Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:32365 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 96193 invoked by uid 1010); 18 Sep 2007 10:42:27 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 96178 invoked from network); 18 Sep 2007 10:42:27 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Sep 2007 10:42:27 -0000 Authentication-Results: pb1.pair.com smtp.mail=tienshiao@tienshiao.org; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tienshiao@tienshiao.org; sender-id=pass Received-SPF: pass (pb1.pair.com: domain tienshiao.org designates 72.36.141.82 as permitted sender) X-PHP-List-Original-Sender: tienshiao@tienshiao.org X-Host-Fingerprint: 72.36.141.82 82.141.36.72.static.reverse.ltdomains.com Linux 2.4/2.6 Received: from [72.36.141.82] ([72.36.141.82:56892] helo=mail.tienshiao.org) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B0/43-07657-29BAFE64 for ; Tue, 18 Sep 2007 06:42:27 -0400 Received: from netblock-68-183-234-40.dslextreme.com ([68.183.234.40] helo=[192.168.0.50]) by mail.tienshiao.org with esmtpa (Exim 4.50) id 1IXaX6-0005Ad-CQ for internals@lists.php.net; Tue, 18 Sep 2007 05:42:24 -0500 Message-ID: <46EFABFE.1070907@tienshiao.org> Date: Tue, 18 Sep 2007 03:44:14 -0700 User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -3.6 (---) X-Spam-Report: Spam detection software, running on the system "debian", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi all, I did a quick search in the bug tracker and the mailing list archives and didn't see anything. It looks like SetEnv PHPRC and Apache CGI redirection are not compatible. [...] Content analysis details: (-3.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.8 ALL_TRUSTED Did not pass through any untrusted hosts -0.8 AWL AWL: From: address is in the auto white-list Subject: SetEnv PHPRC and Apache CGI redirection From: tienshiao@tienshiao.org (Tienshiao Ma) Hi all, I did a quick search in the bug tracker and the mailing list archives and didn't see anything. It looks like SetEnv PHPRC and Apache CGI redirection are not compatible. When Apache is configured as indicated at http://php.net/security.cgi-bin and as recommended at http://www.php.net/manual/en/configure.php#configure.enable-force-cgi-redirect, it appears that SetEnv PHPRC cannot be used to specify a php.ini. SetEnv PHPRC works (and can be seen when tested with a traditional CGI script, say written in Perl) but when the request goes to PHP via the internal Apache redirect, the PHPRC environmental variable gets rewritten as REDIRECT_PHPRC. This is why the CGI SAPI checks for the existence of the environmental variable REDIRECT_STATUS if "--enable-force-cgi-redirect" is specified. Would it be reasonable to patch php_ini.c to check REDIRECT_PHPRC if FORCE_CGI_REDIRECT is defined? This way both the SetEnv method and the shell wrapper exporting PHPRC will work. I just discovered the problem today, and have only skimmed through the php_ini.c code. Doesn't look too difficult to add to the search_path, but the ini_filename would probably require some sort of policy decision (which has precedence if both PHPRC and REDIRECT_PHPRC exist -- I assume PHPRC would). Curious about how others feel about this issue. Thanks, Tienshiao