php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24838 Strange errors without reporting in the logs
Submitted: 2003-07-28 03:39 UTC Modified: 2003-07-28 08:12 UTC
From: pub at megaphone dot ch Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 4.3.2 OS: Solaris 8
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-07-28 03:39 UTC] pub at megaphone dot ch 
Description:
------------
There are several strange occurrences, maybe I should make several reports...
We were running php 4.1.2, safe-mode on, on a solaris 8 box, without problem. Last week we compiled and installed php 4.3.2 .
Several problems occurred :

1) the function file_exists() was working on files that were not owned by the user owning the script : this is better now, more logical, that it does not work, BUT, there is no "safe-mode" error in the logs, so it was very difficult to find the problem.

2) a lot more problematic : some clients were using a mysql query for loading data infile; I just cannot figure out why, but it was working even when the mysql rights were not set to "file" for the accessing user, and the syntax they used was "load data LOCAL infile", when the file was on the server - it should not have worked, but it worked, and what is amazing is : with changing ONLY the version of PHP, it does not work any more. How is this, that a function that only should send mysql syntax depends on the version of PHP ???? I tried the exact sql string that was sent to mysql, not through php but command line, and MySQL was not accepting it, which is the correct behaviour - but it was accepting it through PHP...

3) we are using PHPMyAdmin with http authentication; it does not work anymore; I thus installed the last available verion, not working either. It is maybe related to the fact that PHP_AUTH_USER is not available in safe-mode anymore, but PHPMyAdmin seems to pretend to be programmed correctly - and again, the only thing that has changed now is the version of PHP. And there is no error in the logs.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-28 07:46 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

LOAD INFILE for MySQL won't work if safe mode is enabled, the AUTH parameters also are no longer avaliable in safe mode. All of this is expected behaviour.
 [2003-07-28 08:12 UTC] pub at megaphone dot ch 
As I wrote :
"It is maybe related to the fact that PHP_AUTH_USER is not available in safe-mode anymore, but PHPMyAdmin seems to pretend to be programmed correctly"

PHPMyAdmin is using the "remote_user" variable in case it is available, I know that the php_auth ones are not available with safe_mode (and I wrote it just below). 

And : for MySQL, I understand well enough, BUT this does not explain why an sql string, which should be sent as is to the mysql engine, was accepted when it shouldn't have (because of mysql access rights). The problem is not that this does not work now : the problem is that it worked, when it was not supposed. We noticed it only when a client wrote to complain.
This is an important question, don't you think ? does PHP do something more than sending a simple sql to mysql engine ??? If it is, and this seems to be the only possible explanation to the facts, we should know ...

For the safe-mode errors : why are they not reported in logs in the case of file_exists() function ? Expected behaviour... ?

Thanks for considering it again - and sorry if, after this, you still think I did not read the instructions on how to report a bug ;-)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Jul 06 09:01:29 2024 UTC