php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #76645 Impossible to determine correct auto pre/append file syntax.
Submitted: 2018-07-19 10:15 UTC Modified: 2018-11-17 23:02 UTC
From: php at zeweb dot co dot uk Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: php at zeweb dot co dot uk
New email:
PHP Version: OS:

 

 [2018-07-19 10:15 UTC] php at zeweb dot co dot uk
Description:
------------
Presently, depending on actual php implementation there can be three or more ways to use the auto_prepend_file directive - In .htaccess, in .user.ini or php.ini

There is as far as I know no reliable way to test for the correct method on any given server. Worse, use of an inapplicable method will in some cases cause the entire website to go down.

This situation makes it extremely hard to write a reliable and SAFE automatic installer for software using this feature.

Applies to all php versions. (tested 5.3, 5.6, 7.2) - The php version has some bearing on which method might apply to a given server, but is not in itself a reliable indicator. 



Test script:
---------------
In .htaccess: 
  php_value auto_prepend_file path/to/file.php

In php or .user ini:
  auto_prepend_file = 'path/to/file.php'


Expected result:
----------------
auto_prepend_file should use a single syntax and work predictably. 



Actual result:
--------------
Use of .htaccess syntax when not appropriate - entire website brought down with 500 error.

Use of ini file syntax when not appropriate - No result. 



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-07-19 10:34 UTC] spam2 at rhsoft dot net
well, different glues (mod_php, fcgi)

* php.ini -> global
* .htaccess -> overrides in case of mod_php
* .user.ini -> overrides in case of fcgi

> inapplicable method will in some cases cause the entire website to go down

this is *not* true, just do it proper!

that's what <IfModule> in case of httpd is for and has nothing to do with PHP - when you use a config setting which is unknown for httpd it's a fatal error and so you have to make sure that the module (in that case mod_php) which offers the config directive is loaded - not more, not less

<IfModule mod_php5.c>
 php_flag engine off
</IfModule>
<IfModule mod_php7.c>
 php_flag engine off
</IfModule>
<IfModule mod_php8.c>
 php_flag engine off
</IfModule>
 [2018-07-19 10:34 UTC] spam2 at rhsoft dot net
well, different glues (mod_php, fcgi)

* php.ini -> global
* .htaccess -> overrides in case of mod_php
* .user.ini -> overrides in case of fcgi

> inapplicable method will in some cases cause the entire website to go down

this is *not* true, just do it proper!

that's what <IfModule> in case of httpd is for and has nothing to do with PHP - when you use a config setting which is unknown for httpd it's a fatal error and so you have to make sure that the module (in that case mod_php) which offers the config directive is loaded - not more, not less

<IfModule mod_php5.c>
 php_flag engine off
</IfModule>
<IfModule mod_php7.c>
 php_flag engine off
</IfModule>
<IfModule mod_php8.c>
 php_flag engine off
</IfModule>
 [2018-07-19 10:43 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2018-07-19 10:43 UTC] requinix@php.net
.htaccess is controlled by Apache. Their syntax. I believe you could use quotes if you wanted though.
INI files are... well, they're INI files. There's not much to explain there.

It's not like the syntax is random or otherwise unpredictable. What are you asking for?

PS: Anyone mucking about with their configurations on a live server is asking for trouble.
 [2018-11-17 23:02 UTC] cmb@php.net
-Status: Feedback +Status: No Feedback
 [2018-11-17 23:02 UTC] cmb@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 01 10:03:34 2021 UTC