Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:45210 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 32787 invoked from network); 4 Aug 2009 03:57:16 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Aug 2009 03:57:16 -0000 Authentication-Results: pb1.pair.com smtp.mail=scott@macvicar.net; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=scott@macvicar.net; sender-id=unknown Received-SPF: error (pb1.pair.com: domain macvicar.net from 97.107.131.220 cause and error) X-PHP-List-Original-Sender: scott@macvicar.net X-Host-Fingerprint: 97.107.131.220 whisky.macvicar.net Linux 2.6 Received: from [97.107.131.220] ([97.107.131.220:39807] helo=whisky.macvicar.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 32/42-43528-B91B77A4 for ; Mon, 03 Aug 2009 23:57:16 -0400 Received: from [192.168.1.105] (macvicar.demon.co.uk [80.177.111.173]) by whisky.macvicar.net (Postfix) with ESMTP id 0F8A03C8D2E; Mon, 3 Aug 2009 23:57:11 -0400 (EDT) Cc: jani.taskinen@iki.fi, Jani Taskinen , internals@lists.php.net Message-ID: To: daniel@zoltak.com In-Reply-To: <20090804134933.vf99eu7e8so8gg4w@webmail.zoltak.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Tue, 4 Aug 2009 04:57:10 +0100 References: <20090731101017.jcs6fiyk0sg4gcok@webmail.zoltak.com> <4A72A254.8030808@sci.fi> <4A7545C4.60202@zoltak.com> <4A75A950.6030701@sci.fi> <4A760126.9070002@lerdorf.com> <4A76199F.9040701@sci.fi> <20090803145207.l09o05kib4ow8448@webmail.zoltak.com> <4A76993F.5000401@sci.fi> <20090803215255.0vh3a3gif4wk8o0w@webmail.zoltak.com> <4A76D3DB.4040106@sci.fi> <20090803221910.mmhi8jy20o48gc00@webmail.zoltak.com> <4A76D997.5090008@sci.fi> <20090804121441.wuq024oznoc88c4o@webmail.zoltak.com> <374A7AD0-D3BE-4FAE-BBBF-9B08D3A613E5@macvicar.net> <20090804134933.vf99eu7e8so8gg4w@webmail.zoltak.com> X-Mailer: Apple Mail (2.935.3) Subject: Re: [PHP-DEV] fopen_wrappers.c DOCUMENT_ROOT .htaccess error From: scott@macvicar.net (Scott MacVicar) On 4 Aug 2009, at 04:49, daniel@zoltak.com wrote: > Quoting Scott MacVicar : >>> 1. Is it safe to lookup the DOCUMENT_ROOT in fopen_wrappers. If >>> not is there an alternative? >> >> Not at the point the function is being executed on a fresh child >> start >> PHP hasn't always been fully started by the time it's doing the >> config >> merging. None of the SAPI variables have been imported. >> >> You might be able to use sapi_getenv("DOCUMENT_ROOT", >> sizeof("DOCUMENT_ROOT")) > > This method dosen't appear to work. Any chance of a clarification on "doesn't appear to work"? Does it fail to compile or is it killing unicorns :-) > >> Another solution is to skip doing you check before the SAPI is >> loaded :-) > > If we do this then we cannot determine if the error_log is in the > DOCUMENT_ROOT. This was the vulnerability that we were fixing in the first place and no doubt the source of the error. > >>> 2. Why was this working in PHP 5.2.6 but now broken in 5.2.1x? >> >> Are you sure you were using 5.2.6? We never checked the error_log >> value until 5.2.4, it's the first version to have it. > > Yes I am positive it was PHP 5.2.6 - It worked with 5.2.4 and 5.2.5 > as well. It would be intresting to understand why it worked in these > versions. > > Do you know the first version it stopped working? 5.2.7 - 5.2.10 is about 15 months worth of bug fixes. Narrowing it down to a particular version would help. Scott