php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28521 After a virtual(), include_path is reset to php.ini values
Submitted: 2004-05-25 23:20 UTC Modified: 2004-05-28 18:26 UTC
Votes:5
Avg. Score:4.6 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: Bjorn dot Victor at it dot uu dot se Assigned:
Status: Wont fix Package: Apache2 related
PHP Version: 4CVS-2004-05-25 (stable) OS: Solaris 9/Linux (Fedora)
Private report: No CVE-ID: None
 [2004-05-25 23:20 UTC] Bjorn dot Victor at it dot uu dot se
Description:
------------
In PHP 4.3.7RC2-dev (STABLE-200405251830) (and 4.3.6), after a call to virtual() (whether successful or not), the include_path is reset to the value in php.ini.  

This behaviour does not respect settings in httpd.conf, e.g. for virtual hosts (although these are not enabled in the example), and makes the virtual() call mostly useless. It happens with Apache 2.0.49 both in Fedora Core 1 Linux and Solaris 9 (only tested 4.3.6 there).

Clue: in PHP 4.3.4, this behaviour did not occur: include_path was the same before and after the call to virtual().

Guess: might it be related to (the patch for) bug #25753?

Reproduce code:
---------------
In php.ini:
include_path = ".:/usr/share/pear"

In httpd.conf:
php_admin_value include_path ".:/home/opt/lib/php:/usr/share/pear"

In foo.php:
<?php
print "<pre>include path: ".ini_get('include_path')."</pre>\n";
virtual('foo.html');
print "<pre>include path: ".ini_get('include_path')."</pre>\n";
?>

(Content of foo.html not important, it doesn't need to exist).

Expected result:
----------------
include path: .:/home/opt/lib/php:/usr/share/pear
....
include path: .:/home/opt/lib/php:/usr/share/pear

Actual result:
--------------
include path: .:/home/opt/lib/php:/usr/share/pear
....
include path: .:/usr/share/pear

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-28 18:26 UTC] Bjorn dot Victor at it dot uu dot se
Excuse me, but why on earth do you select to "Won't fix" this bug??

Let me explain: this bug makes it IMPOSSIBLE to write code which first includes some PHP code, then does a virtual(), then includes some other PHP code, if the PHP code is not in the include_path set in php.ini.  This restriction makes it impossible to have different code bases e.g. for different virtual hosts.

My current workaround is to replace the virtual() call with a readfile(), but this (or using include()) skips Apache's access control (e.g. .htaccess), and is thus a huge security hole.  The virtual() is really useful in my setup.

If you consider this OK, please explain why.  But PLEASE reconsider the status of the bug!

The correct behaviour would be to reset include_path to the value set in httpd.conf, or rather, to the value before the virtual() call.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 10 22:01:28 2024 UTC