php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27421 mbstring.func_overload set in .htaccess becomes global
Submitted: 2004-02-27 10:12 UTC Modified: 2008-10-04 00:53 UTC
Votes:491
Avg. Score:3.3 ± 0.7
Reproduced:133 of 151 (88.1%)
Same Version:73 (54.9%)
Same OS:74 (55.6%)
From: php at strategma dot bg Assigned: hirokawa
Status: Closed Package: mbstring related
PHP Version: 5.2.5 OS: *
Private report: No CVE-ID:
 [2004-02-27 10:12 UTC] php at strategma dot bg

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-06 14:22 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2004-03-07 06:10 UTC] moriyoshi@php.net
Could you try php-4.3.5RC3 instead of the current CVS snapshots?

http://qa.php.net/


 [2004-03-13 05:01 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 [2006-11-17 15:02 UTC] christophe at saout dot de
I'm still seing a similar problem in PHP 4.4.4.

The site has globally turned on mbstring.func_overload in php.ini.

When turning it off in a .htaccess for a specific directory, the behaviour experienced by the scripts in that directory becomes random. Sometimes it works as expected (especially after a fresh start of apache), but most of the time the script is using the overloaded mbstring functions e.g. for substr, even though ini_get("mbstring.func_overload") returns 0.

It looks like the save/restore in the mbstring module somehow gets confused and leaks overloaded functions between apache requests.

Assuming this is a variant of the bug experienced by the original bug author, I'm posting this here and requesting a re-opening.
 [2007-01-17 21:41 UTC] info at bert-jan dot com
I'm having this exact same issue on PHP 5.1.6 on Apache 2.0.59. Putting the mbstring.* settings in the VirtualHost-directive or in .htaccess doesn't seem to make a difference. The settings are 'leaked' to other vhosts who start to randomly malfunction and report errors like

Warning: mb_strrpos() [function.mb-strrpos]: Unknown encoding "6" in /home/bertjan/public_html/functions.php on line 307

As stated in the other comments, the erroneous behaviour isn't consistent. Sometimes it works but more often it doesn't. The trouble is quite evident in e.g. Squirrelmail or phpMyAdmin.
 [2007-01-17 21:57 UTC] info at bert-jan dot com
FYI: I'm running Slamd64 (Slackware x86-64) with Apache and PHP installed from source.

Apache:

./configure \
--enable-ssl \
--with-ssl \
--enable-proxy \
--enable-proxy-connect \
--enable-proxy-ftp \
--enable-proxy-http \
--enable-rewrite \
--enable-deflate \
--enable-so \

PHP:

./configure \
--with-apxs2=/usr/local/apache2/bin/apxs \
--with-mysql=/usr/local/mysql/ \
--with-zlib \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--enable-ftp \
--with-bz2 \
--with-gzip \
--with-openssl \
--enable-shmop \
--enable-posix \
--enable-pcntl \
--enable-sysvsem \
--enable-sysvshm \
--enable-iconv \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--enable-mbstring \
--enable-shmop \
--enable-soap \
--enable-memory-limit
 [2007-01-18 09:29 UTC] info at bert-jan dot com
I've tried it on another server running Debian unstable with PHP 5.2.0-8 on Apache 2.2.3 both installed with apt-get and the same issue is reproducible here too.
 [2008-01-17 13:35 UTC] mihau at great dot net dot pl
I'm still experiencing this bug.
On apache 2.0.59 with php 5.2.4, as well as php 4.4.x.

It looks like mbstring.func_overload setting in .htaccess affects other virtualhosts and directories.

I've tried with these in httpd.conf:
<IfModule prefork.c>

MaxRequestsPerChild 10
</IfModule>

It works as expected for site A until I enter site B with mbstring.func_overload in .htaccess. Site B works as expected.
Then i come back to site A and see unexpected results. I hit refresh few times and results back to normal.

It looks like one request affects all other requests for specified child.
When apache kill it after "MaxRequestPerChild" and spawn new child everything is working fine, until site B is requested.

Is this bug somehow related to #43677?

With one exception: ini_get("mbstring.func_overload") returns correct values - I mean values from config files.
 [2008-02-24 21:21 UTC] lip at lip dot net dot ua
I also have this problem.
PHP 5.2.5
Apache/2.2.8

If I use mbstring.func_overload in .htaccess 
other virtualhosts not work



For example:
<VirtualHost *:80>
DocumentRoot /var/www/phpmyadmin
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ServerName n.com.net
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www/db
ServerName db.net
</VirtualHost>

in /var/www/db/.htaccess
php_value mbstring.func_overload 6

In this situation phpmyadmin doesnt work when I refresh few
times db.net
 [2008-03-19 18:08 UTC] david at dfoerster dot de
Hi,

this patch fixes the problem (didn't find a way to attach a patch 
here):
http://www.dfoerster.de/misc/php-27421.diff

The problem was that the while loop in PHP_RSHUTDOWN_FUNCTION would 
terminate on the first function that was not overloaded. With a 
settin of 2, the str* functions would never be restored, because the 
mail function was not overloaded.

The patch changes the behaviour to be similar to the loop in 
PHP_RINIT_FUNCTION.
 [2008-03-19 18:28 UTC] david at dfoerster dot de
> It is not recommended to use the function overloading option in 
> the per-directory context, because it's not confirmed yet to be 
> stable enough in a production environment and may lead to 
> undefined behaviour. 

Once the patch is applied this notice can probably be removed from 
the documentation.
 [2008-06-10 02:10 UTC] future at shiny dot co dot il
David, unfortunately your patch doesn't seem to solve the problem.

Furthermore, on my system, strlen never seems to be overridden (mb_orig_strlen never exists) while substr always remains overridden (mb_orig_substr always exists).

Are you sure this shutdown sequence is even being run?
 [2008-06-10 08:39 UTC] future at shiny dot co dot il
Oops, my mistake. David's patch DOES solve the issue. (I just forgot to rebuild the module :)
 [2008-07-13 15:15 UTC] jani@php.net
Rui, didn't you just apply a patch that "fixes" this since it can't be set per-directory anymore?
 [2008-08-05 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2008-08-08 10:47 UTC] david at dfoerster dot de
Thank you for applying the patch. Is it also in the 5.2 branch?

Now this is fixed you might want to remove the note about the 
per-directory-context from the documentation or with which version 
it's supposed to work.
 [2008-09-10 05:12 UTC] awad33333 at hotmail dot com

 [2008-09-19 14:37 UTC] torkel at eonbit dot com
I applied the patch from 'david at dfoerster dot de' and it solved the issue.

In our case the mbstring.func_overload was set inside an apache virtual host, and the setting became global. I.e. leaked into other virtual hosts.

Thank you very much for providing this. It has been a real headache for on of out customer.

Can you please include it in the next release? I'll be happy to provide more information.
 [2008-09-21 19:39 UTC] dollar80 at freemail dot hu
I need reloed some of moves.
 [2008-10-04 00:53 UTC] hirokawa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

The fix is already applied in PHP 5.2 CVS and PHP 5.3 CVS.
The snapshot is also available from http://snaps.php.net


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 18:01:58 2014 UTC