PHP :: Request #9515 :: PHP misbehaves when run as a script with SERVER

Request #9515	PHP misbehaves when run as a script with SERVER_NAME environment variable def'd
Submitted:	2001-03-01 19:01 UTC	Modified:	2010-11-24 09:35 UTC
From:	bram at xspace dot com	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	4.0.4pl1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-03-01 19:01 UTC] bram at xspace dot com

In order to run a php script under a separate account while serving a web page, I use suexec to run php script as a shell.

Problem:  When the environment variable SERVER_NAME is defined, PHP misbelieves that it is NOT a shell script.

In reality, it is a shell script.  Bug 8898 is more less the same problem with another symptom.

Some functions simply do not work correctly.  GetMyUID() returns nothing when PHP is running as a shell script, but the environment variable SERVER_NAME is defined.

As a last resort, an invocation flag option should be available to inform PHP that it is a shell script being invoked by a web server.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-03-01 22:57 UTC] bbonev@php.net

a working setup is:

ScriptAlias /cgi-bin/ /home/someuser/cgi-bin/
AddType application/x-httpd-php .php
AddHandler php-script .php
Action php-script /cgi-bin/php

a way to solve the SERVER_NAME, PATH_INFO, etc. vars problem is to make an 'unset' wrapper. plase note that when these vars are set php will get the script name to execute from them. if for instance from a php script you exec (not include) another one starting with #!/path-to-php/php the latter invocation will execute the page requested by http again.

there are two cases:
1) php is invoked as shell script and shall process command line only no matter what env vars are set
2) php is invoked the way described above and shall preffer env vars (for security reasons - the /cgi-bin/php/etc/passwd issue) if no - command line

please note that php itself cannot distinguish those cases - #2 is the expected behaviour for all cgi setups, while IMHO #1 does not exist and may be activated through an option

[2001-03-01 23:00 UTC] bbonev@php.net

ooops. forgot to change type - this is expected behav, not a problem

[2010-11-24 09:35 UTC] jani@php.net

-Status: Open +Status: Bogus -Package: Feature/Change Request +Package: *General Issues

[2010-11-24 09:35 UTC] jani@php.net

No bug nor feature requested here.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 15:01:29 2024 UTC