php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64938 libxml_disable_entity_loader setting is shared between threads
Submitted: 2013-05-28 13:43 UTC Modified: 2013-10-10 12:03 UTC
Votes:42
Avg. Score:4.5 ± 0.8
Reproduced:33 of 33 (100.0%)
Same Version:7 (21.2%)
Same OS:9 (27.3%)
From: Sjon at hortensius dot net Assigned:
Status: Closed Package: *XML functions
PHP Version: 5.4.15 OS: Archlinux
Private report: No CVE-ID:
 [2013-05-28 13:43 UTC] Sjon at hortensius dot net
Description:
------------
The libxml_disable_entity_loader() setting is shared between hits in a FPM 
process. Therefore; our script have the external entity-loader randomly 
enabled/disabled.

Test script:
---------------
<?php

die(var_dump(libxml_disable_entity_loader(false)));

Expected result:
----------------
The default setting (which is true since 5.4.13) should always be var_dump-ed

Actual result:
--------------
since this setting is remembered in the thread; after a while all hits return 
false

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-05-30 21:30 UTC] Sjon at hortensius dot net
-Summary: libxml_disable_entity_loader setting is shared between hits +Summary: libxml_disable_entity_loader setting is shared between threads
 [2013-05-30 21:30 UTC] Sjon at hortensius dot net
Clarified summary
 [2013-10-10 12:03 UTC] mike@php.net
-Package: FPM related +Package: *XML functions
 [2015-01-29 16:44 UTC] stefan dot behninger at nasdaq dot com
Seems like this is a much bigger issue. We discovered that disabling the loader does not only affect the current thread but obviously changes the setting globally on the entire server. Plus, it seems to be persisted in a way that only restarting the server got us back to normal.

Planning to do some more tests tomorrow to eliminate any kind of caching that might have been involved.

We're on PHP 5.3.3 on CentOS, strictly single-threaded.
 [2015-02-01 08:10 UTC] stas@php.net
Automatic comment on behalf of martin@divbyzero.net
Revision: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9
Log: Fix bug #64938: libxml_disable_entity_loader setting is shared between threads
 [2015-02-01 08:10 UTC] stas@php.net
-Status: Open +Status: Closed
 [2015-02-01 08:10 UTC] stas@php.net
Automatic comment on behalf of martin@divbyzero.net
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c1eb87ab1a2e2df1868b70cd7b8016c6147092c5
Log: Fix bug #64938: libxml_disable_entity_loader setting is shared between threads
 
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Fri Mar 27 17:02:42 2015 UTC