|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27110 php_value|flag / php_admin_* settings "leak" from .htaccess files
Submitted: 2004-01-31 15:21 UTC Modified: 2004-03-24 17:24 UTC
Avg. Score:4.8 ± 0.6
Reproduced:12 of 12 (100.0%)
Same Version:3 (25.0%)
Same OS:5 (41.7%)
From: walter at brunner dot at Assigned: iliaa (profile)
Status: No Feedback Package: Apache2 related
PHP Version: 4CVS-2004-02-01 OS: Linux (Gentoo)
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-01-31 15:21 UTC] walter at brunner dot at
The bug described with (closed) is still active in the following configuration:

Apache 2.0.48 / PHP Version 4.3.5RC2-dev (from 2004-01-31)

php.ini: include_path not set
apache-virtual host-section: include_path not set

.htaccess of /-directory: include_path set to some value

no .htaccess in /admin-directory.

if I look at the value of include_path in the /admin-directory with the function ini_get sometimes (~5%) it is set to the default value (.:/usr/local/lib/php), sometimes (~70%) to the correct value, sometimes to absolut nonsense (~25%).

The only solution to the problem seems to set in the apache-config:
MaxRequestsPerChild  1

This value is not really what I want, as there is allways a new process for every request.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-01 05:48 UTC]
Please read the bug #25753 comments. You have to come up with better information how we can reproduce this ourselves..

 [2004-02-01 15:48 UTC] walter at brunner dot at
I did additional experiments. The error occurs only in one specific virtual host. I am not able to reproduce the error within the same server (other virtual hosts) or on another server. The only difference between the vhost with error and the others is, that this vhost hast a designated ip-address, the other vhost share all the same ip address.

The other parameters in the apache-config for the faulty vhost are:
DocumentRoot /some/dir/web
ErrorLog /some/dir/logs/error_log
CustomLog /some/dir/logs/access_log extended
php_admin_value upload_tmp_dir "/some/dir/web/tmp"
php_value session.save_path /some/dir/tmp
php_admin_flag safe_mode off
<Directory "/some/dir/web">
AllowOverride All
<Directory "/some/dir/web/admin">
php_admin_value max_execution_time 1800
AllowOverride All

The .htaccess of the /-directory:
php_value include_path ".:/usr/local/lib/php:/some/dir/web/php"
 [2004-02-11 12:47 UTC]
Please try using this CVS snapshot:
For Windows:

Unable to replicate with latest CVS. 
 [2004-02-16 01:19 UTC]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Jan 28 20:03:33 2022 UTC