php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79224 auto_prepend_file throught fcgi PHP_ADMIN_VALUE leacking
Submitted: 2020-02-04 13:46 UTC Modified: 2020-02-05 10:23 UTC
From: miksir at maker dot ru Assigned:
Status: Open Package: FPM related
PHP Version: 7.4.2 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2020-02-04 13:46 UTC] miksir at maker dot ru
Description:
------------
When auto_prepend_file used as dynamic parameter throught fcgi PHP_ADMIN_VALUE, PHP process remembered auto_prepend_file from first request and used it for all next requests even if its empty

Test script:
---------------
Create 2 php scripts
index.php
```
<?php
Someclass::$var = 1;
```
init.php
```
<?php
class Someclass {
  public static $var = 0;
}
```

Start docker 
```
$ docker run --rm -p 9000:9000 -v $(pwd)/index.php:/opt/index.php -v $(pwd)/init.php:/opt/init.php php:7.4-fpm
```

First request with PHP_ADMIN_VALUE="auto_prepend_file=/opt/init.php"
```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php PHP_ADMIN_VALUE="auto_prepend_file=/opt/init.php" /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

```
As expected.


Second request without PHP_ADMIN_VALUE
```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

<br />
<b>Fatal error</b>:  Uncaught Error: Class 'Someclass' not found in /opt/index.php:3
Stack trace:
#0 {main}
  thrown in <b>/opt/index.php</b> on line <b>3</b><br />
```
Error received as was expected


But now I'm repeating last fcgi call (without PHP_ADMIN_VALUE). When fcgi request distributed to same process which received first request, request processed without errors. So look like this process remembered auto_prepend_file from first request.

```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

```


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-05 10:23 UTC] miksir at maker dot ru
-Package: *Configuration Issues +Package: FPM related
 [2020-02-05 10:23 UTC] miksir at maker dot ru
Wrong package
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Apr 08 03:01:24 2020 UTC