=25753&edit=1
#24493 [NEW]: ./configure to check if --with-mssql and --with-sybase/--with-sybase_ct is set
From: mattias at segerdahl dot info Operating system: All Nix Systems PHP version: 5.0.0b1 (beta1) PHP Bug Type: Feature/Change Request Bug description: ./configure to check if --with-mssql and --with-sybase/--with-sybase_ct is set Description: Please configure the configuration script to check if both --with-sybase(_ct) and --with-mssql has been choosen when ./configure is running. This to prevent both modules to register the mssql_* functions -- Edit bug report at http://bugs.php.net/?id=24493&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=24493&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=24493&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=24493&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=24493&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=24493&r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=24493&r=support Expected behavior: http://bugs.php.net/fix.php?id=24493&r=notwrong Not enough info:http://bugs.php.net/fix.php?id=24493&r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=24493&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=24493&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24493&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=24493&r=dst IIS Stability: http://bugs.php.net/fix.php?id=24493&r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=24493&r=gnused
#24454 [Opn->Csd]: Problems with preg_match() in while(!feof()) loop
ID: 24454 User updated by: mattias at segerdahl dot info Reported By: mattias at segerdahl dot info -Status: Open +Status: Closed Bug Type: Unknown/Other Function Operating System: Mandrake 9.1 PHP Version: 5.0.0b1 (beta1) New Comment: Expected results and actual results should be switched. Previous Comments: [2003-07-02 01:48:56] mattias at segerdahl dot info Expected results and actual results should be switched. [2003-07-02 01:48:04] mattias at segerdahl dot info Description: When running the following test, php dies on the 2nd loop preg_match() Reproduce code: --- ==[test.php]=== ' . "\n"; echo preg_replace("/\[!([^\]]+)!\]/e","\$this->tpl[\"\\1\"]",fgets($fp,1024)); echo 'there' . "\n"; } fclose($fp); show_source("test2.php"); show_source("dirlist.template.php"); ?> === ==[dirlist.template.php]=== [!FILENAME!] [!VERSIONS!] [!DATETIME!] === Expected result: start end start Actual result: -- start end start end start end start end start end start end -- Edit this bug report at http://bugs.php.net/?id=24454&edit=1
#24454 [Opn]: Problems with preg_match() in while(!feof()) loop
ID: 24454 User updated by: mattias at segerdahl dot info Reported By: mattias at segerdahl dot info Status: Open Bug Type: Unknown/Other Function Operating System: Mandrake 9.1 PHP Version: 5.0.0b1 (beta1) New Comment: Expected results and actual results should be switched. Previous Comments: [2003-07-02 01:48:04] mattias at segerdahl dot info Description: When running the following test, php dies on the 2nd loop preg_match() Reproduce code: --- ==[test.php]=== ' . "\n"; echo preg_replace("/\[!([^\]]+)!\]/e","\$this->tpl[\"\\1\"]",fgets($fp,1024)); echo 'there' . "\n"; } fclose($fp); show_source("test2.php"); show_source("dirlist.template.php"); ?> === ==[dirlist.template.php]=== [!FILENAME!] [!VERSIONS!] [!DATETIME!] === Expected result: start end start Actual result: -- start end start end start end start end start end start end -- Edit this bug report at http://bugs.php.net/?id=24454&edit=1
#24454 [NEW]: Problems with preg_match() in while(!feof()) loop
From: mattias at segerdahl dot info Operating system: Mandrake 9.1 PHP version: 5.0.0b1 (beta1) PHP Bug Type: Unknown/Other Function Bug description: Problems with preg_match() in while(!feof()) loop Description: When running the following test, php dies on the 2nd loop preg_match() Reproduce code: --- ==[test.php]=== ' . "\n"; echo preg_replace("/\[!([^\]]+)!\]/e","\$this->tpl[\"\\1\"]",fgets($fp,1024)); echo 'there' . "\n"; } fclose($fp); show_source("test2.php"); show_source("dirlist.template.php"); ?> === ==[dirlist.template.php]=== [!FILENAME!] [!VERSIONS!] [!DATETIME!] === Expected result: start end start Actual result: -- start end start end start end start end start end start end -- Edit bug report at http://bugs.php.net/?id=24454&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=24454&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=24454&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=24454&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=24454&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=24454&r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=24454&r=support Expected behavior: http://bugs.php.net/fix.php?id=24454&r=notwrong Not enough info:http://bugs.php.net/fix.php?id=24454&r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=24454&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=24454&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24454&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=24454&r=dst IIS Stability: http://bugs.php.net/fix.php?id=24454&r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=24454&r=gnused