php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #78279 libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)
Submitted: 2019-07-12 09:13 UTC Modified: 2019-07-12 14:24 UTC
From: athanasius dot kirchner at gmail dot com Assigned:
Status: Closed Package: *XML functions
PHP Version: 7.2.20 OS: Ubuntu 18.04.2 LTS
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: athanasius dot kirchner at gmail dot com
New email:
PHP Version: OS:

 

 [2019-07-12 09:13 UTC] athanasius dot kirchner at gmail dot com 
Description:
------------
The problem that the function libxml_disable_entity_loader shares its state between requests, that was reported and fixed for fpm in https://bugs.php.net/bug.php?id=64938, does also effect the sapi „cgi-fcgi“(php fastcgi). Our hoster uses this sapi in connection with apache2 and we have noticed the same behaviour. To reproduce that, use the following two scripts. First call Script 1 and than immediately call Script 2.

Test script:
---------------
#Script 1
<?php

libxml_disable_entity_loader(true);

#Script 2
<?php

die(var_dump(libxml_disable_entity_loader(false)));

Expected result:
----------------
Script 2 should always return false.

Actual result:
--------------
Script 2 returns true. (if other processes running on the server influencing libxml_disable_entity_loader the test has to been repeated a few times)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-12 10:02 UTC] athanasius dot kirchner at gmail dot com
-: julius dot boellmann at gmail dot com +: athanasius dot kirchner at gmail dot com
 [2019-07-12 10:02 UTC] athanasius dot kirchner at gmail dot com 
chg
 [2019-07-12 14:24 UTC] nikic@php.net 
This is because of https://github.com/php/php-src/blob/d68abef804cdd69d8e4d301d1755efd7a6189c2b/ext/libxml/libxml.c#L842. I don't really understand why some sapis are handled differently...
 [2019-07-12 14:31 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4a91f66b8f528e6d09e2c7fa04d87e2dc981bd34
Log: Fixed bug #78279
 [2019-07-12 14:31 UTC] nikic@php.net
-Status: Open +Status: Closed
 [2021-01-19 13:53 UTC] cmb@php.net 
Related To: Bug #70011
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Dec 03 17:01:29 2024 UTC