php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48260 Size of PHP file affects behaviour of virtual() or #include virtual
Submitted: 2009-05-13 11:41 UTC Modified: 2009-05-14 15:56 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: p dot tipper at lancaster dot ac dot uk Assigned:
Status: Open Package: Apache2 related
PHP Version: 5.*, 6CVS (2009-05-13) OS: Debian GNU/Linux 5.0.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: p dot tipper at lancaster dot ac dot uk
New email:
PHP Version: OS:

 

 [2009-05-13 11:41 UTC] p dot tipper at lancaster dot ac dot uk
Description:
------------
When doing an #include virtual of a php file this seems to change to an include() call (and thus hit basedir restrictions) when the base PHP file reaches a certain size.  Also connected with this behaviour is sub-virtual requests also stop working.  This seems baffling as this behaviour should occur purely in Apache.  Use of virtual() seems to also trigger this bug.

Reproduce code:
---------------
This URL works normally:
http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200

This URL demonstrates the bug:
http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350

To see how this is affected by setting open_basedir="/usr/local/lib/php:/tmp:." then check these URLs:

Working: http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200&basedir=1

Broken: 
http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350&basedir=1

The "?amount=N" adds more output lines to the main PHP file thus changing its size in an easy manner.

All code available from http://red-velvet.lancs.ac.uk:8080/~tipper/include/include-test.tar.gz

Expected result:
----------------
The #include virtual (or virtual()) data should continue to behave as normal, and shouldn't fall foul of basedir restrictions.  The following block should always appear at the top of the output:

This is an included file /~tipper/include/subdir/test.php
Request was /~tipper/include/base/index.php?amount=200
This is an included file /~tipper/include/subdir/test2.php
Request was /~tipper/include/base/index.php?amount=200
End of included file /~tipper/include/subdir/test2.php
End of included file /~tipper/include/subdir/test.php

(Where 200 will be whatever number you set for amount= )


Actual result:
--------------
Once the amount goes above about 340 lines this seems to be the output (from http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350 )

This is an included file /~tipper/include/base/index.php
Request was /~tipper/include/base/index.php?amount=350
End of included file /~tipper/include/base/index.php

If you try this with open_basedir set to "/usr/local/lib/php:/tmp:." you get the following error (from http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350&basedir=1 )


Warning: main() [function.main]: open_basedir restriction in effect. File(/home/tipper/public_html/include/subdir/test.php) is not within the allowed path(s): (/usr/local/lib/php:/tmp:.) in /home/tipper/public_html/include/base/index.php on line 30

Warning: main(/home/tipper/public_html/include/subdir/test.php) [function.main]: failed to open stream: Operation not permitted in /home/tipper/public_html/include/base/index.php on line 30

Warning: main() [function.include]: Failed opening '/home/tipper/public_html/include/subdir/test.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/tipper/public_html/include/base/index.php on line 30



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-05-13 11:43 UTC] p dot tipper at lancaster dot ac dot uk
Warning, URLs have gotten wrapped in bug report:

Working:

http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200

Buggy: 

http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350


etc.
 [2009-05-13 18:29 UTC] jani@php.net
With what PHP version does this work and with what not?
 [2009-05-13 22:02 UTC] p dot tipper at lancaster dot ac dot uk
I initially saw it in PHP 5.2.5 but as requested by your bug tracking system I've tested it on "5.3CVS-2009-05-13 (snap)" as well (and thats the version the URLs in the bug report link to).
 [2009-05-14 13:52 UTC] jani@php.net
What is the size (in bytes) of the file where this problem exists with?
 [2009-05-14 15:18 UTC] p dot tipper at lancaster dot ac dot uk
I've done some more exact testing which is available in the .tar.gz file in the original bug report.

http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/working.php works fine and is 8020 bytes.

http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/broken.php displays the broken behaviour and is 8021 bytes.
 [2009-05-14 15:23 UTC] jani@php.net
Do you have zlib_output_compression php.ini directive set to "on"?
If so, try turn it off. 
 [2009-05-14 15:56 UTC] p dot tipper at lancaster dot ac dot uk
zlib.output_compression is off, and I've just tested it with it switched on and this bug is still reproducable.
 [2010-04-06 08:06 UTC] cveilleux at neopeak dot com
I can confirm this bug under PHP 5.2.10 using mod_php under apache (Ubuntu 9.10 
and CentOS 5.4). 

When using "include virtual" SSI or the virtual() function from a PHP script to 
another PHP script in order to integrate two different applications in the same 
page, it would sometimes work, and other times not work for no apparent reason.

Switching to PHP in CGI mode would fix the problem, although that is not always 
a viable option.

In my case the problem this caused was not related to basedir restrictions but 
it all sorts of other problems like:

- current work dir not being set properly in the included script, causing all 
include() call to fail.
- session_start in the included script complaining session is already started 
(by the parent script)..

This seems to indicate something is really wrong under the hood..
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Oct 19 02:01:27 2019 UTC