[PHP-DEV] Bug #4287: using php3_* directives in .htaccess causes strange Values From: mdobel <email protected>
Date: 05/01/00

From: mdobel <email protected>
Operating system: Linux (Kernel 2.2, Various Distributions)
PHP version: 3.0.16
PHP Bug Type: Other
Bug description: using php3_* directives in .htaccess causes strange Values

When redefining php3_prepend_file and php3_include_path (possibly others, too?) in an .htaccess file, the serving apache process does not reset them to default values afterwards, when there's also a .htaccess file in the next directory accessed.
I reproduced this on
RedHat 6.1 (Apache/1.3.9 (Unix) (Red Hat/Linux) mod_ssl/2.4.8 OpenSSL/0.9.4 PHP/3.0.16),
Mandrake 7 (Apache/1.3.9 (NetRevolution Advanced Extranet Server/Linux-Mandrake) mod_ssl/2.4.9 OpenSSL/0.9.4 mod_perl/1.21 PHP/3.0.16) and
Suse 6.2 (Apache/1.3.9 (Unix) (SuSE/Linux) mod_perl/1.21 PHP/3.0.16 mod_ssl/2.4.7 OpenSSL/0.9.4)

In all three cases i used the apache-rpm which came with the distribution and compiled php as a DSO-Module. I'll now describe the third install on Suse, since this was a clean new install with almost no changes in any files. I don't know, what may be important and what may not, so I'll be as verbose as possible.

The configure-line was:

./configure --with-apxs=/usr/sbin/apxs --with-xml --with-mysql=/usr
--with-dbase=yes --with-ftp --with-pdflib --with-libtiff=/usr
--with-libjpeg=/usr --with-gd=/usr --with-zlib=/usr --with-ttf=/usr
--with-config-file-path=/etc/httpd --enable-debug=no
--enable-safe-mode=no --enable-track-vars=yes --enable-magic-quotes=yes
--enable-bcmath=yes --enable-memory-limit=yes --enable-sysvsem
--enable-sysvshm

In httpd.conf i added/changed an "AllowOverride all" for the Directories:

/usr/local/httpd/htdocs
/home/blafasel/public_html

The rest remained unchanged, fresh from the rpm.

In php3.ini
include_path is "."
and auto_prepend_file is commented out.

Both directories have a subdir named "test" containing the following files:

in /usr/local/httpd/htdocs/test/:
.htaccess:
php3_magic_quotes_runtime off
order deny,allow
deny from all
allow from xxx.xxx.xxx. yyy.yyy.yyy. (change this so it fits for your network)

index.php3:
<?php phpinfo(); ?>

Those files belong to root.root.

in /home/blafasel/public_html/test/:
.htaccess:
php3_include_path ".:/home/blafasel/public_html/test"
php3_auto_prepend_file "/home/blafasel/public_html/test/include.php3"

index.php3:
<?php phpinfo(); ?>

include.php3 is an empty file (0 bytes)

Those files belong to blafasel.users.

Now i started my browser and opened the URL
http://servername/test/index.php3
Everything's fine at this time, php3_auto_prepend_file is set to "none", php3_include_path is set to "."

Then i opened the URL http://servername/test/~blafasel/test/index.php3 in my Browser and hit the RELOAD-button a couple of times to "infect" as many httpd-processes as possible, since the bug seems to be "per process". It may be a good idea to adjust MaxClients and MaxSpareServers to some small values for testing this.

Now I reload the first URL, http://servername/test/index.php3
At this point I get the Error Message, that the required File <some random ascii characters> could not be found.

I added the line "php3_auto_prepend_file none" to
/usr/local/htdocs/test/.htaccess
to make the phpinfo(); show again, and the include_path was also set to something weird, either some text fragment from the .htaccess (part of the allowed ip's or the word "order" for example) or also just random ascii characters.

Regards, Markus 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>