Edit report at https://bugs.php.net/bug.php?id=63965&edit=1
ID: 63965
User updated by: markku dot niskanen at gmail dot com
Reported by: markku dot niskanen at gmail dot com
Summary: php-fpm site-specific settings go global
Status: Open
Type: Bug
Package: PHP options/info functions
Operating System: Centos 6.2
PHP Version: 5.3.20
Block user comment: N
Private report: N
New Comment:
The setup code got broken during upload but you should get the idea.
Previous Comments:
------------------------------------------------------------------------
[2013-01-11 10:40:26] markku dot niskanen at gmail dot com
Description:
------------
# this is an nginx configuration for *.thiscustomer.com
# it should ONLY affect *.thiscustomer.com, no other domains
server {
server_name .thiscustomer.com;
#... normal stuff removed ...
location ~ \.php$ {
# now set for THIS site
fastcgi_param PHP_VALUE
"auto_prepend_file=/home/thiscustomer/lib/modules/ThisModule.class.php";
# ..other normal stuff from this on...
}
}
Test script:
---------------
Now first simply go any other site, say "www.thatcustomer.com" on the same
server and everything works fine.
Then go to "www.thiscustomer.com" (the example site) and everything works fine.
Then again go to "www.thatcustomer.com" and you will see that you will have an
"open_basedir restriction", PHP trying to load file (prepending)
/home/thiscustomer/lib/modules/ThisModule.class.php
So the auto_prepend_file value is changed GLOBALLY and permanently until some
other domain changes it again. The same goes for ANY PHP_VALUE or
PHP_ADMIN_VALUE but this is the one that will definitely break all sites.
Tested in PHP 5.3.19 and 5.3.20, two different servers, two different operating
systems (Centos 5.8 and Centos 6.2).
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=63965&edit=1
