#31323 [Com]: session file permissions differ randomly

2009-03-31 Thread prikid at gmail dot com
 ID:   31323
 Comment by:   prikid at gmail dot com
 Reported By:  julien dot mathieu at gmail dot com
 Status:   No Feedback
 Bug Type: Session related
 Operating System: Linux
 PHP Version:  5.1.2, 4.3.9
 New Comment:

We are experiencing similar problem with php 5.2.6 on freebsd and red
hat linux


Previous Comments:


[2008-08-12 16:21:03] linus dot norton at assertis dot co dot uk

I have also encountered this twice on redhat running apache 2.2.6 and
php 5.2.6.

Why has this been closed, no feedback was requested then the ticket is
just closed saying no feedback has been given.



[2006-11-09 14:44:35] mg at iceni dot pl

I can confirm this bug happening on php 4.4.2 build as apache 2 (with
prefork) module. It's extremaly difficult to reproduce, but with little
research it seems to be somehow umask related. 

The following is from strace running on a apache process that creates
the files with wrong permissions 

open("/tmp/sess_5b2929b94cf141335d0b2d1e5a38fc29", O_RDWR|O_CREAT,
0600) = 186
fstat64(186, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0

So php creates file with 600 permissions but it has only 400 in final.
Note that's happening very rarely, normally file is created with 600. 

I didn't have luck tracing how and when umask is changing during
request processing (probably something is changing it prior to the
request, so possibly it's not even php related), but I tried to make the
following very dirty workaround in ext/session/mod_files.c:


@@ -138,6 +138,7 @@
 static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 {
char buf[MAXPATHLEN];
+   mode_t orig_mask;

if (data->fd < 0 || !data->lastkey || strcmp(key,
data->lastkey)) {
if (data->lastkey) {
@@ -156,8 +157,10 @@

data->lastkey = estrdup(key);

+   orig_mask = umask(0);
data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR |
O_BINARY, 0600);
-
+   umask(orig_mask);
+

No matter how ugly it is - it seems to do the job and session files
with wrong permissions are no longer created (this workaround is
probably bad idea on threaded severs though).



[2006-11-05 00:16:32] bclaydon at volved dot com

To provide further details, I am also using Debian (Sarge) with the
latest 4.3.10-16 PHP4 package.

My /var/liv/php4 looks exactly as 'pieter at q-go dot com' mentioned:

drwx-wx-wt   2 root root 4.0K 2006-11-04 18:58 ./
drwxr-xr-x  35 root root 4.0K 2006-09-08 19:11 ../
-rw---   1 www-data www-data   77 2006-11-04 18:58
sess_7b8da94a2febce75775d9082cd20d58d
-rw---   1 www-data www-data  116 2006-11-04 19:05
sess_856401c969cc1d4e68b6ffd75457c743
-rw---   1 www-data www-data  116 2006-11-04 18:58
sess_b5419618a3586b7e3b940a0eaf137fb9
-rw---   1 www-data www-data  116 2006-11-04 19:09
sess_f7d957b726ff923b4b1f6178f8db489f


I am seeing this issue fairly frequently during usage of CakePHP
framework which has fairly detailed usage of session functions.

I hope this is resolved at some point, especially if it is still open
as of 5.2.0



[2006-05-22 09:20:29] pieter at q-go dot com

We have similar problems on Debian with PHP 5.1.2 and 5.1.4.

Sessions are all created with correct permissions, but we get the same
permission denied error in 5% of the cases.

drwx-wx-wt   2 root root 4096 May 22 11:03 .
drwxr-xr-x  27 root root 4096 May 18 13:44 ..
-rw---   1 www-data www-data0 May 22 11:03
sess_11f06ca5b4701f4be8be30b275e4e51e
-rw---   1 www-data www-data 1569 May 22 11:00
sess_1856e3c4630f074a1b0490c4792c3e53
-rw---   1 www-data www-data0 May 22 10:21
sess_d110fb48e440d1ec4ac610243e897c69
-rw---   1 www-data www-data 1717 May 22 11:05
sess_f9668179e8a92714f4d9553504bdcd93

Changing the default Debian permissions on /var/lib/php5 from
drwx-wx-wt to drwxrwxrwt seems to help.

I am putting this here because if the two cases are related, the
problem might be more general.



[2006-03-28 13:15:10] m...@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.





The remainder of the comments for this report are too long.

#19022 [Com]: PHP Warning: Failed to write session data (files)

2009-03-31 Thread prikid at gmail dot com
 ID:   19022
 Comment by:   prikid at gmail dot com
 Reported By:  phpbugs at mx4k dot com
 Status:   No Feedback
 Bug Type: Session related
 Operating System: linux (rh7.3), apache 1.3.26
 PHP Version:  4.2.2
 New Comment:

We are currently getting the same error on 2 different enviroments.
This does not happen all the time, but often enough to be an annoyance
during testing.

Environment as follows:
1. FreeBSD 6.2-RELEASE 
[r...@crossbow /]# cat /usr/local/etc/php.ini | grep "session"

session.save_handler = files
session.save_path = "/var/tmp"
session.use_cookies = 1

[r...@crossbow /]# php -v
PHP 5.2.9 with Suhosin-Patch 0.9.7 (cli) (built: Mar 31 2009 12:24:17)

Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
[r...@crossbow /var/www/branches]# apachectl -v
Server version: Apache/2.0.63
Server built:   Apr 16 2008 16:52:47

---
2. Red Hat Enterprise Linux ES 4

[r...@131080-stagingdb /]# cat /etc/php.ini |grep "session"
session.save_handler = files
session.save_path = "/var/lib/php/session"
session.use_cookies = 1

[r...@131080-stagingdb /]# php -v
PHP 5.2.9 (cli) (built: Feb 27 2009 14:38:59) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
[r...@131080-stagingdb logs]# apachectl -v
Server version: Apache/2.0.52
Server built:   Jun 29 2007 05:07:13


Previous Comments:


[2008-02-28 17:50:49] ras...@php.net

session.save_path = "0;\tmp"

??  What is 0;\tmp supposed to mean?



[2008-02-28 12:04:47] m1ckx at hotmail dot com

I too am getting similar messages - essentially where the session file
is failing to create.  Unfortunately I am getting it all the time, which
is a problem as I am trying to teach myself PHP at home.

What is different for me is that I am running a Windows 2K server,
using IIS, and PHP 5.2.2.

The initial error I get at the first session_start() call is:
The description for Event ID ( 2 ) in Source ( PHP-5.2.2 ) cannot be
found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. The following information is part of the event: php[352], PHP
Warning:  session_start() [function.session-start]:
open(\tmp\sess_8t6afg6omu4au9ofqnru80l6r5, O_RDWR) failed: No such file
or directory (2) in F:\MixWeb\mdroot\php_sandpit\ch10\login.php on line
60.

The extract of my php.ini is:
[Session]

session.save_handler = files

session.save_path = "0;\tmp"

session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /

Having been trying to search down answers for this but so far no luck.



[2008-01-19 22:07:24] ozdemir_e at yahoo dot com

I have been getting the same error...

in php.ini file i have set the session.save_path to
public_html/cgi-bin/session

And the chmod of the session folder is 777

Everything looks fine technically but even if that... i get this
error.

I really need help to figure out this issue and fix it. And the hosting
company that i work with they insist on saying that it is not a server
error. But I do not understand that even if the chomod of the
session.save_path pointing to the correct folder and chmod 777, I am
getting this error.

PHP Warning:  session_start() [function.session-staPHP Warning: 
session_start() [function.session-start]:
open(/home/users/web/b469/as.x/sess_164a72ebe9813cc1b0341ad6f6edbc8a,
O_RDWR) failed: Read-only file system (30) in
/hermes/web03/b469/as./public_html/admin/index.php on line 31
PHP Warning:  Unknown(): Failed to write session data (files). Please
verify that the current setting of session.save_path is correct
(/home/users/web/b469/as.yuvamemlak/public_html/cgi-bin/session) in
Unknown on line 0


thank you in advance



[2007-12-28 23:45:50] allan at emeraldforest dot com

I have been experiencing the same (or very similar) problem. One
interesting thing that I found is that sometimes I can reload page A and
see the session data happily sitting there, but on page B the data is
not there. I have both pages open in tabs in Firefox and I can go back
and forth reloading the pages. Page A always has the data, page B never
does. Both pages require the same init.php script to start the session.



[2007-01-03 21:49:22] stranger at teuton dot org

I just started encountering this problem today, after having upgraded
to PHP5 from a PHP4 app. As with some of the other reports I have some
users reporting constant problems, while others have no pr

#44633 [NEW]: Write/read errors on vhosts

2008-04-03 Thread prikid at gmail dot com
From: prikid at gmail dot com
Operating system: FreeBSD 6.2-RELEASE
PHP version:  5.2.5
PHP Bug Type: Apache2 related
Bug description:  Write/read errors on vhosts

Description:

Note: This bug maybe related to bug#42826

I have setup virtual hosts within apache 2.0.62 configuration with
identical settings (except for paths to directories) 3 out of 5 users have
no problems, but for 2 others, temporary cache files (using smarty
templating system) produce errors as well as session files in /var/tmp.
All directories have correct user/group settings for apache and chmodded
775 recursively.

Again, file permissions and user settings are absolutely correct and work
for 3 out 2 users.

Suhosin patch and Zend Optimizer are disabled.

Reproduce code:
---
Main apache config:

User www
Group www

Vhost config in apache:


ServerName site.user1.crossbow
DocumentRoot /var/www/branches/site/user1/

php_value include_path
".:/var/www/branches/toolbox/user1:/var/www/branches/site/user1"
AllowOverride All
Options All



Expected result:

Able to write/read cached files in
"/var/www/branches/toolbox/user1/smarty/cache/" and
"/var/www/branches/toolbox/user1/smarty/templates_c" and "/var/tmp/"

Actual result:
--
Warning: Smarty error: problem creating directory
'/var/www/branches/toolbox/user1/smarty/cache/%%00/00F' in
/usr/local/www/branches/toolbox/user1/smarty/Smarty.class.php on line 1101



Warning: Unknown: open(/var/tmp//sess_bb88e3d0e6a8358dc818d6fc7a2f8625,
O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that
the current setting of session.save_path is correct () in Unknown on line
0

# cd /var/tmp
# ls -la
total 10
drwxrwxrwx   3 root  wheel  3072 Apr  3 14:46 .
drwxr-xr-x  24 root  wheel   512 Jan 31 17:12 ..
--   1 www   wheel 0 Apr  3 14:42
sess_462dae3f012480a23443be1051eb7b4e
sess_bb88e3d0e6a8358dc818d6fc7a2f8625
--   1 www   wheel 0 Apr  3 14:25 wrt0AId76
--   1 www   wheel 0 Apr  3 14:25 wrt0ynxfS
--   1 www   wheel 0 Apr  3 14:44 wrt1N4NTk

...

# cd /var/www/branches/toolbox/user1/smarty/templates_c/
# ls -la
total 32
d--x--x--x   2 www  www  512 Apr  3 14:44 %%47
d--x--x--x   2 www  www  512 Apr  3 14:44 %%5B

-- 
Edit bug report at http://bugs.php.net/?id=44633&edit=1
-- 
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=44633&r=trysnapshot52
Try a CVS snapshot (PHP 5.3): 
http://bugs.php.net/fix.php?id=44633&r=trysnapshot53
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=44633&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44633&r=fixedcvs
Fixed in release: 
http://bugs.php.net/fix.php?id=44633&r=alreadyfixed
Need backtrace:   http://bugs.php.net/fix.php?id=44633&r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=44633&r=needscript
Try newer version:http://bugs.php.net/fix.php?id=44633&r=oldversion
Not developer issue:  http://bugs.php.net/fix.php?id=44633&r=support
Expected behavior:http://bugs.php.net/fix.php?id=44633&r=notwrong
Not enough info:  
http://bugs.php.net/fix.php?id=44633&r=notenoughinfo
Submitted twice:  
http://bugs.php.net/fix.php?id=44633&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44633&r=globals
PHP 4 support discontinued:   http://bugs.php.net/fix.php?id=44633&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44633&r=dst
IIS Stability:http://bugs.php.net/fix.php?id=44633&r=isapi
Install GNU Sed:  http://bugs.php.net/fix.php?id=44633&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=44633&r=float
No Zend Extensions:   http://bugs.php.net/fix.php?id=44633&r=nozend
MySQL Configuration Error:http://bugs.php.net/fix.php?id=44633&r=mysqlcfg



#44633 [Fbk->Opn]: Write/read errors on vhosts

2008-04-03 Thread prikid at gmail dot com
 ID:   44633
 User updated by:  prikid at gmail dot com
 Reported By:  prikid at gmail dot com
-Status:   Feedback
+Status:   Open
 Bug Type: Apache2 related
 Operating System: FreeBSD 6.2-RELEASE
 PHP Version:  5.2.5
 Assigned To:  fb-req-jani
 New Comment:

Upgrading did not help. I run 'make test' and submitted the failed list
from the prompt. Also, a copy of phpinfo() from the box is available
here: http://www.undeveloped.net/testip.php.htm


Previous Comments:


[2008-04-03 21:02:43] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

And DO NOT apply any 3rd party patches to the sources. And make
absolutely sure your php.ini is free of any Zend extensions (Zend
optimizer, any caches, etc.)



[2008-04-03 19:11:52] prikid at gmail dot com

Description:

Note: This bug maybe related to bug#42826

I have setup virtual hosts within apache 2.0.62 configuration with
identical settings (except for paths to directories) 3 out of 5 users
have no problems, but for 2 others, temporary cache files (using smarty
templating system) produce errors as well as session files in /var/tmp.
All directories have correct user/group settings for apache and
chmodded 775 recursively.

Again, file permissions and user settings are absolutely correct and
work for 3 out 2 users.

Suhosin patch and Zend Optimizer are disabled.

Reproduce code:
---
Main apache config:

User www
Group www

Vhost config in apache:


ServerName site.user1.crossbow
DocumentRoot /var/www/branches/site/user1/

php_value include_path
".:/var/www/branches/toolbox/user1:/var/www/branches/site/user1"
AllowOverride All
Options All



Expected result:

Able to write/read cached files in
"/var/www/branches/toolbox/user1/smarty/cache/" and
"/var/www/branches/toolbox/user1/smarty/templates_c" and "/var/tmp/"

Actual result:
--
Warning: Smarty error: problem creating directory
'/var/www/branches/toolbox/user1/smarty/cache/%%00/00F' in
/usr/local/www/branches/toolbox/user1/smarty/Smarty.class.php on line
1101



Warning: Unknown: open(/var/tmp//sess_bb88e3d0e6a8358dc818d6fc7a2f8625,
O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify
that the current setting of session.save_path is correct () in Unknown
on line 0

# cd /var/tmp
# ls -la
total 10
drwxrwxrwx   3 root  wheel  3072 Apr  3 14:46 .
drwxr-xr-x  24 root  wheel   512 Jan 31 17:12 ..
--   1 www   wheel 0 Apr  3 14:42
sess_462dae3f012480a23443be1051eb7b4e
sess_bb88e3d0e6a8358dc818d6fc7a2f8625
--   1 www   wheel 0 Apr  3 14:25 wrt0AId76
--   1 www   wheel 0 Apr  3 14:25 wrt0ynxfS
--   1 www   wheel 0 Apr  3 14:44 wrt1N4NTk

...

# cd /var/www/branches/toolbox/user1/smarty/templates_c/
# ls -la
total 32
d--x--x--x   2 www  www  512 Apr  3 14:44 %%47
d--x--x--x   2 www  www  512 Apr  3 14:44 %%5B





-- 
Edit this bug report at http://bugs.php.net/?id=44633&edit=1



#44633 [Fbk->Opn]: Write/read errors on vhosts

2008-04-04 Thread prikid at gmail dot com
 ID:   44633
 User updated by:  prikid at gmail dot com
 Reported By:  prikid at gmail dot com
-Status:   Feedback
+Status:   Open
 Bug Type: Apache2 related
 Operating System: FreeBSD 6.2-RELEASE
 PHP Version:  5.2.5
 Assigned To:  fb-req-jani
 New Comment:

Default session.save_path() works for 2 developers, but bugs out for
other 3 (with identical settings set for everyone, and I'm sure I didn't
specify session.save_path() anywhere in the scripts).
With these settings in smarty:
var $_dir_perms = 0771;
if ($_make_new_dir && !file_exists($_new_dir) && [EMAIL PROTECTED]($_new_dir,
$smarty->_dir_perms) && !is_dir($_new_dir)) {
...

Php bugs out when creating a directory for unlucky developers. It sets
only executable bit, but no read/write bits (umask for apache user is
set to 022 and I've tried setting umask(0664); in the php as well)

P.S. Yeah, I'll go over the config file and clean it up from obsolete
packages ;-)


Previous Comments:


[2008-04-04 00:36:57] [EMAIL PROTECTED]

Why don't you set the session.save_path in your php.ini?

btw. You have dozens of configure options in your configure line that
don't even exist anymore. Pay attention to the list after running
configure.. :)

--------------------

[2008-04-03 22:19:31] prikid at gmail dot com

Upgrading did not help. I run 'make test' and submitted the failed list
from the prompt. Also, a copy of phpinfo() from the box is available
here: http://www.undeveloped.net/testip.php.htm



[2008-04-03 21:02:43] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

And DO NOT apply any 3rd party patches to the sources. And make
absolutely sure your php.ini is free of any Zend extensions (Zend
optimizer, any caches, etc.)

----------------

[2008-04-03 19:11:52] prikid at gmail dot com

Description:

Note: This bug maybe related to bug#42826

I have setup virtual hosts within apache 2.0.62 configuration with
identical settings (except for paths to directories) 3 out of 5 users
have no problems, but for 2 others, temporary cache files (using smarty
templating system) produce errors as well as session files in /var/tmp.
All directories have correct user/group settings for apache and
chmodded 775 recursively.

Again, file permissions and user settings are absolutely correct and
work for 3 out 2 users.

Suhosin patch and Zend Optimizer are disabled.

Reproduce code:
---
Main apache config:

User www
Group www

Vhost config in apache:


ServerName site.user1.crossbow
DocumentRoot /var/www/branches/site/user1/

php_value include_path
".:/var/www/branches/toolbox/user1:/var/www/branches/site/user1"
AllowOverride All
Options All



Expected result:

Able to write/read cached files in
"/var/www/branches/toolbox/user1/smarty/cache/" and
"/var/www/branches/toolbox/user1/smarty/templates_c" and "/var/tmp/"

Actual result:
--
Warning: Smarty error: problem creating directory
'/var/www/branches/toolbox/user1/smarty/cache/%%00/00F' in
/usr/local/www/branches/toolbox/user1/smarty/Smarty.class.php on line
1101



Warning: Unknown: open(/var/tmp//sess_bb88e3d0e6a8358dc818d6fc7a2f8625,
O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify
that the current setting of session.save_path is correct () in Unknown
on line 0

# cd /var/tmp
# ls -la
total 10
drwxrwxrwx   3 root  wheel  3072 Apr  3 14:46 .
drwxr-xr-x  24 root  wheel   512 Jan 31 17:12 ..
--   1 www   wheel 0 Apr  3 14:42
sess_462dae3f012480a23443be1051eb7b4e
sess_bb88e3d0e6a8358dc818d6fc7a2f8625
--   1 www   wheel 0 Apr  3 14:25 wrt0AId76
--   1 www   wheel 0 Apr  3 14:25 wrt0ynxfS
--   1 www   wheel 0 Apr  3 14:44 wrt1N4NTk

...

# cd /var/www/branches/toolbox/user1/smarty/templates_c/
# ls -la
total 32
d--x--x--x   2 www  www  512 Apr  3 14:44 %%47
d--x--x--x   2 www  www  512 Apr  3 14:44 %%5B





-- 
Edit this bug report at http://bugs.php.net/?id=44633&edit=1



#44633 [Fbk->Opn]: Write/read errors on vhosts

2008-04-04 Thread prikid at gmail dot com
 ID:   44633
 User updated by:  prikid at gmail dot com
 Reported By:  prikid at gmail dot com
-Status:   Feedback
+Status:   Open
 Bug Type: Apache2 related
 Operating System: FreeBSD 6.2-RELEASE
 PHP Version:  5.2.5
 Assigned To:  fb-req-jani
 New Comment:

I've checked smarty and our scripts for umask(), checked shell settings
and apache settings for umask(), but none of those exist anywhere in
scripts/shell profiles.
This is not only Smarty specific, but also sessions are affected (they
aren't created through smarty, but instantiated through our scripts).
Php creates an empty session file in '/var/tmp' with no permissions.
I've changed '/var/tmp' ownership to apache user, but php still bugs
out on it


Previous Comments:


[2008-04-04 18:06:04] [EMAIL PROTECTED]

I'm starting to think this is no bug at all, just a bug in either
Smarty or in how you use it. It propably does something stupid like uses
umask() function.

--------

[2008-04-04 13:38:04] prikid at gmail dot com

Default session.save_path() works for 2 developers, but bugs out for
other 3 (with identical settings set for everyone, and I'm sure I didn't
specify session.save_path() anywhere in the scripts).
With these settings in smarty:
var $_dir_perms = 0771;
if ($_make_new_dir && !file_exists($_new_dir) && [EMAIL PROTECTED]($_new_dir,
$smarty->_dir_perms) && !is_dir($_new_dir)) {
...

Php bugs out when creating a directory for unlucky developers. It sets
only executable bit, but no read/write bits (umask for apache user is
set to 022 and I've tried setting umask(0664); in the php as well)

P.S. Yeah, I'll go over the config file and clean it up from obsolete
packages ;-)



[2008-04-04 00:36:57] [EMAIL PROTECTED]

Why don't you set the session.save_path in your php.ini?

btw. You have dozens of configure options in your configure line that
don't even exist anymore. Pay attention to the list after running
configure.. :)

----------------

[2008-04-03 22:19:31] prikid at gmail dot com

Upgrading did not help. I run 'make test' and submitted the failed list
from the prompt. Also, a copy of phpinfo() from the box is available
here: http://www.undeveloped.net/testip.php.htm



[2008-04-03 21:02:43] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

And DO NOT apply any 3rd party patches to the sources. And make
absolutely sure your php.ini is free of any Zend extensions (Zend
optimizer, any caches, etc.)



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/44633

-- 
Edit this bug report at http://bugs.php.net/?id=44633&edit=1



#42569 [NEW]: json_encode does not escape single quotes

2007-09-05 Thread prikid at gmail dot com
From: prikid at gmail dot com
Operating system: FreeBSD 6
PHP version:  5.2.4
PHP Bug Type: JSON related
Bug description:  json_encode does not escape single quotes

Description:

When using json_encode() and trying to insert into mysql table field with
single quotes - single quote is not escaped and mysql produces error.

Reproduce code:
---
$name = "Mike O'Brien";
$email = "[EMAIL PROTECTED]";
$settings = array("name"=> $name,"email" => $email);
$json = json_encode($settings);
$sql = "INSERT INTO `users` VALUES('".$json."')";
$result = mysql_query($sql) or die (mysql_error());

Expected result:

Successfull mysql insertion with escaped single quote.

Actual result:
--
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near 'Brien

-- 
Edit bug report at http://bugs.php.net/?id=42569&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=42569&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=42569&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=42569&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=42569&r=fixedcvs
Fixed in release: 
http://bugs.php.net/fix.php?id=42569&r=alreadyfixed
Need backtrace:   http://bugs.php.net/fix.php?id=42569&r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=42569&r=needscript
Try newer version:http://bugs.php.net/fix.php?id=42569&r=oldversion
Not developer issue:  http://bugs.php.net/fix.php?id=42569&r=support
Expected behavior:http://bugs.php.net/fix.php?id=42569&r=notwrong
Not enough info:  
http://bugs.php.net/fix.php?id=42569&r=notenoughinfo
Submitted twice:  
http://bugs.php.net/fix.php?id=42569&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=42569&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=42569&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=42569&r=dst
IIS Stability:http://bugs.php.net/fix.php?id=42569&r=isapi
Install GNU Sed:  http://bugs.php.net/fix.php?id=42569&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=42569&r=float
No Zend Extensions:   http://bugs.php.net/fix.php?id=42569&r=nozend
MySQL Configuration Error:http://bugs.php.net/fix.php?id=42569&r=mysqlcfg


#42569 [Opn]: json_encode does not escape single quotes

2007-09-05 Thread prikid at gmail dot com
 ID:   42569
 User updated by:  prikid at gmail dot com
 Reported By:  prikid at gmail dot com
 Status:   Open
 Bug Type: JSON related
 Operating System: FreeBSD 6
 PHP Version:  5.2.4
 New Comment:

$name = "Mike O'Brien";
$name = mysql_escape_string($name);
$email = "[EMAIL PROTECTED]";
$settings = array("name" => $name,"email" => $email);
$json = json_encode($settings);

var_dump($json);

---
output is:
string(49) "{"name":"Mike O\\'Brien","email":"[EMAIL PROTECTED]"}"

Double quoted and still generates error when trying to insert into
mysql db.


Previous Comments:


[2007-09-05 18:41:47] bas at tobin dot nl

that's correct... JSON is just a way to serialize data to a string.

It's not the purpose of JSON to serialize data to be directly included
in a statement for a specific database. 

The way MySQL escape strings is not a "universal" method as for
instance MS SQL does it another way. 

If you wish to use JSON to store data in MySQL you should escape the
JSON string with the specific MySQL function to escape strings, see the

mysql_escape_string() and mysql_real_escape_string() functions



[2007-09-05 18:22:12] prikid at gmail dot com

Description:

When using json_encode() and trying to insert into mysql table field
with single quotes - single quote is not escaped and mysql produces
error.

Reproduce code:
---
$name = "Mike O'Brien";
$email = "[EMAIL PROTECTED]";
$settings = array("name"=> $name,"email" => $email);
$json = json_encode($settings);
$sql = "INSERT INTO `users` VALUES('".$json."')";
$result = mysql_query($sql) or die (mysql_error());

Expected result:

Successfull mysql insertion with escaped single quote.

Actual result:
--
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near 'Brien





-- 
Edit this bug report at http://bugs.php.net/?id=42569&edit=1