php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18936 Causes server to crash, serious problem
Submitted: 2002-08-16 04:09 UTC Modified: 2002-08-17 01:27 UTC
Votes:2
Avg. Score:3.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: theshithead at cox dot net Assigned:
Status: Not a bug Package: Performance problem
PHP Version: 4.2.0 OS: Unsure
Private report: No CVE-ID: None
 [2002-08-16 04:09 UTC] theshithead at cox dot net
This could be hard to explain, but here it goes:
<?php
#### Quick ex. of variables.php
$path_site = "www.w0rms.com";
loginStatus = include("$path_site/login.php");
?>
#### Quick ex. of index.php, page in wich problem occurs
<?php
// Required Files
require("require/variables.php");
require("require/mysql.php");
require("require/functions.php");
require("require/common.php");
require("require/themes.php");

echo "$header";
?>

#### Quick ex of themes.php, the page proccessing the info in database
<?php
Connect(); 
$sql = mysql_query("SELECT * FROM $db_themes WHERE theme_id = '$user_theme' ORDER BY theme_id ASC")or mysqlDie("N/A", __FILE__, __LINE__, mysql_error());		
$myrow = mysql_fetch_array($sql);
$theme_id = $myrow["theme_id"];
		
$header = addslashes($myrow[header]);
eval("\$header = \"$header\";");    
$header = stripslashes($header);
?>

#### Header of site, stored in MySQL Database (just example not full)
<td valign="top" border="0" background="$path_themes/eBlue/images/header_middle.gif">
// problem var
$loginStatus
</td>


As you can see, I am calling that var from my database. All other vars such as path_themes work fine. However this one causes the server to stop. Pages wont load, it completelly crashed for 3 hours. I tried it again, and it happend once more just now.

What might the cause be? I am clueless, the include is correct. And I am eval'ing it correct. The only  time this happens is when I use the include function in my variable.


thanks, 

w0rms.com

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-08-16 09:47 UTC] kalowsky@php.net
Okay I have no idea what you're trying to show us here.  Can you please make this the SIMPLEST sample script you can, and explain it a lot better?  Also do please try to upgrade to PHP 4.2.2
 [2002-08-17 00:14 UTC] theshithead at cox dot net
Okay, I have $var in my MySQL Database.
I first eval it so the variable will work.

$var = include("file.php");

that a little easier?
 [2002-08-17 00:38 UTC] kalowsky@php.net
so you have $var in your database, and then you overwrite it by setting it to the return value from the included file?

Where is the bug, this works just fine for me on multiple OSes.  

You may wish to try updating to 4.2.2, if only for the security fixes in it.  
 [2002-08-17 00:54 UTC] theshithead at cox dot net
Okay, in my header of my site, I have user the variable $var.

I use fulltext database type, and use the following code so the variable works:

$header = addslashes($myrow[header]);
eval("\$header = \"$header\";");    
$header = stripslashes($header);

I define the $var in variables.php as
$var = include("file.php");

I echo it in my index.php, header.php

The page doesnt load, and then for several hours the server was down. No pages worked
 [2002-08-17 00:59 UTC] rasmus@php.net
include does not return anything except true/false indicating whether the file could be included.  Your $loginStatus = include and $var = include examples make absolutely no sense.  Could you please write a really short script that causes the crash that we can try on our end?
 [2002-08-17 01:10 UTC] theshithead at cox dot net
Okay, I am going to make a full long complete example.

first off, the MySQL Database stores my themes. the theme header is stored in the database and called upon by the var name $header.

I eval it using the code I showed earlier. All variables show just fine. But when I call on $loginStatus I get the problem I described.

Okay I will describe the problem in short:

Header (stored in fulltext mysql database)
(ALL MY HEADER HTML)
<table><tr><td>$loginStatus</tr></td></table>

Variables.php
$path_site = "http://www.w0rms.com";
$loginStatus = include("$path_site/login.php");

themes.php (this converts the themes so the variables are defined)
	 	Connect(); 
		$sql = mysql_query(select from etc); 
		$myrow = mysql_fetch_array($sql);
		$theme_id = $myrow["theme_id"];		
		$header = addslashes($myrow[header]);
                eval("\$header = \"$header\";");    
		$header = stripslashes($header);

Okay, here is index.php The page were all of it comes together:

<?php
// =======================================
// Required Files
// =======================================
require("require/variables.php");
require("require/mysql.php");
require("require/functions.php");
require("require/common.php");
require("require/themes.php");

// =======================================
// We echo the header
// =======================================
echo "$header";

phphphphphphphphp---

?>

That is as deep as I can explain it, without showing the entire scripts; can you create the same error?
 [2002-08-17 01:13 UTC] rasmus@php.net
No, obviously we can't.  What exactly are you expecting the line:

$loginStatus = include("$path_site/login.php");

to do?  
 [2002-08-17 01:15 UTC] theshithead at cox dot net
That line to include a file, since I cant include login.php in my mysql database, I include it by variable..

It might have been include('file.php'); instead, I know it was correct though, I tested it.
 [2002-08-17 01:18 UTC] rasmus@php.net
That's not how include works.  Like I said before, it only returns a boolean status, it does not return the file.  And what do you mean you know it was correct?  Just look at your code.  Until you can provide us with a reproducable short test case, a gdb backtrace, sensible log messages, or anything we can go on, there is absolutely nothing we can do.
You couldn't even tell us the OS!
 [2002-08-17 01:25 UTC] theshithead at cox dot net
apache is OS

include doesnt include the file? As far as I knew require/include worked the same except for the errors.

Look bro, all I know is it totally messed up the server, I explained exactlly how to simulate this, just try it. You will see =)
 [2002-08-17 01:27 UTC] rasmus@php.net
Apache is not an operating system, it is a web server.

And yes, include does include the file, but it doesn't return it and put it into a variable the way you think it does.

And no, you did not give us a script that we could copy and and run on our own servers to reproduce your problem.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Nov 14 17:01:35 2019 UTC