php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #48260 Size of PHP file affects behaviour of virtual() or #include virtual
Submitted: 2009-05-13 11:41 UTC Modified: 2024-12-29 18:02 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: p dot tipper at lancaster dot ac dot uk Assigned: bukka (profile)
Status: Not a bug Package: Apache2 related
PHP Version: 5.*, 6CVS (2009-05-13) OS: Debian GNU/Linux 5.0.1
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: p dot tipper at lancaster dot ac dot uk
New email:
PHP Version: OS:

 

 [2009-05-13 11:41 UTC] p dot tipper at lancaster dot ac dot uk 
Description:
------------
When doing an #include virtual of a php file this seems to change to an include() call (and thus hit basedir restrictions) when the base PHP file reaches a certain size.  Also connected with this behaviour is sub-virtual requests also stop working.  This seems baffling as this behaviour should occur purely in Apache.  Use of virtual() seems to also trigger this bug.

Reproduce code:
---------------
This URL works normally:
http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200

This URL demonstrates the bug:
http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350

To see how this is affected by setting open_basedir="/usr/local/lib/php:/tmp:." then check these URLs:

Working: http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200&basedir=1

Broken: 
http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350&basedir=1

The "?amount=N" adds more output lines to the main PHP file thus changing its size in an easy manner.

All code available from http://red-velvet.lancs.ac.uk:8080/~tipper/include/include-test.tar.gz

Expected result:
----------------
The #include virtual (or virtual()) data should continue to behave as normal, and shouldn't fall foul of basedir restrictions.  The following block should always appear at the top of the output:

This is an included file /~tipper/include/subdir/test.php
Request was /~tipper/include/base/index.php?amount=200
This is an included file /~tipper/include/subdir/test2.php
Request was /~tipper/include/base/index.php?amount=200
End of included file /~tipper/include/subdir/test2.php
End of included file /~tipper/include/subdir/test.php

(Where 200 will be whatever number you set for amount= )


Actual result:
--------------
Once the amount goes above about 340 lines this seems to be the output (from http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350 )

This is an included file /~tipper/include/base/index.php
Request was /~tipper/include/base/index.php?amount=350
End of included file /~tipper/include/base/index.php

If you try this with open_basedir set to "/usr/local/lib/php:/tmp:." you get the following error (from http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350&basedir=1 )


Warning: main() [function.main]: open_basedir restriction in effect. File(/home/tipper/public_html/include/subdir/test.php) is not within the allowed path(s): (/usr/local/lib/php:/tmp:.) in /home/tipper/public_html/include/base/index.php on line 30

Warning: main(/home/tipper/public_html/include/subdir/test.php) [function.main]: failed to open stream: Operation not permitted in /home/tipper/public_html/include/base/index.php on line 30

Warning: main() [function.include]: Failed opening '/home/tipper/public_html/include/subdir/test.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/tipper/public_html/include/base/index.php on line 30

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-05-13 11:43 UTC] p dot tipper at lancaster dot ac dot uk 
Warning, URLs have gotten wrapped in bug report:

Working:

http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200

Buggy: 

http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350


etc.
 [2009-05-13 18:29 UTC] jani@php.net 
With what PHP version does this work and with what not?
 [2009-05-13 22:02 UTC] p dot tipper at lancaster dot ac dot uk 
I initially saw it in PHP 5.2.5 but as requested by your bug tracking system I've tested it on "5.3CVS-2009-05-13 (snap)" as well (and thats the version the URLs in the bug report link to).
 [2009-05-14 13:52 UTC] jani@php.net 
What is the size (in bytes) of the file where this problem exists with?
 [2009-05-14 15:18 UTC] p dot tipper at lancaster dot ac dot uk 
I've done some more exact testing which is available in the .tar.gz file in the original bug report.

http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/working.php works fine and is 8020 bytes.

http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/broken.php displays the broken behaviour and is 8021 bytes.
 [2009-05-14 15:23 UTC] jani@php.net 
Do you have zlib_output_compression php.ini directive set to "on"?
If so, try turn it off.
 [2009-05-14 15:56 UTC] p dot tipper at lancaster dot ac dot uk 
zlib.output_compression is off, and I've just tested it with it switched on and this bug is still reproducable.
 [2010-04-06 08:06 UTC] cveilleux at neopeak dot com 
I can confirm this bug under PHP 5.2.10 using mod_php under apache (Ubuntu 9.10 
and CentOS 5.4). 

When using "include virtual" SSI or the virtual() function from a PHP script to 
another PHP script in order to integrate two different applications in the same 
page, it would sometimes work, and other times not work for no apparent reason.

Switching to PHP in CGI mode would fix the problem, although that is not always 
a viable option.

In my case the problem this caused was not related to basedir restrictions but 
it all sorts of other problems like:

- current work dir not being set properly in the included script, causing all 
include() call to fail.
- session_start in the included script complaining session is already started 
(by the parent script)..

This seems to indicate something is really wrong under the hood..
 [2024-12-29 18:02 UTC] bukka@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: bukka
 [2024-12-29 18:02 UTC] bukka@php.net 
I apologise for very long time to get this investigated.

I have just done some testing of this and I'm not exactly sure if I understand the reported issue. From what I see the included script is out of open_basedir path and it should not be opened in the first case (even through #include virtual or virtual()). I have done some testing and it doesn't get executed no matter what the path is. So if anything the bug would be that it got executed. But that might got already fixed.

But I might be misunderstanding the issue because the links to the code no longer exist so I just did my own tests which might have a different setup. If you still have the files, feel free to email it to me or even better create a new GitHub issue with the files attached and I can investigate it. I will mark this as a not a bug for now.

Regarding the comment from cveilleux at neopeak dot com, that's a different issue that I plan to look into later as that flush might no longer be needed if it's because of that.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Apr 19 15:01:27 2025 UTC