php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79224 auto_prepend_file throught fcgi PHP_ADMIN_VALUE leacking
Submitted: 2020-02-04 13:46 UTC Modified: 2020-02-05 10:23 UTC
From: miksir at maker dot ru Assigned:
Status: Open Package: FPM related
PHP Version: 7.4.2 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: miksir at maker dot ru
New email:
PHP Version: OS:

 

 [2020-02-04 13:46 UTC] miksir at maker dot ru 
Description:
------------
When auto_prepend_file used as dynamic parameter throught fcgi PHP_ADMIN_VALUE, PHP process remembered auto_prepend_file from first request and used it for all next requests even if its empty

Test script:
---------------
Create 2 php scripts
index.php
```
<?php
Someclass::$var = 1;
```
init.php
```
<?php
class Someclass {
  public static $var = 0;
}
```

Start docker 
```
$ docker run --rm -p 9000:9000 -v $(pwd)/index.php:/opt/index.php -v $(pwd)/init.php:/opt/init.php php:7.4-fpm
```

First request with PHP_ADMIN_VALUE="auto_prepend_file=/opt/init.php"
```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php PHP_ADMIN_VALUE="auto_prepend_file=/opt/init.php" /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

```
As expected.


Second request without PHP_ADMIN_VALUE
```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

<br />
<b>Fatal error</b>:  Uncaught Error: Class 'Someclass' not found in /opt/index.php:3
Stack trace:
#0 {main}
  thrown in <b>/opt/index.php</b> on line <b>3</b><br />
```
Error received as was expected


But now I'm repeating last fcgi call (without PHP_ADMIN_VALUE). When fcgi request distributed to same process which received first request, request processed without errors. So look like this process remembered auto_prepend_file from first request.

```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

```

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-05 10:23 UTC] miksir at maker dot ru
-Package: *Configuration Issues +Package: FPM related
 [2020-02-05 10:23 UTC] miksir at maker dot ru 
Wrong package
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 13:01:31 2024 UTC