[PHP-BUG] Bug #63965 [NEW]: php-fpm site-specific settings go global

Fri, 11 Jan 2013 02:40:38 -0800 

From:             markku dot niskanen at gmail dot com
Operating system: Centos 6.2
PHP version:      5.3.20
Package:          PHP options/info functions
Bug Type:         Bug
Bug description:php-fpm site-specific settings go global

Description:
------------
# this is an nginx configuration for *.thiscustomer.com
# it should ONLY affect *.thiscustomer.com, no other domains
server {
server_name .thiscustomer.com;
#... normal stuff removed ...
location ~ \.php$ {
# now set  for THIS site
fastcgi_param PHP_VALUE 
"auto_prepend_file=/home/thiscustomer/lib/modules/ThisModule.class.php";
# ..other normal stuff from this on...
}
}


Test script:
---------------
Now first simply go any other site, say "www.thatcustomer.com" on the same
server and everything works fine. 

Then go to "www.thiscustomer.com" (the example site) and everything works
fine.

Then again go to "www.thatcustomer.com" and you will see that you will have
an "open_basedir restriction", PHP trying to load file (prepending)
/home/thiscustomer/lib/modules/ThisModule.class.php

So the auto_prepend_file value is changed GLOBALLY and permanently until
some other domain changes it again. The same goes for ANY PHP_VALUE or
PHP_ADMIN_VALUE but this is the one that will definitely break all sites.

Tested in PHP 5.3.19 and 5.3.20, two different servers, two different
operating systems (Centos 5.8 and Centos 6.2).


-- 
Edit bug report at https://bugs.php.net/bug.php?id=63965&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=63965&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=63965&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=63965&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=63965&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=63965&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=63965&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=63965&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=63965&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=63965&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=63965&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=63965&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=63965&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=63965&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63965&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=63965&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=63965&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=63965&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63965&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=63965&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=63965&r=mysqlcfg

Reply via email to