php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79224 auto_prepend_file throught fcgi PHP_ADMIN_VALUE leacking
Submitted: 2020-02-04 13:46 UTC Modified: 2020-02-05 10:23 UTC
From: miksir at maker dot ru Assigned:
Status: Open Package: FPM related
PHP Version: 7.4.2 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: miksir at maker dot ru
New email:
PHP Version: OS:

 

 [2020-02-04 13:46 UTC] miksir at maker dot ru
Description:
------------
When auto_prepend_file used as dynamic parameter throught fcgi PHP_ADMIN_VALUE, PHP process remembered auto_prepend_file from first request and used it for all next requests even if its empty

Test script:
---------------
Create 2 php scripts
index.php
```
<?php
Someclass::$var = 1;
```
init.php
```
<?php
class Someclass {
  public static $var = 0;
}
```

Start docker 
```
$ docker run --rm -p 9000:9000 -v $(pwd)/index.php:/opt/index.php -v $(pwd)/init.php:/opt/init.php php:7.4-fpm
```

First request with PHP_ADMIN_VALUE="auto_prepend_file=/opt/init.php"
```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php PHP_ADMIN_VALUE="auto_prepend_file=/opt/init.php" /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

```
As expected.


Second request without PHP_ADMIN_VALUE
```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

<br />
<b>Fatal error</b>:  Uncaught Error: Class 'Someclass' not found in /opt/index.php:3
Stack trace:
#0 {main}
  thrown in <b>/opt/index.php</b> on line <b>3</b><br />
```
Error received as was expected


But now I'm repeating last fcgi call (without PHP_ADMIN_VALUE). When fcgi request distributed to same process which received first request, request processed without errors. So look like this process remembered auto_prepend_file from first request.

```
$ env -i REDIRECT_STATUS=200 SERVER_NAME=localhost SERVER_PORT=80 SERVER_ADDR=127.0.0.1 REMOTE_PORT=12345 REMOTE_ADDR=127.0.0.1 SERVER_SOFTWARE=test GATEWAY_INTERFACE=CGI/1.1 HTTPS=no REQUEST_SCHEME=http SERVER_PROTOCOL=HTTP/1.0 DOCUMENT_ROOT=/opt DOCUMENT_URI=/index.php REQUEST_URI=/index.php SCRIPT_NAME=/index.php CONTENT_LENGTH="" CONTENT_TYPE="" REQUEST_METHOD=GET QUERY_STRING="" SCRIPT_FILENAME=/opt/index.php /usr/local/bin/cgi-fcgi -bind -connect 127.0.0.1:9000

X-Powered-By: PHP/7.4.2
Content-type: text/html; charset=UTF-8

```


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-05 10:23 UTC] miksir at maker dot ru
-Package: *Configuration Issues +Package: FPM related
 [2020-02-05 10:23 UTC] miksir at maker dot ru
Wrong package
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Oct 31 02:01:23 2020 UTC