|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78279 libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)
Submitted: 2019-07-12 09:13 UTC Modified: 2019-07-12 14:24 UTC
From: athanasius dot kirchner at gmail dot com Assigned:
Status: Closed Package: *XML functions
PHP Version: 7.2.20 OS: Ubuntu 18.04.2 LTS
Private report: No CVE-ID: None
 [2019-07-12 09:13 UTC] athanasius dot kirchner at gmail dot com
The problem that the function libxml_disable_entity_loader shares its state between requests, that was reported and fixed for fpm in, does also effect the sapi „cgi-fcgi“(php fastcgi). Our hoster uses this sapi in connection with apache2 and we have noticed the same behaviour. To reproduce that, use the following two scripts. First call Script 1 and than immediately call Script 2.

Test script:
#Script 1


#Script 2


Expected result:
Script 2 should always return false.

Actual result:
Script 2 returns true. (if other processes running on the server influencing libxml_disable_entity_loader the test has to been repeated a few times)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-12 10:02 UTC] athanasius dot kirchner at gmail dot com
-: julius dot boellmann at gmail dot com +: athanasius dot kirchner at gmail dot com
 [2019-07-12 10:02 UTC] athanasius dot kirchner at gmail dot com
 [2019-07-12 14:24 UTC]
This is because of I don't really understand why some sapis are handled differently...
 [2019-07-12 14:31 UTC]
Automatic comment on behalf of
Log: Fixed bug #78279
 [2019-07-12 14:31 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jun 18 10:01:29 2024 UTC