Bug #42952 [Com]: soap cache file is created with insecure permissions on some configurations

2012-09-18 Thread joey dot cai at gmail dot com
Edit report at https://bugs.php.net/bug.php?id=42952&edit=1

 ID: 42952
 Comment by: joey dot cai at gmail dot com
 Reported by:glen at delfi dot ee
 Summary:soap cache file is created with insecure permissions
 on some configurations
 Status: Closed
 Type:   Bug
 Package:SOAP related
 Operating System:   PLD Linux
 PHP Version:5.2.4
 Assigned To:dmitry
 Block user comment: N
 Private report: N

 New Comment:

The original diff is no longer available since cvs.php.net is long gone. But 
according to the git log. This patch introduced a bug that only the creator of 
the cache file can access it. Users with different UIDs have no permission. I 
think both #51407 and #61094 point to the same thing.

I saw from the comments that you talked about keeping user id (getuid()) in the 
cache filename, but somehow that doesn't show up in the code. Can you check 
that, @dmitry? Thank you


Previous Comments:

[2007-11-23 10:06:21] dmi...@php.net

Fixed in CVS HEAD and PHP_5_3.

http://cvs.php.net/viewvc.cgi/php-src/ext/soap/php_sdl.c?r1=1.88.2.12.2.9&r2=1.88.2.12.2.9.2.1&diff_format=u



[2007-11-01 16:10:26] glen at delfi dot ee

That would be fine (at least not closed as bogus).

Distributions are free to backport changes they like :)


[2007-11-01 14:14:14] dmi...@php.net

I thought about it.
It may be good for php-5.3.0, but I don't like to make such change in 5.2.*


[2007-11-01 14:10:02] glen at delfi dot ee

So perhaps keep user id (getuid()) in the cache filename?


[2007-11-01 13:32:18] dmi...@php.net

Even one SAPI in shared environment will have the same issue.
If you have several php-cgi processes with different UID, only one of them will 
own the cache file, and all others won't be able to access it.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=42952


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=42952&edit=1


Req #53434 [Com]: More details for slow requests

2013-01-14 Thread joey dot cai at gmail dot com
Edit report at https://bugs.php.net/bug.php?id=53434&edit=1

 ID: 53434
 Comment by: joey dot cai at gmail dot com
 Reported by:webmaster_apc at colnect dot com
 Summary:More details for slow requests
 Status: Closed
 Type:   Feature/Change Request
 Package:FPM related
 Operating System:   gentoo linux
 PHP Version:5.3.1RC1
 Assigned To:fat
 Block user comment: N
 Private report: N

 New Comment:

The current slow log records in php-fpm.log log SCRIPT_NAME as the request uri. 
For webapps built on top of mvc framework such as symfony or zend framework 
with a front controller and routing enabled (or requests with query strings), 
this information is not sufficient enough to track down the source of the slow 
requests easily. A patch will be attached which logs HTTP_HOST and REQUEST_URI 
of slow requests in php-fpm.log. It might not be the cleanest solution since 
I'm not a C programmer. But the patch does solve our problem. Please take it 
look at it. thank you.


Previous Comments:

[2011-01-29 12:48:41] webmaster_apc at colnect dot com

Thanks for the fix :) I'll be happy to see it when the next PHP version is 
released on Gentoo. Cheers


[2011-01-29 12:43:45] f...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

I've added the request method and the request uri in the slowlog timeout and 
slowlog terminated log message:


[29-Jan-2011 12:41:59.741208] WARNING: pid 32110, 
fpm_request_check_timed_out(), 
line 147: [pool www_chroot] child 32111, script '/html/test8.php' (request: 
"GET 
/chroot/test8.php") executing too slow (1.051049 sec), logging


[29-Jan-2011 12:42:00.783410] WARNING: pid 32110, 
fpm_request_check_timed_out(), 
line 157: [pool www_chroot] child 32111, script '/html/test8.php' (request: 
"GET 
/chroot/test8.php") execution timed out (2.092626 sec), terminating


[2011-01-29 12:41:47] f...@php.net

Automatic comment from SVN on behalf of fat
Revision: http://svn.php.net/viewvc/?view=revision&revision=307843
Log: - Fixed bug #53434 (php-fpm slowlog now also logs the original request).
- Fixed the missing peace of code on revision 307842


[2011-01-29 12:38:21] f...@php.net

Automatic comment from SVN on behalf of fat
Revision: http://svn.php.net/viewvc/?view=revision&revision=307842
Log: - Fixed bug #53434 (php-fpm slowlog now also logs the original request).


[2010-12-06 09:26:15] f...@php.net

Oh hell yes ... I did not understand your need.

I'll see how complicated this is to add the request which triggers the slowlog 
entries.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=53434


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=53434&edit=1


Req #53434 [Com]: More details for slow requests

2013-01-14 Thread joey dot cai at gmail dot com
Edit report at https://bugs.php.net/bug.php?id=53434&edit=1

 ID: 53434
 Comment by: joey dot cai at gmail dot com
 Reported by:webmaster_apc at colnect dot com
 Summary:More details for slow requests
 Status: Closed
 Type:   Feature/Change Request
 Package:FPM related
 Operating System:   gentoo linux
 PHP Version:5.3.1RC1
 Assigned To:fat
 Block user comment: N
 Private report: N

 New Comment:

I forgot to mention that the diff was generated against php-5.3.20.


Previous Comments:

[2013-01-15 06:58:12] joey dot cai at gmail dot com

The current slow log records in php-fpm.log log SCRIPT_NAME as the request uri. 
For webapps built on top of mvc framework such as symfony or zend framework 
with a front controller and routing enabled (or requests with query strings), 
this information is not sufficient enough to track down the source of the slow 
requests easily. A patch will be attached which logs HTTP_HOST and REQUEST_URI 
of slow requests in php-fpm.log. It might not be the cleanest solution since 
I'm not a C programmer. But the patch does solve our problem. Please take it 
look at it. thank you.


[2011-01-29 12:48:41] webmaster_apc at colnect dot com

Thanks for the fix :) I'll be happy to see it when the next PHP version is 
released on Gentoo. Cheers


[2011-01-29 12:43:45] f...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

I've added the request method and the request uri in the slowlog timeout and 
slowlog terminated log message:


[29-Jan-2011 12:41:59.741208] WARNING: pid 32110, 
fpm_request_check_timed_out(), 
line 147: [pool www_chroot] child 32111, script '/html/test8.php' (request: 
"GET 
/chroot/test8.php") executing too slow (1.051049 sec), logging


[29-Jan-2011 12:42:00.783410] WARNING: pid 32110, 
fpm_request_check_timed_out(), 
line 157: [pool www_chroot] child 32111, script '/html/test8.php' (request: 
"GET 
/chroot/test8.php") execution timed out (2.092626 sec), terminating


[2011-01-29 12:41:47] f...@php.net

Automatic comment from SVN on behalf of fat
Revision: http://svn.php.net/viewvc/?view=revision&revision=307843
Log: - Fixed bug #53434 (php-fpm slowlog now also logs the original request).
- Fixed the missing peace of code on revision 307842


[2011-01-29 12:38:21] f...@php.net

Automatic comment from SVN on behalf of fat
Revision: http://svn.php.net/viewvc/?view=revision&revision=307842
Log: - Fixed bug #53434 (php-fpm slowlog now also logs the original request).




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=53434


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=53434&edit=1