|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #9515 PHP misbehaves when run as a script with SERVER_NAME environment variable def'd
Submitted: 2001-03-01 19:01 UTC Modified: 2010-11-24 09:35 UTC
From: bram at xspace dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
 [2001-03-01 19:01 UTC] bram at xspace dot com
In order to run a php script under a separate account while serving a web page, I use suexec to run php script as a shell.

Problem:  When the environment variable SERVER_NAME is defined, PHP misbelieves that it is NOT a shell script.

In reality, it is a shell script.  Bug 8898 is more less the same problem with another symptom.

Some functions simply do not work correctly.  GetMyUID() returns nothing when PHP is running as a shell script, but the environment variable SERVER_NAME is defined.

As a last resort, an invocation flag option should be available to inform PHP that it is a shell script being invoked by a web server.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-03-01 22:57 UTC]
a working setup is:

ScriptAlias /cgi-bin/ /home/someuser/cgi-bin/
AddType application/x-httpd-php .php
AddHandler php-script .php
Action php-script /cgi-bin/php

a way to solve the SERVER_NAME, PATH_INFO, etc. vars problem is to make an 'unset' wrapper. plase note that when these vars are set php will get the script name to execute from them. if for instance from a php script you exec (not include) another one starting with #!/path-to-php/php the latter invocation will execute the page requested by http again.

there are two cases:
1) php is invoked as shell script and shall process command line only no matter what env vars are set
2) php is invoked the way described above and shall preffer env vars (for security reasons - the /cgi-bin/php/etc/passwd issue) if no - command line

please note that php itself cannot distinguish those cases - #2 is the expected behaviour for all cgi setups, while IMHO #1 does not exist and may be activated through an option

 [2001-03-01 23:00 UTC]
ooops. forgot to change type - this is expected behav, not a problem
 [2010-11-24 09:35 UTC]
-Status: Open +Status: Bogus -Package: Feature/Change Request +Package: *General Issues
 [2010-11-24 09:35 UTC]
No bug nor feature requested here.
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Oct 21 20:01:25 2018 UTC