php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78279 libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)
Submitted: 2019-07-12 09:13 UTC Modified: 2019-07-12 14:24 UTC
From: athanasius dot kirchner at gmail dot com Assigned:
Status: Closed Package: *XML functions
PHP Version: 7.2.20 OS: Ubuntu 18.04.2 LTS
Private report: No CVE-ID: None
 [2019-07-12 09:13 UTC] athanasius dot kirchner at gmail dot com
Description:
------------
The problem that the function libxml_disable_entity_loader shares its state between requests, that was reported and fixed for fpm in https://bugs.php.net/bug.php?id=64938, does also effect the sapi „cgi-fcgi“(php fastcgi). Our hoster uses this sapi in connection with apache2 and we have noticed the same behaviour. To reproduce that, use the following two scripts. First call Script 1 and than immediately call Script 2.

Test script:
---------------
#Script 1
<?php

libxml_disable_entity_loader(true);

#Script 2
<?php

die(var_dump(libxml_disable_entity_loader(false)));

Expected result:
----------------
Script 2 should always return false.

Actual result:
--------------
Script 2 returns true. (if other processes running on the server influencing libxml_disable_entity_loader the test has to been repeated a few times)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-12 10:02 UTC] athanasius dot kirchner at gmail dot com
-: julius dot boellmann at gmail dot com +: athanasius dot kirchner at gmail dot com
 [2019-07-12 10:02 UTC] athanasius dot kirchner at gmail dot com
chg
 [2019-07-12 14:24 UTC] nikic@php.net
This is because of https://github.com/php/php-src/blob/d68abef804cdd69d8e4d301d1755efd7a6189c2b/ext/libxml/libxml.c#L842. I don't really understand why some sapis are handled differently...
 [2019-07-12 14:31 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4a91f66b8f528e6d09e2c7fa04d87e2dc981bd34
Log: Fixed bug #78279
 [2019-07-12 14:31 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 16 06:01:26 2024 UTC