php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70039 MySQL PDO ignores env-vars
Submitted: 2015-07-10 10:58 UTC Modified: 2015-07-10 13:21 UTC
From: spam2 at rhsoft dot net Assigned:
Status: Not a bug Package: Testing related
PHP Version: 5.5.27 OS:
Private report: No CVE-ID: None
 [2015-07-10 10:58 UTC] spam2 at rhsoft dot net
Description:
------------
why are with that environment vars a ton of tests still try to connect as root without a password? that's unacceptable for security reasons and frankly there should be in general a test-user with it's own database be the default instead root
____________________________________

export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2 MYSQL_TEST_HOST="localhost" MYSQL_TEST_PORT="3306" MYSQL_TEST_USER="php_autotest" MYSQL_TEST_PASSWD="*****" MYSQL_TEST_DB="php_autotest" PDO_MYSQL_TEST_HOST="localhost" PDO_MYSQL_TEST_SOCKET="%{_sharedstatedir}/mysql/mysql.sock" PDO_MYSQL_TEST_USER="php_autotest" PDO_MYSQL_TEST_PASS="****" PDO_MYSQL_TEST_DB="php_autotest" PDO_MYSQL_TEST_ENGINE="MyISAM"
____________________________________

SKIP MySQL PDO: PDOStatement->fetchObject() [ext/pdo_mysql/tests/pdo_mysql_stmt_fetchobject.phpt] reason: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: NO)
SKIP MySQL: PDOStatement->getColumnMeta() [ext/pdo_mysql/tests/pdo_mysql_stmt_getcolumnmeta.phpt] reason: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: NO)
SKIP PDOStatements and multi query [ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt] reason: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: NO)
SKIP MySQL PDOStatement->nextRowSet() [ext/pdo_mysql/tests/pdo_mysql_stmt_nextrowset.phpt] reason: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: NO)
SKIP MySQL PDOStatement->rowCount() @ SELECT [ext/pdo_mysql/tests/pdo_mysql_stmt_rowcount.phpt] reason: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: NO)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-10 11:19 UTC] mbeccati@php.net
Did you try setting PDO_MYSQL_TEST_DSN ?
 [2015-07-10 11:22 UTC] spam2 at rhsoft dot net
is there a *full* list of mysql/mysqli/pdo related env-vars?
i posted my complete env-vars used in the rpm-spec before the tests

honestly the vars below should be enough and taken by *anything* which connects to mysql unless a specific override is given

MYSQL_TEST_HOST="localhost" 
MYSQL_TEST_PORT="3306" 
MYSQL_TEST_USER="php_autotest" 
MYSQL_TEST_PASSWD="*****" 
MYSQL_TEST_DB="php_autotest"
 [2015-07-10 11:24 UTC] cweiske@php.net
Maybe the test script uses $_ENV, which does not get populated by the default php.ini settings.
 [2015-07-10 11:33 UTC] spam2 at rhsoft dot net
i doubt because in that case other tests would fail too, maybe *that* testscript does something different

PASS mysqli bind_result 1 [ext/mysqli/tests/002.phpt] 
PASS mysqli connect [ext/mysqli/tests/003.phpt] 
PASS mysqli fetch char/text [ext/mysqli/tests/004.phpt] 
PASS mysqli fetch char/text long [ext/mysqli/tests/005.phpt] 
PASS mysqli fetch long values [ext/mysqli/tests/006.phpt] 
PASS mysqli fetch short values [ext/mysqli/tests/007.phpt]

BTW: there are also some tests FAIL for years now on 5.3/5.4/5.5

FAILED TEST SUMMARY
---------------------------------------------------------------------
Zend Multibyte and UTF-8 BOM [Zend/tests/multibyte/multibyte_encoding_002.phpt]
Zend Multibyte and UTF-16 BOM [Zend/tests/multibyte/multibyte_encoding_003.phpt]
#66265: gettext doesn't switch locales within the same script [ext/gettext/tests/bug66267.phpt]
IntlCalendar::getDayOfWeekType() basic test [ext/intl/tests/calendar_getDayOfWeekType_basic.phpt]
IntlDateFormatter::formatObject(): DateTime tests [ext/intl/tests/dateformat_formatObject_datetime_variant3.phpt]
Bug #36745 (LOAD DATA LOCAL INFILE doesn't return correct error message) [ext/mysqli/tests/bug36745.phpt]
Bug #42548 PROCEDURE xxx can't return a result set in the given context (works in 5.2.3!!) [ext/mysqli/tests/bug42548.phpt]
Bug #44879 (failed to prepare statement) [ext/mysqli/tests/bug44897.phpt]
Bug #51647 (Certificate file without private key (pk in another file) doesn't work) [ext/mysqli/tests/bug51647.phpt]
Bug #53503 (mysqli::query returns false after successful LOAD DATA query) [ext/mysqli/tests/bug53503.phpt]
Bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections) [ext/mysqli/tests/bug55283.phpt]
Interface of the class mysqli_driver [ext/mysqli/tests/mysqli_class_mysqli_driver_interface.phpt]
Interface of the class mysqli [ext/mysqli/tests/mysqli_class_mysqli_properties_no_conn.phpt]
mysqli_connect() [ext/mysqli/tests/mysqli_connect.phpt]
mysqli_fetch_field() - flags/field->flags [ext/mysqli/tests/mysqli_fetch_field_flags.phpt]
mysqli_get_client_stats() [ext/mysqli/tests/mysqli_get_client_stats.phpt]
mysqli_pconnect() [ext/mysqli/tests/mysqli_pconnect.phpt]
mysqli_query() [ext/mysqli/tests/mysqli_query.phpt]
mysqli_query() - Stored Procedures [ext/mysqli/tests/mysqli_query_stored_proc.phpt]
mysqli_query() - unicode (cyrillic) [ext/mysqli/tests/mysqli_query_unicode.phpt]
mysqli_real_query() [ext/mysqli/tests/mysqli_real_query.phpt]
mysqli_report() [ext/mysqli/tests/mysqli_report.phpt]
mysqli_stmt_execute() - Stored Procedures [ext/mysqli/tests/mysqli_stmt_execute_stored_proc.phpt]
Multiple result set with PS [ext/mysqli/tests/mysqli_stmt_multires.phpt]
use_trans_sid should not affect SID [ext/session/tests/015.phpt]
rewriter correctly handles attribute names which contain dashes [ext/session/tests/018.phpt]
rewriter uses arg_separator.output for modifying URLs [ext/session/tests/020.phpt]
Bug #26862 (ob_flush() before output_reset_rewrite_vars() results in data loss) [ext/session/tests/bug26862.phpt]
Bug #31454 (Incorrect adding PHPSESSID to links, which contains \r\n) [ext/session/tests/bug36459.phpt]
Bug #41600 (url rewriter tags doesn't work with namespaced tags) [ext/session/tests/bug41600.phpt]
Bug #50308 (session id not appended properly for empty anchor tags) [ext/session/tests/bug50308.phpt]
Bug #44394 (Last two bytes missing from output) [ext/standard/tests/general_functions/bug44394.phpt]
Bug #44394 (Last two bytes missing from output) with session.use_trans_id [ext/standard/tests/general_functions/bug44394_2.phpt]
Bug #38802 (ignore_errors and max_redirects) [ext/standard/tests/http/bug38802.phpt]
Bug #48929 (duplicate \r\n sent after last header line) [ext/standard/tests/http/bug48929.phpt]
Bug #53198 (From: header cannot be changed with ini_set) [ext/standard/tests/http/bug53198.phpt]
Bug #61548 (content-type must appear at the end of headers) [ext/standard/tests/http/bug61548.phpt]
Bug #67430 (http:// wrapper doesn't follow 308 redirects) [ext/standard/tests/http/bug67430.phpt]
http:// and ignore_errors [ext/standard/tests/http/ignore_errors.phpt]
Bug #51800 proc_open on Windows hangs forever, the right way to do it [ext/standard/tests/streams/proc_open_bug51800_right.phpt]
Bug #51800 proc_open on Windows hangs forever, the right way to do it with more data [ext/standard/tests/streams/proc_open_bug51800_right2.phpt]
Bug #26817 (http_build_query() did not handle private & protected object properties) [ext/standard/tests/strings/bug26817.phpt]
http_build_query() function [ext/standard/tests/strings/http_build_query.phpt]
Test http_build_query() function: usage variations - first arguments as object [ext/standard/tests/strings/http_build_query_variation1.phpt]
Test http_build_query() function: usage variations - first arguments as multidimensional array and second argument present/not present [ext/standard/tests/strings/http_build_query_variation2.phpt]
Test http_build_query() function: usage variations - testing four parameter added in PHP 5.4.0 [ext/standard/tests/strings/http_build_query_variation3.phpt]
Test setlocale() function : usage variations - Setting all available locales in the platform [ext/standard/tests/strings/setlocale_variation2.phpt]
Test function show_source() by calling it with its expected arguments, more test for highlight_file() [ext/standard/tests/strings/show_source_basic.phpt]
Test function show_source() by calling it with its expected arguments and php output, more test for highlight_file() [ext/standard/tests/strings/show_source_variation1.phpt]
Test function show_source() by calling it with its expected arguments and output to variable, more test for highlight_file() [ext/standard/tests/strings/show_source_variation2.phpt]
CLI -a and libedit [sapi/cli/tests/017.phpt]
 [2015-07-10 11:41 UTC] mbeccati@php.net
Did you have a look at the test config.inc?

if (false !== getenv('PDO_MYSQL_TEST_DSN')) {
        # user set them from their shell
        $config['ENV']['PDOTEST_DSN'] = getenv('PDO_MYSQL_TEST_DSN');
        $config['ENV']['PDOTEST_USER'] = getenv('PDO_MYSQL_TEST_USER');
        $config['ENV']['PDOTEST_PASS'] = getenv('PDO_MYSQL_TEST_PASS');
 [2015-07-10 11:42 UTC] mbeccati@php.net
-Status: Open +Status: Not a bug
 [2015-07-10 11:42 UTC] mbeccati@php.net
When using the mysqli extension together with the mysql extension
you have to use the same libraries and include files. mysqli
extension requires the location of mysql_config file, mysql
extension requires the path of your mysql installation.

If you installed MySQL 4.1 for example with prefix /usr/local/mysql-4.1
your configure settings should be
--with-mysql=/usr/local/mysql-4.1
--with-mysqli=/usr/local/mysql-4.1/bin/mysql_config


 [2015-07-10 11:42 UTC] mbeccati@php.net
Sorry the close message was not what I meant ;)
 [2015-07-10 11:52 UTC] spam2 at rhsoft dot net
> When using the mysqli extension together with the 
> mysql extension you have to use the same libraries 
> and include files. mysqli extension requires the 
> location of mysql_config file, mysql
> extension requires the path of your 
> mysql installation

uhm for sure not, libmysql is not part of the game :-)

--without-mysql \
--with-mysqli=mysqlnd \
--with-mysql-sock=%{_sharedstatedir}/mysql/mysql.sock \
--with-pdo-mysql=shared,mysqlnd \

i give the PDO_TEST vars a try while i need to google what PDOTEST_DSN is supposed to look like but in any case it is a bug that the credentials and settings of the MYSQL_TEST are not used everywhere because when the dangerous default root without a password don't work and you override that it's pretty clear that the same hits all other parts trying to speak with mysqld

MYSQL_TEST_HOST="localhost" 
MYSQL_TEST_PORT="3306" 
MYSQL_TEST_USER="php_autotest" 
MYSQL_TEST_PASSWD="*****" 
MYSQL_TEST_DB="php_autotest"
 [2015-07-10 11:59 UTC] mbeccati@php.net
PDO uses a DSN, so that's what you need to provide for the tests to run.

MYSQL_TEST_* vars are for the mysql and mysqli tests, so they have nothing to do with PDO tests.

I don't see any security issue in the using default localhost/root/nopassword combination.

If your own mysql allows the root user without a password, the problem is on your side.
 [2015-07-10 12:41 UTC] spam2 at rhsoft dot net
XFAIL PDO MySQL Bug #41997 (stored procedure call returning single rowset blocks future queries) [ext/pdo_mysql/tests/bug_41997.phpt]   XFAIL REASON: nextRowset() problem with stored proc & emulation mode & mysqlnd
FAIL MySQL PDO->__construct() - Generic + DSN [ext/pdo_mysql/tests/pdo_mysql___construct.phpt]
FAIL MySQL PDO->exec(), affected rows [ext/pdo_mysql/tests/pdo_mysql_exec_load_data.phpt]
> PDO uses a DSN, so that's what you need to provide for the tests to run

nonsense, it's not rocket science generate the string "mysql:host=localhost;dbname=php_autotest" out of the already given MYSQL_TEST vars

the PDO_MYSQL vars seem to work, a few tests fail on 5.6.11 (i know that bugreport is for 5.5.27 but i did not want to rebuild on the production evironment which needs to stay at 5.5.x because careless regeressions like https://bugs.php.net/bug.php?id=68344 and 
https://bugs.php.net/bug.php?id=70038

PDO MySQL Bug #41997 (stored procedure call returning single rowset blocks future queries) [ext/pdo_mysql/tests/bug_41997.phpt]  XFAIL REASON: nextRowset() problem with stored proc & emulation mode & mysqlnd
MySQL PDOStatement->nextRowSet() [ext/pdo_mysql/tests/pdo_mysql_stmt_nextrowset.phpt]  XFAIL REASON: nextRowset() problem with stored proc & emulation mode & mysqlnd
MySQL PDO->prepare(), emulated PS [ext/pdo_mysql/tests/pdo_mysql_prepare_emulated.phpt] (warn: XFAIL section but test passes)
 [2015-07-10 13:21 UTC] spam2 at rhsoft dot net
FWIW with 5.6.11

%check
%if %runselftest
 ulimit -s 32712
 cd build-apache
 export MYSQL_TEST_PARAM="php_autotest"
 export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2 MYSQL_TEST_HOST="localhost" MYSQL_TEST_PORT="3306" MYSQL_TEST_USER="$MYSQL_TEST_PARAM" MYSQL_TEST_PASSWD="$MYSQL_TEST_PARAM" MYSQL_TEST_DB="$MYSQL_TEST_PARAM" PDO_MYSQL_TEST_DSN="mysql:host=localhost;dbname=$MYSQL_TEST_PARAM" PDO_MYSQL_TEST_SOCKET="%{_sharedstatedir}/mysql/mysql.sock" PDO_MYSQL_TEST_USER="$MYSQL_TEST_PARAM" PDO_MYSQL_TEST_PASS="$MYSQL_TEST_PARAM" PDO_MYSQL_TEST_ENGINE="MyISAM"
 export LANG=C
 if ! make test; then
  set +x
  for f in `find .. -name \*.diff -type f -print`; do
   echo "TEST FAILURE: $f --"
   cat "$f"
   echo "-- $f result ends."
  done
  set -x
 fi
%endif

FAILED TEST SUMMARY
---------------------------------------------------------------------
PHP encoding setting test [tests/basic/encoding.phpt]
Zend Multibyte and UTF-8 BOM [Zend/tests/multibyte/multibyte_encoding_002.phpt]
Zend Multibyte and UTF-16 BOM [Zend/tests/multibyte/multibyte_encoding_003.phpt]
Test iconv_set_encoding() function : error functionality [ext/iconv/tests/iconv_set_encoding_variation.phpt]
mysqli autocommit/commit/rollback [ext/mysqli/tests/014.phpt]
mysqli autocommit/commit/rollback with innodb [ext/mysqli/tests/015.phpt]
Bug #42548 PROCEDURE xxx can't return a result set in the given context (works in 5.2.3!!) [ext/mysqli/tests/bug42548.phpt]
Bug #44879 (failed to prepare statement) [ext/mysqli/tests/bug44897.phpt]
Bug #51647 (Certificate file without private key (pk in another file) doesn't work) [ext/mysqli/tests/bug51647.phpt]
Bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections) [ext/mysqli/tests/bug55283.phpt]
mysqli_autocommit() [ext/mysqli/tests/mysqli_autocommit.phpt]
mysqli->autocommit() [ext/mysqli/tests/mysqli_autocommit_oo.phpt]
mysqli_begin_transaction() [ext/mysqli/tests/mysqli_begin_transaction.phpt]
mysqli_change_user() - ROLLBACK [ext/mysqli/tests/mysqli_change_user_rollback.phpt]
Interface of the class mysqli_driver [ext/mysqli/tests/mysqli_class_mysqli_driver_interface.phpt]
Interface of the class mysqli [ext/mysqli/tests/mysqli_class_mysqli_properties_no_conn.phpt]
mysqli_fetch_field() - flags/field->flags [ext/mysqli/tests/mysqli_fetch_field_flags.phpt]
mysqli_query() [ext/mysqli/tests/mysqli_query.phpt]
mysqli_query() - Stored Procedures [ext/mysqli/tests/mysqli_query_stored_proc.phpt]
mysqli_query() - unicode (cyrillic) [ext/mysqli/tests/mysqli_query_unicode.phpt]
mysqli_real_query() [ext/mysqli/tests/mysqli_real_query.phpt]
mysqli_report() [ext/mysqli/tests/mysqli_report.phpt]
mysqli_rollback() [ext/mysqli/tests/mysqli_rollback.phpt]
mysqli_stmt_execute() - Stored Procedures [ext/mysqli/tests/mysqli_stmt_execute_stored_proc.phpt]
Multiple result set with PS [ext/mysqli/tests/mysqli_stmt_multires.phpt]
mysqli_store_result() [ext/mysqli/tests/mysqli_store_result_copy.phpt]
Bug #54929 (Parse error with single quote in sql comment (pdo-mysql)) [ext/pdo_mysql/tests/bug54929.phpt]
MySQL PDO->__construct() - Generic + DSN [ext/pdo_mysql/tests/pdo_mysql___construct.phpt]
MySQL PDO->exec(), affected rows [ext/pdo_mysql/tests/pdo_mysql_exec_load_data.phpt]
MySQL PDOStatement->nextRowSet() with PDO::MYSQL_ATTR_MULTI_STATEMENTS either true or false [ext/pdo_mysql/tests/pdo_mysql_multi_stmt_nextrowset.phpt]
use_trans_sid should not affect SID [ext/session/tests/015.phpt]
rewriter correctly handles attribute names which contain dashes [ext/session/tests/018.phpt]
rewriter uses arg_separator.output for modifying URLs [ext/session/tests/020.phpt]
Bug #26862 (ob_flush() before output_reset_rewrite_vars() results in data loss) [ext/session/tests/bug26862.phpt]
Bug #31454 (Incorrect adding PHPSESSID to links, which contains \r\n) [ext/session/tests/bug36459.phpt]
Bug #41600 (url rewriter tags doesn't work with namespaced tags) [ext/session/tests/bug41600.phpt]
Bug #50308 (session id not appended properly for empty anchor tags) [ext/session/tests/bug50308.phpt]
Bug #66481: Calls to session_name() segfault when session.name is null. [ext/session/tests/bug66481.phpt]
Test session.hash_function ini setting : basic functionality [ext/session/tests/session_hash_function_basic.phpt]
Bug #44394 (Last two bytes missing from output) [ext/standard/tests/general_functions/bug44394.phpt]
Bug #44394 (Last two bytes missing from output) with session.use_trans_id [ext/standard/tests/general_functions/bug44394_2.phpt]
Bug #38802 (ignore_errors and max_redirects) [ext/standard/tests/http/bug38802.phpt]
Bug #48929 (duplicate \r\n sent after last header line) [ext/standard/tests/http/bug48929.phpt]
Bug #53198 (From: header cannot be changed with ini_set) [ext/standard/tests/http/bug53198.phpt]
Bug #61548 (content-type must appear at the end of headers) [ext/standard/tests/http/bug61548.phpt]
Bug #65634 (HTTP wrapper is very slow with protocol_version 1.1) [ext/standard/tests/http/bug65634.phpt]
Bug #67430 (http:// wrapper doesn't follow 308 redirects) [ext/standard/tests/http/bug67430.phpt]
http:// and ignore_errors [ext/standard/tests/http/ignore_errors.phpt]
Bug #26817 (http_build_query() did not handle private & protected object properties) [ext/standard/tests/strings/bug26817.phpt]
Test htmlentities() function [ext/standard/tests/strings/htmlentities24.phpt]
http_build_query() function [ext/standard/tests/strings/http_build_query.phpt]
Test http_build_query() function: usage variations - first arguments as object [ext/standard/tests/strings/http_build_query_variation1.phpt]
Test http_build_query() function: usage variations - first arguments as multidimensional array and second argument present/not present [ext/standard/tests/strings/http_build_query_variation2.phpt]
Test http_build_query() function: usage variations - testing four parameter added in PHP 5.4.0 [ext/standard/tests/strings/http_build_query_variation3.phpt]
Test function show_source() by calling it with its expected arguments, more test for highlight_file() [ext/standard/tests/strings/show_source_basic.phpt]
Test function show_source() by calling it with its expected arguments and php output, more test for highlight_file() [ext/standard/tests/strings/show_source_variation1.phpt]
Test function show_source() by calling it with its expected arguments and output to variable, more test for highlight_file() [ext/standard/tests/strings/show_source_variation2.phpt]
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC