php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #37989 Enviroment variables not availabe on exec,mail,...
Submitted: 2006-07-02 17:13 UTC Modified: 2017-01-21 07:53 UTC
Votes:4
Avg. Score:4.5 ± 0.9
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (25.0%)
From: david at ols dot es Assigned:
Status: Open Package: *General Issues
PHP Version: 4.4.2 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-07-02 17:13 UTC] david at ols dot es
Description:
------------
Apache Environment variables (DOCUMENT_ROOT, SERVER_NAME, etc ...) are visible via phpinfo() and getenv() but not inside programs called via exec() and also not available to the mailer when called via mail()

Reproduce code:
---------------
test.php:

<?php
passthrough('print_env');
?>

print_env:

#!/bin/sh
/usr/bin/printenv

Expected result:
----------------
the very same variables reported as "Apache Enviroment" when calling phpinfo()

Actual result:
--------------
just a few standard shell variables

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-02 18:28 UTC] david at ols dot es
varibles set by putenv() are correctly set and visible inside programs called by exec(), passthrough(), ...

in the other hand also env vars set by SetEnv apache directive are also not available inside programs called via
exec(), passthrough(), ...
 [2006-07-02 18:29 UTC] david at ols dot es
varibles set by putenv() are correctly set and visible inside programs called by exec(), passthrough(), ...

in the other hand also env vars set by SetEnv apache directive are also not available inside programs called via
exec(), passthrough(), ...
 [2006-07-02 20:36 UTC] tony2001@php.net
This is how Apache works and apparently PHP cannot change it.
Not PHP problem.
 [2006-07-03 05:57 UTC] david at ols dot es
If PHP can access that variables via getenv() it (should) mean that they are in the enviroment and should also be accesible to programs called by PHP, but they are not. This does not look like a apache issue, it's PHP who calls the external programs and who has the chance to set it's enviroment
 [2006-07-03 06:47 UTC] tony2001@php.net
>If PHP can access that variables via getenv() it (should)
>mean that they are in the enviroment 

Nope. That means only that those "environment" variables are in Apache hash.
 [2006-07-03 07:42 UTC] david at ols dot es
ok, but according to apache documentation apache setenv "Sets an environment variable, which is then passed on to CGI scripts and SSI pages" , it could be considered that those variables should also be in php enviroment, where in fact they appear to be (as they could be accesed with getenv) and that it should also be in the enviroment of programs called by php. From a strict point of view the enviroment of apache should be propagated to php and then also to programs called by php. Apache API has functions to initialize and set the enviroment but that functions are not called by the php module. In th other hand when php is run as cgi then that enviroment is correctly set which makes it more inconsistent with how it works when run as an apache module.

Maybe this could be trated as a feature request rather than an bug (and i could provide a patch for the apache php module which will correctly set the enviroment).

Anyway the documentation should be changed to state that the apache enviroment in not really in the real program enviroment and that is not available for programs called by php).
 [2017-01-20 21:06 UTC] heiglandreas@php.net
-Status: Open +Status: Feedback -Package: Feature/Change Request +Package: *General Issues
 [2017-01-20 21:06 UTC] heiglandreas@php.net
Is this still relevant?
 [2017-01-21 07:53 UTC] david at ols dot es
-Status: Feedback +Status: Open
 [2017-01-21 07:53 UTC] david at ols dot es
yes, as an exmaple,  having the REMOTE_ADDR user ip address will be very helpful when calling mail so the mailer could check it against spamhaus/cbl , also having REQUEST_URI available could help tracking problems in an enviroment where one has control over the mailer but not over the customer php scripts, specially when the website has been compromised or infected by malware. Will be really useful to track and limit the damage caused in such situations.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC