php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78692 define() and defined() not behaving correctly on Windows 10
Submitted: 2019-10-18 15:27 UTC Modified: 2019-10-20 08:56 UTC
From: security at paragonie dot com Assigned:
Status: Open Package: *General Issues
PHP Version: 7.2.15 OS: Windows
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-10-18 15:27 UTC] security at paragonie dot com
Description:
------------
Found upstream: https://github.com/paragonie/sodium_compat/issues/99

Apparently, when someone installs paragonie/certainty on a specific Windows setup (according to the user, they are using "Win10 Enterprise 1809 and PHP 7.2.15 x64 NTS"), with sodium_compat 1.11.1, they were getting notices.

This _may_ be related to https://bugs.php.net/bug.php?id=77621 (not guaranteed), but I'm having a frustrating time trying to reproduce this behavior (and failing every time).

In the offchance that there is a Windows bug here (I assumed a race condition with the autoloader, but that doesn't seem to be the cause), I wanted to make sure it's reported upstream.

Test script:
---------------
Add this to composer.json on the described environment:

"require": {
    "paragonie/certainty": "^2",
    "paragonie/sodium_compat": "1.11.1"
}

Then run `composer install`. Then run this:

<?php
use ParagonIE\Certainty\RemoteFetch;

$fetcher = new RemoteFetch('/path/to/certainty/data');
$latestCACertBundle = $fetcher->getLatestBundle();

$ch = curl_init('https://secure.php.net');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_CAINFO, $latestCACertBundle->getFilePath());

If you get a bunch of E_WARNING errors, congratulations! You've reproduced it.

Expected result:
----------------
No output.

Actual result:
--------------
Lots of warnings that look like

PHP Warning:  constant(): Couldn't find constant ParagonIE_Sodium_Compat::CONSTANT_NAME in C:\htdocs\www\testing\vendor\paragonie\sodium_compat\lib\php72compat.php on line 91



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-19 12:05 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2019-10-19 12:05 UTC] cmb@php.net
This is somewhat unlikely a Windows 10 specific issue.  Anyhow,
about which PHP version is it?  You've specified 7.3.10 in the
header, but stating the issue occured with 7.2.15.
 [2019-10-19 13:53 UTC] security at paragonie dot com
-Status: Feedback +Status: Assigned -PHP Version: 7.3.10 +PHP Version: 7.2.15
 [2019-10-19 13:53 UTC] security at paragonie dot com
Corrected.
 [2019-10-19 14:25 UTC] cmb@php.net
-Status: Assigned +Status: Feedback
 [2019-10-19 14:25 UTC] cmb@php.net
Thanks!  Did upgrading to any more recent PHP 7.2 solve the issue?
 [2019-10-19 14:33 UTC] security at paragonie dot com
-Status: Feedback +Status: Assigned
 [2019-10-19 14:33 UTC] security at paragonie dot com
I have no earthly clue.

As I said in my first post, I'm just the messenger. Someone else had the problem, and I couldn't reproduce it at all. My Windows environment "just works".

I was simply reporting this in the hopes that someone from Internals would succeed in reproducing the failure where I did not.

If it turns out to be an old bug, cool, then the responsibility falls on the Windows users to upgrade to later versions of PHP and we can "CLOSED WONTFIX" any complaints they levy against 7.2.15.

If it turns out to be a new bug, great, now we can fix it. :)

But I laid all my cards on the table in my first comment.
 [2019-10-19 15:11 UTC] bugrports at gmail dot com
people *really* should refrain from wasting others time by reporting bugs for versions like 7.2.15 when 7.2.23 is out for weeks

what is the point of not first update any software with problems to the latest stable version and look if the problem goes away?
 [2019-10-19 15:24 UTC] security at paragonie dot com
> bugrports at gmail dot com:
>
> people *really* should refrain from wasting others time by reporting bugs for versions like 7.2.15 when 7.2.23 is out for weeks

Making sure that upstream projects have a ticket onhand for behavior reported in downstream projects (and taking care to make this clear in my bug report) is considered a "wasting others time" now? TIL.
 [2019-10-19 15:30 UTC] bugreports at gmail dot com
> Making sure that upstream projects have a ticket onhand 
> for behavior reported in downstream projects

in case when you simply can try if the problem still exists for sure because if it no longer exists there likely was already a ticket long ago which was solved 

* you startet even with the wrong major version
* pointed out
* fixed
* Did upgrading to any more recent PHP 7.2 solve the issue?

and here we are now instead doing your homework by just try the latest version and if that donät fix the problem and you correctly report for 5.2.23 from the begin 4 upstream actions could have been saved or probably the problem is gone away at all in the meantime
 [2019-10-19 15:46 UTC] security at paragonie dot com
> and here we are now instead doing your homework by just try the latest version and if that donät fix the problem and you correctly report for 5.2.23 from the begin 4 upstream actions could have been saved or probably the problem is gone away at all in the meantime

You aren't doing my homework.

I literally reported this out of due diligence. You don't have to do anything with this information.

If you still consider this a "waste" of YOUR time, stop participating in this thread and let someone with more {patience, capacity to understand human communication and context} handle this instead.

I'm sorry you don't see the value in communicating information. It's not even assigned to you anyway.
 [2019-10-20 08:56 UTC] cmb@php.net
-Status: Assigned +Status: Open -Assigned To: cmb +Assigned To:
 [2019-10-20 08:56 UTC] cmb@php.net
I cannot reproduce this with the described setup and PHP 7.2.15
NTS x64.  Maybe someone else can.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Nov 17 13:01:28 2019 UTC