[PHP-DEV] Bug #15140 Updated: mcrypt fails for twofish but work properly for all other type of encryption
ID: 15140 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Assigned Bug Type: mcrypt related Operating System: Redhat 7.2 PHP Version: 4.1.1 Assigned To: derick New Comment: Yeap, It is already coded in the internal_init_mcrypt function but a small bug in libmcrypt seem to be present. The free(sizes) is too high up it should be moved down to out of the if/else/else/... I submitted a patch to libmcrypt and wainting for a comment from Nickos. Thanks again Previous Comments: [2002-02-01 02:51:56] [EMAIL PROTECTED] Well, PHP works around a lot of those issues in libmcrypt, and actually, the extension should work around it in this case too IMO. I guess mcrypt_enc_get_supported_key_sizes should be used in mcrypt_generic_init in some way. Can you see if this is feasable? Derick [2002-02-01 02:35:03] [EMAIL PROTECTED] Problem found in libmcrypt... The cause of the SEGFAULT is due to the key being of the wrong length. The only accepted values for key length are 16,24 and 32 bytes. Otherwise this cause libmcrypt to generate a segfault for twofish. Hope to find a way to correct libmcrypt to report gracefully that the key length is wrong. If not it may need to be implemented in php (That would be the BAD Way of doing it). BG [2002-02-01 01:17:16] [EMAIL PROTECTED] Derick, Closer to a solution... Mcrypt Bug is found but not fixed. OK Here is the symptoms: In The PHP Code the function mcrypt_generic_init (td, key_s, key_size,iv_s) is called with key_size=19. (should be 16 and I don't know why yet) This will gives the segfault. Try it in mcrypt-2.4.18/doc/example.c change the line at the beginning of the main int keysize=16; /* 128 bits */ to int keysize=19; /* 128 bits */ Compile and BOOM Crash Segfault. Ok Now why is php thinks the keysize should be 19. to test check this code: The Culprit code is in yourphpsource/ext/mcrypt/mcrypt.c line 494 php-4.1.1 add the two line. You will see that Part 12 will never get executed for twofish. and keysize is 19. added fprintf(stderr, MCRYPT Debug Part 11\nKey_s:%s, \nKey_Size:%d,\nIV:%s, \nIV_S:%s, \n,key_s, key_size, iv_s); result = mcrypt_generic_init (td, key_s, key_size, iv_s); added fprintf(stderr, MCRYPT Debug Part 12\n); Will come back with an answer BG [2002-01-21 09:48:24] [EMAIL PROTECTED] To be completely clear, Derick asked to file a bugreport in the PHP-bugs-system about mcrypt not passing some PHP-tests, not to send the mcrypt-folks a bugreport. [2002-01-21 07:22:12] [EMAIL PROTECTED] That was quick. I am also sending a Bug Report to mcrypt. Testing with GOST Fail in the Same Way. Works for the others listed below. //T($user_id, MCRYPT_TWOFISH); // Generates Seg Fault. //T($user_id, MCRYPT_GOST); // Crash The System like TWOFISH T($user_id, MCRYPT_TripleDES); // Good T($user_id, MCRYPT_BLOWFISH); // Good T($user_id, MCRYPT_DES);// Good T($user_id, MCRYPT_RC2); // Good The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=15140 Edit this bug report at http://bugs.php.net/?id=15140edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] [PATCH] fix for #14899
Below is the patch for bug #14899 about imagetypes() not reporting
support for GIFs.
Can someone apply this patch?
Sander
Index: gd.c
===
RCS file: /repository/php4/ext/gd/gd.c,v
retrieving revision 1.175
diff -u -r1.175 gd.c
--- gd.c2 Jan 2002 01:25:48 - 1.175
+++ gd.c1 Feb 2002 08:39:44 -
@@ -928,7 +928,7 @@
PHP_FUNCTION(imagetypes)
{
int ret=0;
-#ifdef HAVE_GD_GIF
+#ifdef HAVE_GD_GIF_CREATE
ret = 1;
#endif
#ifdef HAVE_GD_JPG
@@ -1204,7 +1204,7 @@
#else /* HAVE_GD_GIF_READ */
php_error(E_WARNING, ImageCreateFromGif: No GIF read support
in this PHP build);
RETURN_FALSE;
-#endif /* HAVE_GD_GIF */
+#endif /* HAVE_GD_GIF_READ */
}
/* }}} */
@@ -1431,10 +1431,10 @@
#else
_php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU,
PHP_GDIMG_TYPE_GIF, GIF, gdImageGif);
#endif
-#else /* HAVE_GD_GIF */
+#else /* HAVE_GD_GIF_CREATE */
php_error(E_WARNING, ImageGif: No GIF create support in this
PHP build);
RETURN_FALSE;
-#endif /* HAVE_GD_GIF */
+#endif /* HAVE_GD_GIF_CREATE */
}
/* }}} */
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [PATCH] fix for #14899
Hello Sander,
I committed it.
Derick
On Fri, 1 Feb 2002, Sander Roobol wrote:
Below is the patch for bug #14899 about imagetypes() not reporting
support for GIFs.
Can someone apply this patch?
Sander
Index: gd.c
===
RCS file: /repository/php4/ext/gd/gd.c,v
retrieving revision 1.175
diff -u -r1.175 gd.c
--- gd.c 2 Jan 2002 01:25:48 - 1.175
+++ gd.c 1 Feb 2002 08:39:44 -
@@ -928,7 +928,7 @@
PHP_FUNCTION(imagetypes)
{
int ret=0;
-#ifdef HAVE_GD_GIF
+#ifdef HAVE_GD_GIF_CREATE
ret = 1;
#endif
#ifdef HAVE_GD_JPG
@@ -1204,7 +1204,7 @@
#else /* HAVE_GD_GIF_READ */
php_error(E_WARNING, ImageCreateFromGif: No GIF read support
in this PHP build);
RETURN_FALSE;
-#endif /* HAVE_GD_GIF */
+#endif /* HAVE_GD_GIF_READ */
}
/* }}} */
@@ -1431,10 +1431,10 @@
#else
_php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU,
PHP_GDIMG_TYPE_GIF, GIF, gdImageGif);
#endif
-#else /* HAVE_GD_GIF */
+#else /* HAVE_GD_GIF_CREATE */
php_error(E_WARNING, ImageGif: No GIF create support in this
PHP build);
RETURN_FALSE;
-#endif /* HAVE_GD_GIF */
+#endif /* HAVE_GD_GIF_CREATE */
}
/* }}} */
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Derick Rethans
-
PHP: Scripting the Web - www.php.net - [EMAIL PROTECTED]
SRM: Site Resource Manager - www.vl-srm.net
-
JDI Media Solutions - www.jdimedia.nl - [EMAIL PROTECTED]
Boulevard Heuvelink 102 - 6828 KT Arnhem - The Netherlands
-
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DEV] [PATCH] fix for #14899
Would this also, by chance, fix my problem? :)
james
-Original Message-
From: Sander Roobol [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 01, 2002 8:51 AM
To: [EMAIL PROTECTED]
Subject: [PHP-DEV] [PATCH] fix for #14899
Below is the patch for bug #14899 about imagetypes() not reporting
support for GIFs.
Can someone apply this patch?
Sander
Index: gd.c
===
RCS file: /repository/php4/ext/gd/gd.c,v
retrieving revision 1.175
diff -u -r1.175 gd.c
--- gd.c 2 Jan 2002 01:25:48 - 1.175
+++ gd.c 1 Feb 2002 08:39:44 -
@@ -928,7 +928,7 @@
PHP_FUNCTION(imagetypes)
{
int ret=0;
-#ifdef HAVE_GD_GIF
+#ifdef HAVE_GD_GIF_CREATE
ret = 1;
#endif
#ifdef HAVE_GD_JPG
@@ -1204,7 +1204,7 @@
#else /* HAVE_GD_GIF_READ */
php_error(E_WARNING, ImageCreateFromGif: No GIF read support
in this PHP build);
RETURN_FALSE;
-#endif /* HAVE_GD_GIF */
+#endif /* HAVE_GD_GIF_READ */
}
/* }}} */
@@ -1431,10 +1431,10 @@
#else
_php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU,
PHP_GDIMG_TYPE_GIF, GIF, gdImageGif);
#endif
-#else /* HAVE_GD_GIF */
+#else /* HAVE_GD_GIF_CREATE */
php_error(E_WARNING, ImageGif: No GIF create support in this
PHP build);
RETURN_FALSE;
-#endif /* HAVE_GD_GIF */
+#endif /* HAVE_GD_GIF_CREATE */
}
/* }}} */
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14899 Updated: error in GD/GIF handling
ID: 14899 Updated by: derick Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: GD related Operating System: Debian GNU/Linux PHP Version: 4.1.1 New Comment: Fixed in CVS Previous Comments: [2002-01-07 03:03:14] [EMAIL PROTECTED] When is php compiled with GD 1 with GIF then phpinfo() returns correcly but imagetypes() doesn't think GIF is supported. The fix should be in ext/gd/gd.c line 931 to s/HAVE_GD_GIF/HAVE_GD_GIF_CREATE/ courtesy Bill Sidhipong Edit this bug report at http://bugs.php.net/?id=14899edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] CVS Account Request: spg1et
I want to help to translete the PHP manual in Romanian -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Webmin PHP... strange problems!
Thank you Jason... really! Now I begun to let it work a little... I found also, searching about the variables you said me in the sources, that if I enable the configure option --enable-discard-path, the variables are not more needed, and the php begin to works! WOW! So, I say it begins to work, because I've jumped into a well known bug, that let alwasy displays #!/usr/local/bin/php at the beginning of the php output... this can cause problems also with additional headers, that cannot be sent... is there a way to let this #!/usr/local/bin/php exit from php door... isn't it ?!? can be also this solved passing some variables ? Anyway, this #!/usr/local/bin/php is displayed both from command line and from a not too friendly webmin environment... thank you very much, prakash First off, you are correct in mailing this problem to php-dev, as the follow information is not documented. Your problem is most likey due to the fact, that webmin does set one of the following environment variables: SERVER_SOFTWARE SERVER_NAME GATEWAY_INTEFACE REQUEST_METHOD Currently the PHP CGI SAPI tries to determine if it is getting called by a webserver or by the command line. This is problematic, as you have seen. Due to these problems, a new CLI SAPI is being implemented, for all general purpose scripting, and I would highly recommend switching to such SAPI. Basicly, your problem is caused by the fact that the cgi sapi has detected that it is being called by a webserver by looking at the previously mentioned environment variables, and noticing that one of them haa a value. The UNIX shebang( #! ) just passses the script your are executing (in your case bbb.cgi) as an argument. When the CGI SAPI has detected it is being called by a webserver, it ignores all parameters. Instead, it determines which script to run by extracting it from the following environment variables (depending on your configuration): PATH_TRANSLATED SCRIPT_FILENAME You have three possible workarounds: 1. Unset the 4 defined env vars before executing bbb.cgi 2. Set PATH_TRANSLATED and SCRIPT_FILENAME to point to bbb.cgi 2. Create a wrapper script, as you have already done I Hope this clears up your problem. -- Jason T. Greene Internet Software Engineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Use PHP: http://www.php.net On Sat, 2002-01-26 at 04:04, Prakash wrote: Hi, I'm trying to execute a Webmin script where I can use php as scripting language... (It will be good to work with a language as php in a remote administration server, as root! potentially dangerous but good!) Now the STRANGE problem: (seems to be some env variables (maybe I'm wrong) when executing PHP as CGI...) When I execute a test.cgi program from Webmin, it's executed as root, as it was from command line... that's good. The problem is that Webmin execute well _every_ program I tried , EXCEPT php ! It seems that php needs some env variables to work well, and these variables aren't provided from the Webmin interface, so to solve the problem I've first to understand WHY php does not work... - Maybe I can better explain with 2 samples: file aaa.cgi #!/bin/bash echo Content-type: text/plain echo echo aaa touch /home/test.txt file bbb.cgi #!/usr/local/bin/php -q ?php echo Content-type: text/plain\n\n; echo aaa\n; $fd = fopen(/home/test.txt,w); fclose($fd); ? Now, the 2 programs are quite the same... (if test.txt does not exist...) But, the 2 programs behave the same way only if you execute them _from command line_. If you execute them from the Webmin interface (very good for remote administration, that lets execute programs as user root), they behave differently: aaa.cgi is the same, displays aaa on the remote web-browser, and creates (well, if text.txt doesn't exist) a local file. bbb.cgi does nothing, sends no http headers, no aaa, and does not create the file... It seems that PHP needs some env variables, and without them, it suddenly stops without parsing the file... am I right ?!? I've also tried to escape from this problem (until understood and solved) with a third program: file ccc.cgi #!/bin/bash /usr/bin/at -f /path/bbb.cgi now+1minute touch /home/test2.txt If I call ccc.cgi from Webmin and then from command line, the 2 executions are scheduled properly, and look really the same (root user,same program,...) but the task scheduled from Webmin is not executed properly... the php seems to stop with no output. Also with a file like this: file ddd.cgi #!/bin/bash /path/bbb.cgi 21 test3.txt show that php really has no output on stdout or stderr (bbb.cgi is the IInd file, and test3.txt is created, but 0 bytes long when invoked from Webmin!)
[PHP-DEV] Bug #15316 Updated: Segmentation fault on Interbase blob creation
ID: 15316
Updated by: sander
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Feedback
Bug Type: InterBase related
Operating System: Linux 2.4.17-xfs
PHP Version: 4.1.1
New Comment:
Can you provide a backtrace? (see
http://bugs.php.net/bugs-generating-backtrace.php)
Previous Comments:
[2002-01-31 13:08:32] [EMAIL PROTECTED]
Here is my configure line:
./configure --with-apxs --with-mysql=/usr --enable-track-vars
--with-ldap --with-unixODBC=/usr
--with-mcrypt --with-interbase=/opt/interbase --with-gd=/usr
[2002-01-31 13:04:21] [EMAIL PROTECTED]
When I try to insert an image into a blob, a segmentation
fault occurs in apache. This all worked fine in previous
versions of php that I used (4.0.4 - 4.0.6). I have recreated
this segfault on two different machines, with PHP as DSO, and
compiled-in.
Here is what seems to be the offending code in my script:
if ($ibaseconn) {
$blob_id = ibase_blob_create();
$blob_id_str = ibase_blob_close($blob_id);
if ($noDB != 1) {
ibase_query(UPDATE WN_Client_Data SET WN_Client_DataLogo=?,
WN_Client_DataLogoType = '$thisType'
WHERE WN_ClientID = '$WN_ClientID',$blob_id_str);
} else {
ibase_query(INSERT INTO WN_Client_Data (WN_ClientID,
WN_Client_DataLogo, WN_Client_DataLogoType,
WN_Client_DataBriefDesc, WN_Client_DataExtDesc) VALUES ((SELECT
WN_ClientID FROM WN_User WHERE
WN_UserUserName='$HTTP_COOKIE_VARS[directUser]'), ?, ,'','',
'');,$blob_id_str);
}
}
Edit this bug report at http://bugs.php.net/?id=15316edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15140 Updated: mcrypt fails for twofish but work properly for all other type of encryption
ID: 15140
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Assigned
Bug Type: mcrypt related
Operating System: Redhat 7.2
PHP Version: 4.1.1
Assigned To: derick
New Comment:
Derick,
last thing as with the new patch I get no more problem. Here is two
test phpt for mcrypt to test this bug
See Ya
File 002.phpt
--TEST--
Bug #15140 Test TripleDES (Should be ok)
--SKIPIF--
?php if (!extension_loaded(mcrypt)) print skip; ?
--POST--
--GET--
--FILE--
?php
// Problem with TWOFISH and mcrypt under PHP 4.0.6 and 4.1.1
// Tested with libmcrypt 2.4.11 2.4.13 2.4.18 2.4.19 (Broken does not
pass make check)
// When Loading This Page you should see the time and a Cookie Number.
// If you test with TWOFISH It give a Segmentation Failure in the
Apache Error Log
// But Will Work With 3DES.
//
// I now use libmcrypt 2.4.18
//
// Strange.
// [EMAIL PROTECTED] REMOVE NOSPAM
//
function T ( $user_id, $Encryption ) {
$session_serial = $user_id .
A_TEXT_TO_TEST_THE_KEY_GENERATION;
echo Cypher: . $Encryption . \n;
$sessionKey=SessionKeyYouChoose; // Obviously not the one we
use:)
// Fails with TWOFISH but Works with TripleDES
// Code Fail to produce Code.
$td = mcrypt_module_open($Encryption, , MCRYPT_MODE_ECB,
);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size ($td),
MCRYPT_RAND);
mcrypt_generic_init($td, $sessionKey, $iv);
$encrypted_session_serial = mcrypt_generic($td,
$session_serial);
mcrypt_generic_end($td);
$session_serial_hash =
md5($encrypted_session_serial.$sessionKey);
$session_serial_cookie =
base64_encode($encrypted_session_serial).'-'.$session_serial_hash;
return $session_serial_cookie;
}
// If you don't see the time number increasing it is because Apache
child seg fault
// Check your apache/logs/error_log that is the problem.
$user_id=120804;
//$test = T($user_id, MCRYPT_TWOFISH);
$test = T($user_id, MCRYPT_TripleDES);
echo Cookie is : $test\n;
echo The End\n;
?
--EXPECT--
Cypher: tripledes
Cookie is :
OXYSlBYiGQb2c65SfOjv1nIGlm9v05aeFUNtMbpCyppWfz2b/LtpPw==-426e3b6216305dac2467bd99c270740e
The End
File 003.phpt
--TEST--
Bug #15140 Test TwoFish with Key not 16,24 or 32.
--SKIPIF--
?php if (!extension_loaded(mcrypt)) print skip; ?
--POST--
--GET--
--FILE--
?php
// Problem with TWOFISH and mcrypt under PHP 4.0.6 and 4.1.1
// Tested with libmcrypt 2.4.11 2.4.13 2.4.18 2.4.19 (Broken does not
pass make check)
// When Loading This Page you should see the time and a Cookie Number.
// If you test with TWOFISH It give a Segmentation Failure in the
Apache Error Log
// But Will Work With 3DES.
//
function T ( $user_id, $Encryption ) {
$session_serial = $user_id .
A_TEXT_TO_TEST_THE_KEY_GENERATION;
echo Cypher: . $Encryption . \n;
$sessionKey=SessionKeyYouChoose; // if it is not 16,24 or 32
bytes long would fail with SEGFAULT:)
// 19 Failed bigtime on most
CPU.
// Fails with TWOFISH but Works with TripleDES
// Code Fail to produce Code.
$td = mcrypt_module_open($Encryption, , MCRYPT_MODE_ECB,
);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size ($td),
MCRYPT_RAND);
mcrypt_generic_init($td, $sessionKey, $iv);
$encrypted_session_serial = mcrypt_generic($td,
$session_serial);
mcrypt_generic_end($td);
$session_serial_hash =
md5($encrypted_session_serial.$sessionKey);
$session_serial_cookie =
base64_encode($encrypted_session_serial).'-'.$session_serial_hash;
return $session_serial_cookie;
}
// If you don't see the time number increasing it is because Apache
child seg fault
// Check your apache/logs/error_log that is the problem.
$user_id=120804;
$test = T($user_id, MCRYPT_TWOFISH);
//$test = T($user_id, MCRYPT_TripleDES);
echo Cookie is : $test\n;
echo The End\n;
?
--EXPECT--
Cypher: twofish
Cookie is :
rq6VWCfWb8WtBmVZseA4zBjkC2OEAzfZCI1DotaxgYrFRPT3LZW0WAQQM31XWYsC-4dfc43e86267d859b8a1a64c563bb2da
The End
Previous Comments:
[2002-02-01 03:41:07] [EMAIL PROTECTED]
Yeap,
It is already coded in the internal_init_mcrypt function but a
small bug in libmcrypt seem to be present. The free(sizes) is too high
up it should be moved down to out of the if/else/else/... I submitted a
patch to libmcrypt and wainting for a comment from Nickos.
Thanks again
[2002-02-01 02:51:56] [EMAIL PROTECTED]
Well, PHP works around a lot of those issues in libmcrypt, and
actually, the extension should work around it in this case too IMO. I
guess mcrypt_enc_get_supported_key_sizes should be used in
mcrypt_generic_init in some way.
Can you see if this is feasable?
Derick
[PHP-DEV] Build failure on BSD (current cvs)
Is it just me having a really shitty day, or has anyone else noticed that current CVS fails on BSD? Athena:~/packages/php4# make Making all in Zend /bin/sh ../libtool --silent --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../main-DUSE_EXPAT -I../TSRM -g -O2 -pref er-pic -c -o zend_language_parser.lo `test -f zend_language_parser.c || echo './'`zend_language_parser.c In file included from zend.h:180, from zend_compile.h:24, from ./zend_language_parser.y:31: zend_hash.h:119: syntax error before `va_list' In file included from zend.h:181, from zend_compile.h:24, from ./zend_language_parser.y:31: zend_llist.h:34: syntax error before `va_list' In file included from zend_compile.h:24, from ./zend_language_parser.y:31: zend.h:263: syntax error before `va_list' zend.h:394: syntax error before `va_list' *** Error code 1 -- James Cox :: [EMAIL PROTECTED] Please CC me when replying to my messages on lists. Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] CVS Account Request: vvtk
Extension for work with System V Messages (IPC), additional to system V semaphores shared memory -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15275 Updated: Apache 1.3.20 won't start with newly compiled PHP 4.1.1
ID: 15275
Comment by: [EMAIL PROTECTED]
Old Reported By: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Apache related
Operating System: SuSE Linux 7.1 Kernel 2.4.2
PHP Version: 4.1.1
New Comment:
Worked out on the problem.
The suggestion to step back to 4.0.6 does also not work.
But I found the root of the problem.
Those error-systems were glibc 2.1.x based.
After upgrading to glibc 2.2.5 / and all other aditional tools (gcc to
2.95.3, binutils, automake, autoconf, gettext)
everz this is reallz working fine again.
Simply works.
Perhaps drop a notice for other users ?
mfG
J. Sauer
Previous Comments:
[2002-01-31 10:14:27] [EMAIL PROTECTED]
This is the config:
./configure \
--prefix=/usr \
--sbindir=/usr/sbin \
--bindir=/usr/bin \
--libexecdir=/usr/lib/apache/modules \
--datadir=/home/fileserver/documents \
--sysconfdir=/etc/httpd \
--with-config-file-path=/etc/httpd/php.ini \
--localstatedir=/var \
--with-apxs=/usr/sbin/apxs \
--enable-ftp \
--with-ftp \
--enable-versioning \
--enable-tracking-vars \
--enable-url-includes \
--enable-sysvshm \
--enable-sysvsem \
--with-sapdb=/usr/sapdb/depend \
--with-gdbm \
--enable-trans-sid \
--enable-magic-quotes \
--enable-libgcc \
--enable-calendar \
--disable-mysql \
--with-mysql=no \
--with-gnu-ld \
--enable-ftp \
--with-ndbm \
--with-dbase \
--with-gettext \
--with-gd \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--with-zlib-dir=/usr \
--enable-memory-limit
Core Dump occour on start up.
Last words off
strace -f httpd
-
mprotect(0x4071a000, 56752, PROT_NONE) = 0
old_mmap(0x4071a000, 49152, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED, 4, 0x33000) = 0x4071a000
old_mmap(0x40726000, 7600, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40726000
close(4)= 0
mprotect(0x40617000, 217088, PROT_READ|PROT_WRITE) = 0
mprotect(0x40617000, 217088, PROT_READ|PROT_EXEC) = 0
mprotect(0x4045c000, 1400832, PROT_READ|PROT_WRITE) = 0
mprotect(0x4045c000, 1400832, PROT_READ|PROT_EXEC) = 0
mprotect(0x40377000, 630784, PROT_READ|PROT_WRITE) = 0
mprotect(0x40377000, 630784, PROT_READ|PROT_EXEC) = 0
mprotect(0x401e5000, 1212416, PROT_READ|PROT_WRITE) = 0
mprotect(0x401e5000, 1212416, PROT_READ|PROT_EXEC) = 0
getpid()= 22607
getrlimit(RLIMIT_STACK, {rlim_cur=2040*1024, rlim_max=RLIM_INFINITY}) =
0
uname({sys=Linux, node=KBDev1.uk-london, ...}) = 0
rt_sigaction(SIGRT_0, {0x40690f94, [], 0x400}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x40690684, [], 0x400}, NULL, 8) = 0
rt_sigaction(SIGRT_2, {0x4069101c, [], 0x400}, NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [RT_0], NULL, 8) = 0
munmap(0x4034d000, 13070) = 0
--- SIGSEGV (Segmentation fault) ---
My rating:
PHP 4.1.1 + Apache 1.3.22 + Linux 2.2.16 (Redhat 6.2/Cobalt Cube 3) +
SapDB 7.3.00.18 is currently not usable.
Workaround: Step Back to 4.0.6
mfG
Juergen Sauer
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[2002-01-30 11:37:15] [EMAIL PROTECTED]
PHP 4.1.1 Apache 1.3.22 on Cobald Cube 3/Linux 2.2.16, has the same
bug.
Jojo
[2002-01-29 08:46:18] [EMAIL PROTECTED]
Line 224 of http.conf is :
LoadModule php4_modulelibexec/libphp4.so
[2002-01-29 08:34:27] [EMAIL PROTECTED]
Whats is the line 224 on httpd.conf?
[2002-01-29 08:15:34] [EMAIL PROTECTED]
Apache version = 1.3.20
mod_ssl version = 2.8.4 for apache 1.3.20
openssl version = 0.9.6c
C-compiler = gcc version 2.95.2 19991024 (release)
I have first installed openssl, then compiled and installed apache with
mod_ssl support and then compiled PHP 4.1.1 from the official sources,
configuring with the following options:
$ ./configure --with-apxs=/usr/local/apache/current/bin/apxs \
--with-ftp --enable-versioning \
--enable-tracking-vars --enable-url-includes \
--enable-sysvshm --enable-sysvsem \
--with-config-file-path=/etc --without-mysql \
--with-sapdb=/opt/sapdb/interfaces/odbc
This went
Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Herewe try again)
On Fri, 2002-02-01 at 08:10, Manuel Lemos wrote: Hello, Stig S. Bakken wrote: Also, someone may be able to reverse the PHP code to C and create an exe with it (like Perl) . And last, but maybe the future: Web Services with SOAP? It should be not be that hard. There are Java bytecode to C converters, it should not be hard to make Zend bytecode to C conversion. Wishful thinking? :-) Unless I'm mistaken, Java doesn't have eval. Any language with eval needs a runtime environment when executing, even if the rest of the code is converted to C. I am not expert in Java (actually I don't program in Java - MetaL generates it for me if I ever need it), but I suppose that what eval does is what java.lang.Compiler class is for. From what I can see it's related, but I don't think the language design of Zend/PHP is quite up to C generation, at least not yet. I would like nothing more than being proven wrong (by code) though. - Stig -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Herewetry again)
Hello, Stig S. Bakken wrote: Unless I'm mistaken, Java doesn't have eval. Any language with eval needs a runtime environment when executing, even if the rest of the code is converted to C. I am not expert in Java (actually I don't program in Java - MetaL generates it for me if I ever need it), but I suppose that what eval does is what java.lang.Compiler class is for. From what I can see it's related, but I don't think the language design of Zend/PHP is quite up to C generation, at least not yet. I would like nothing more than being proven wrong (by code) though. Maybe. The way I see it may be as easy as translating Zend bytecodes into C code that would have to compiled and linked against libphp and the rest of libraries that may be needed. Regards, Manuel Lemos -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Here we try again)
-Original Message- From: Hartmut Holzgraefe [mailto:[EMAIL PROTECTED]] Sent: 31 January 2002 10:15 To: Sam Liddicott Cc: Stig S. Bakken; Manuel Lemos; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Here we try again) Sam Liddicott wrote: The Zend Open Source license http://www.php.net/license/ZendGrant/ZendGrant3.png and http://www.php.net/license/ZendGrant/ZendGrant4.png (see 5a) you MUST provide the source to software which links with it. It will take lawyers to decide if compiled php which requires the runtime to run is included. have you had a look on php4/Zend/LICENSE lately ? ;) Yes, I checked it minutes before sending out my mail. Have you? Sam -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15321: GPC/EGPCS Problem
From: [EMAIL PROTECTED] Operating system: Windows NT (SAPI Implementation) PHP version: 4.1.1 PHP Bug Type: Unknown/Other Function Bug description: GPC/EGPCS Problem The GPC order is not maintained. PHP takes Cookies first and then Get. deepak -- Edit bug report at: http://bugs.php.net/?id=15321edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Herewe try again)
Manuel Lemos wrote: Unless I'm mistaken, Java doesn't have eval. Any language with eval needs a runtime environment when executing, even if the rest of the code is converted to C I am not expert in Java (actually I don't program in Java - MetaL generates it for me if I ever need it), but I suppose that what eval does is what java.lang.Compiler class is for. java.lang.compiler is a little different ... 1) Java *has* a complete runtime environment available at runtime, the JVM and the standard classes, that's why JVMs tend to be so big and have a rather large startup time overhead 2) java.lang.Compiler takes a java source file and compiles it into a class file, so the result is persistent and you have to have your code wrapped up to a complete class, write it to filesystem, compile it, load the compiled class into the JVM and then execute eval just executes statements within the eingine, and what you pass to it has to be just a complete statement, not a whole class -- Hartmut Holzgraefe [EMAIL PROTECTED] http://www.six.de +49-711-99091-77 Wir stellen für Sie aus auf der CeBIT 2002 und freuen uns in Halle 6 auf Ihren Besuch am Stand H 18 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: [Apc-cache] Re: [PHP-DEV] NEW PHP standalonecompiler (was Re: [PHP-DEV] Here we try again)
On Fri, 2002-02-01 at 08:34, Manuel Lemos wrote: Hello, Sebastian Bergmann wrote: Michael Kimsal wrote: Perhaps (and I know it's been said before) what is needed is an open engine that could interpret and execute PHP separately from the Zend engine (although they've done a really good job at speed!) The Zend Engine is open. Instead of proposing to break with Zend, why not be more constructive and work on what's already there? Well, George Schlossnagle already proposed to submit APC and other useful extensions for inclusion in PHP. http://news.php.net/article.php?group=php.devarticle=64437 At the time, it was not done because Zeev said it would be necessary to add a directory in PHP tree for extensions that modify the behaviour of Zend engine and it would require a volunteer to do so. http://news.php.net/article.php?group=php.devarticle=64471 George volunteered to do it, but there seems to be no response to his offer after that. http://news.php.net/article.php?group=php.devarticle=64515 So, could George extensions be added to PHP now? Was that directory created or it still needs a volunteer to do it? You have of course hit a very weak spot for PHP here. I agree that it would be great if PHP bundled a bytecode compiler, cache, optimizer etc. But the fact is that Zend, who has contributed no small part of PHP, depend on selling these as commercial products. So if PHP bundles APC and similar extensions, that could put Zend out of business, and Zend would of course resist it. Everyone understands that. Just to make sure you understand (I assume you do, but anyway) the path you're heading down with this message: A deep conflict between Zend and parts or all of the PHP community will not lead to anything productive. It will be ugly, it will hurt PHP's public image, and it will make contributors leave. You, as one who speaks fondly about good marketing, should know better than to start this. The Zend/PHP relation _is_ tricky, and I don't claim to have a simple solution for the situation. One can argue a lot back and forth about whether Zend has PHP locked in and so on, but the fact is that there is a delicate symbiosis between Zend and PHP, and IMHO it would be very dangerous to start ripping that apart. - Stig -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Here we try again)
Sam Liddicott wrote: have you had a look on php4/Zend/LICENSE lately ? ;) Yes, I checked it minutes before sending out my mail. Have you? so you've noticed the difference between CVS revision 1.5 and 1.6 of that file? -- Hartmut Holzgraefe [EMAIL PROTECTED] http://www.six.de +49-711-99091-77 Wir stellen für Sie aus auf der CeBIT 2002 und freuen uns in Halle 6 auf Ihren Besuch am Stand H 18 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] PHP Build System V5 Overview
This is great news, Sascha. I'll go into the thinking box and post some PEAR-related comments this weekend. - Stig On Thu, 2002-01-31 at 15:08, Sascha Schumann wrote: (unrelated to the thread on php-qa) Hi guys, I had some free time yesterday and so commenced to tackle some issues in the current PHP build system which had bothered me for too long. I'm inlining an overview and a description of changes.. feel free to comment. - Sascha Experience IRCG http://schumann.cx/http://schumann.cx/ircg PHP Build System V5 Overview - supports Makefile.ins during migration phase - not-really-portable Makefile includes have been eliminated - supports seperate build directories without VPATH by using explicit rules only - does not waste disk-space/CPU-time for building temporary libraries = especially noticeable on slower systems - slow recursive make replaced with one global Makefile - eases integration of proper dependencies - abandoning the one library per directory concept - improved integration of the CLI - several new targets build-modules: builds and copies dynamic modules into modules/ install-cli: installs the CLI only, so that the install-sapi target does only what its name says - finally abandoned automake (still requires aclocal at this time) The Reason For a New System It became more and more apparent that there is a severe need for addressing the portability concerns and improving the chance that your build is correct (how often have you been told to make clean after reconfiguring? When this is over, you won't need to anymore). If You Build PHP on a Unix System You, as a user of PHP, will notice no changes. Of course, the build system will be faster, look better and work smarter. If You Are Developing PHP Extension developers: Makefile.ins are abandoned. The files which are to be compiled are specified in the config.m4 now using the following macro: PHP_NEW_EXTENSION(foo, foo.c bar.c baz.cpp, $ext_shared) E.g. this enables the extension foo which consists of three source-code modules, two in C and one in C++. And dependending on the user's wishes, the extension will even be built as a dynamic module. The full syntax: PHP_NEW_EXTENSION(extname, sources [, shared [,sapi_class[, extra-cflags]]]) Please have a look at acinclude.m4 for the gory details and meanings of the other parameters. And that's basically it for the extension side. If you previously built sub-libraries for your module, add the source-code files of the sub-libs here as well. If you need to specify separate include directories, do it this way: PHP_NEW_EXTENSION(foo, foo.c mylib/bar.c mylib/gregor.c,,,-I@ext_srcdir@/lib) E.g. this builds the three files which are located relatively to the extension source directory and compiles all three files with the special include directive (@ext_srcdir@ is automatically replaced). Now, you need to tell the build system that you want to build files in a directory called $ext_builddir/lib: PHP_ADD_BUILD_DIR($ext_builddir/lib) Make sure to call this after PHP_NEW_EXTENSION, because $ext_builddir is only set by the latter. If you have a complex extension, you might to need add special Make rules. You can do this by calling PHP_ADD_MAKEFILE_FRAGMENT in your config.m4 after PHP_NEW_EXTENSION. This will read a file in the source-dir of your extension called Makefile.frag. In this file, $(builddir) and $(srcdir) will be substituted by the values which are correct for your extension and which are again determined by the PHP_NEW_EXTENSION macro. Make sure to prefix *all* relative paths correctly with either $(builddir) or $(subdir). Because the build system does not change the working directory anymore, we must use either absolute paths or relative ones to the top build-directory. Correct prefixing ensures that. SAPI developers: Instead of setting PHP_SAPI=foo, you will need to type PHP_SELECT_SAPI(foo, foo.c bar.c) I.e. specify the source-code files as above. *IMPORTANT*: _Before_ invoking that macro it is essential that you either call PHP_BUILD_SHARED, PHP_BUILD_STATIC or PHP_BUILD_PROGRAM. Otherwise the source-code files might be built wrongly. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15220 Updated: unserialize() failed at offset X of X bytes
ID: 15220
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Feedback
Bug Type: Unknown/Other Function
Operating System: Linux
PHP Version: 4.1.1
New Comment:
So sorry, the bug was in my db settings.
Sorry I wasted your time !
Previous Comments:
[2002-01-25 15:21:14] [EMAIL PROTECTED]
I ran the two following scripts, to generate 100MB of random data, and
pass it through serialize/unserialize. diff told me both output files
were exactly the same.
?php
$max = 1024*1024*100;
$f = fopen(./rnd-data, w);
for($i=0; $i$max; $i++) {
fputs($f, chr(rand(0,255)));
}
fclose($f);
?
?php
$f = fopen('./rnd-data', 'r');
$data = fread($f, 1024*1024*100+1);
fclose($f);
$f = fopen('./rnd-output', 'w');
fputs($f, unserialize(serialize($data)));
fclose($f);
?
Are you sure the data gets stored and retrieved correctly?
(btw tested with 4.1.1 on Debian (Sid) Linux)
[2002-01-25 12:47:28] [EMAIL PROTECTED]
I use this script :
?
require($_SERVER[DOCUMENT_ROOT]./lib/db.phtml);
function error_control ($errno, $errstr, $errfile, $errline) {
$errortype = array (
1= Error,
2= Warning,
4= Parsing Error,
8= Notice,
16 = Core Error,
32 = Core Warning,
64 = Compile Error,
128 = Compile Warning,
256 = User Error,
512 = User Warning,
1024 = User Notice
);
//
print(BR.$errortype[intval($errno)]. : .$errstr.BRFile :
.$errfile.BRLine : .$errline);
}
error_reporting(E_ALL);
$error_handler = set_error_handler(error_control);
print(TABLE BORDER=\1\\n);
$SQL = SELECT id, error_data FROM unserialize;
$RS = mysql_query($SQL, db_conn);
while ($RSarray = mysql_fetch_row($RS)) {
unserialize($RSarray[1]);
print(TR);
print(TD.$RSarray[0]./TD);
print(TD.$RSarray[1]./TD);
print(/TR\n);
}
print(/TABLE\n);
?
[2002-01-25 12:38:42] [EMAIL PROTECTED]
I can provide the data that failed here :
http://www.eksperten.dk/bug.phtml
Is that ok, otherwise let me know !
[2002-01-25 11:54:03] [EMAIL PROTECTED]
Can you supply some (malicious) sample data (in- and output of
(un)serialize) along with a simple samplescript?
[2002-01-25 05:36:03] [EMAIL PROTECTED]
I use this @ www.eksperten.dk
Let me know if I can help with anything !
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15220
Edit this bug report at http://bugs.php.net/?id=15220edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15220 Updated: unserialize() failed at offset X of X bytes
ID: 15220
Updated by: derick
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Bogus
Bug Type: Unknown/Other Function
Operating System: Linux
PHP Version: 4.1.1
New Comment:
oh! oh! oh! :)
Bogusifying then...
Derick
Previous Comments:
[2002-02-01 07:55:07] [EMAIL PROTECTED]
So sorry, the bug was in my db settings.
Sorry I wasted your time !
[2002-01-25 15:21:14] [EMAIL PROTECTED]
I ran the two following scripts, to generate 100MB of random data, and
pass it through serialize/unserialize. diff told me both output files
were exactly the same.
?php
$max = 1024*1024*100;
$f = fopen(./rnd-data, w);
for($i=0; $i$max; $i++) {
fputs($f, chr(rand(0,255)));
}
fclose($f);
?
?php
$f = fopen('./rnd-data', 'r');
$data = fread($f, 1024*1024*100+1);
fclose($f);
$f = fopen('./rnd-output', 'w');
fputs($f, unserialize(serialize($data)));
fclose($f);
?
Are you sure the data gets stored and retrieved correctly?
(btw tested with 4.1.1 on Debian (Sid) Linux)
[2002-01-25 12:47:28] [EMAIL PROTECTED]
I use this script :
?
require($_SERVER[DOCUMENT_ROOT]./lib/db.phtml);
function error_control ($errno, $errstr, $errfile, $errline) {
$errortype = array (
1= Error,
2= Warning,
4= Parsing Error,
8= Notice,
16 = Core Error,
32 = Core Warning,
64 = Compile Error,
128 = Compile Warning,
256 = User Error,
512 = User Warning,
1024 = User Notice
);
//
print(BR.$errortype[intval($errno)]. : .$errstr.BRFile :
.$errfile.BRLine : .$errline);
}
error_reporting(E_ALL);
$error_handler = set_error_handler(error_control);
print(TABLE BORDER=\1\\n);
$SQL = SELECT id, error_data FROM unserialize;
$RS = mysql_query($SQL, db_conn);
while ($RSarray = mysql_fetch_row($RS)) {
unserialize($RSarray[1]);
print(TR);
print(TD.$RSarray[0]./TD);
print(TD.$RSarray[1]./TD);
print(/TR\n);
}
print(/TABLE\n);
?
[2002-01-25 12:38:42] [EMAIL PROTECTED]
I can provide the data that failed here :
http://www.eksperten.dk/bug.phtml
Is that ok, otherwise let me know !
[2002-01-25 11:54:03] [EMAIL PROTECTED]
Can you supply some (malicious) sample data (in- and output of
(un)serialize) along with a simple samplescript?
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15220
Edit this bug report at http://bugs.php.net/?id=15220edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15322: php.ini : session.use_trans_sid=0 disables ?=SID? session-id creation too
From: [EMAIL PROTECTED] Operating system: SuSe 7.3 PHP version: 4.1.1 PHP Bug Type: Session related Bug description: php.ini : session.use_trans_sid=0 disables ?=SID? session-id creation too Before 4.1.x I didn't compile with --enable-trans-sid and used instead the ?=SID? expression on pages very often. With the new releases and --enable-trans-sid as default I now get the session-id twice on every link which is the expected behaviour on first hand. I didn't want to edit all pages. My idea was to set session.use_trans_sid=0 in php.ini to disable the auto-session generation. After this, even ?=SID? does no longer generate a session-id, which seems to be a bug!? The only quick hack for the moment was to have session.use_trans_sid=1 and to modify the url_rewriter.tags in php.ini: Original: url_rewriter.tags = a=href,area=href,frame=src,input=src,form=fakeentry Modified: url_rewriter.tags = area=href,frame=src,input=src,form=fakeentry Is the new behaviour a feature or a bug? Guenther -- Edit bug report at: http://bugs.php.net/?id=15322edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] IP based redirection
Could you please help us, to redirect some of our pages to based on IP address. We have used SmartRedirect program but it is not working on with some of our ISP's IP address. We are located at India, and like to have some language specific pages to be displayed to our Indian user while english language to other world. Thanks, Hemant Kumar DInsol.com http://www.dinsol.com/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Build failure on BSD (current cvs)
Hi, On Fri, 1 Feb 2002 09:28:31 - James Cox [EMAIL PROTECTED] wrote: Is it just me having a really shitty day, or has anyone else noticed that current CVS fails on BSD? yep. FreeBSD 4.4-Release. remaining this for the qa people (I put a CC to php-qa) Athena:~/packages/php4# make Making all in Zend /bin/sh ../libtool --silent --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../main-DUSE_EXPAT -I../TSRM -g -O2 -pref er-pic -c -o zend_language_parser.lo `test -f zend_language_parser.c || echo './'`zend_language_parser.c In file included from zend.h:180, from zend_compile.h:24, from ./zend_language_parser.y:31: zend_hash.h:119: syntax error before `va_list' In file included from zend.h:181, from zend_compile.h:24, from ./zend_language_parser.y:31: zend_llist.h:34: syntax error before `va_list' In file included from zend_compile.h:24, from ./zend_language_parser.y:31: zend.h:263: syntax error before `va_list' zend.h:394: syntax error before `va_list' *** Error code 1 Jan -- Q: Thank Jan? A: http://geschenke.an.dasmoped.net/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15323: pg_connect failing on iPlanet 4.1 nsapi
From: [EMAIL PROTECTED]
Operating system: Solaris 2.8
PHP version: 4.1.1
PHP Bug Type: PostgreSQL related
Bug description: pg_connect failing on iPlanet 4.1 nsapi
Revisiting bug #15282, I am unable to connect to a remote PostgreSQL
database using server parsed php. I can connect when the script is run:
a). On the command line
b). As a CGI binary
c.) Using a perl script
d.) Using psql
Postmaster on the remote server IS running with the '-i' option, even
though the error message in the web server logs reads:
[29/Jan/2002:22:50:18] info (14848): for host b-39-117-res1.mts.net
trying to POST /members.php, PHP_log_message reports: PHP Warning:
Unable to connect to PostgreSQL server: connectDBStart() --
connect()
failed: No such file or directory
Is the postmaster running (with -i) at 'db1'
and accepting connections on TCP/IP port 5432?
in /usr/local/etc/httpd/htdocs/cardp.ca/members.php on line 100
No other errors appear and the server keeps on running.
The results of running snoop on the interfaces reveals that instead of the
expected SYN/ACK, the system initiating the connection sends SYN/RST.
The connection fails identically when using either pg_connect or
pg_pconnect.
Php configuration is as shown below, taken from the original report. As
well, the contents of the script are included.
After the bug had been closed as bogus, I asked [EMAIL PROTECTED] if he
could be more specific in his diagnosis that this behaviour is expected
and in the manual. His only reply was that postgres needs to be run using
the -i option, which I have already stated is the case. If it weren't,
none of the other connections would suceed either.
Connections from the sames server to the same remote database using mysql
as the database do not fail. Niether does running the script using apache
as the web server. Unfortunately, these are not valid options in our
production environment.
Any insight would be greatly appreciated.
- Dave Ruppel
From bug #15282:
[29 Jan 1:56pm] [EMAIL PROTECTED]
When attempting to connecting to a remote database using
pg_connect(host=dbhost user=dbuser dbname=dbname), the operation
fails.
I can connect using psql from the command line or through a perl
script
as any user. Running php as a CGI binary also works. However, when
running as an nsapi, the connection fails. A quick look using snoop
shows that the failed connection appears to be sending SYN/RST
instead
of SYN/ACK (which is what is seen during a successful connection).
Here's my system details:
OS: Solaris 2.8
Web Server: iPlanet 4.1
PHP version: php 4.1.1
PHP configure options:
./configure --with-nsapi=/usr/local/iws41 \
--with-pgsql=/usr/local/pgsql \
--enable-libgcc
PostgreSQL version: 7.0.3
For what it's worth, connections to a mysql database between the
same
systems works without a hitch.
Any suggestions would be appreciated.
[29 Jan 8:42pm] [EMAIL PROTECTED]
Could you take a look at web server error log?
Do you have anything related? (segfault, etc)
Could you run iPlanet under gdb? (to see if it is exting or
segfaulting)
Do you quote connection string?
Do you get any error message from pg_connect?
Do you have multiple libpq? (find / -name libpq*)
Do you have the same problem with snapshot?
http://snaps.php.net/
Attach *complete* script even if it is a few lines next time.
[30 Jan 12:11am] [EMAIL PROTECTED]
I've also tried using the current CVS (01/26/2002) with no luck. The
are
no multiple copies of libpq, it's a new system.
I haven't tried running iPlanet under gdb yet, that'll be something
to
try tommorow.
In the mean time, here's the error from the logs:
[29/Jan/2002:22:50:18] info (14848): for host b-39-117-res1.mts.net
trying to POST /members.php, PHP_log_message reports: PHP Warning:
Unable to connect to PostgreSQL server: connectDBStart() --
connect()
failed: No such file or directory
Is the postmaster running (with -i) at 'db1'
and accepting connections on TCP/IP port 5432?
in /usr/local/etc/httpd/htdocs/cardp.ca/members.php on line 100
No other errors appear and the server keeps on running.
The source of the script (sans-HTML) calling the database follows:
?
$db = pg_connect(host='db1' user='cardp' dbname='cardp');
if(!$db) {
echo \nAn error occured connecting to the
database.\n;
exit;
}
Re: [PHP-DEV] Build failure on BSD (current cvs)
On Fri, Feb 01, 2002 at 09:28:31AM -, James Cox wrote: Is it just me having a really shitty day, or has anyone else noticed that current CVS fails on BSD? I have the same problem here, but I haven't had the time to investigate it in detail yet. Hopefully, it will look obvious to the person that broke things. After spending a couple of hours making sure that PHP4 cvs builds cleanly on Solaris last week, I'm beginning to wonder whether the PHP developers need to be reminded that all the world is not running GNU/Linux. -- Jon Parise ([EMAIL PROTECTED]) . Information Technology (2001) http://www.csh.rit.edu/~jon/ : Computer Science House Member -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: [Apc-cache] Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Here we try again)
--- Stig S. Bakken [EMAIL PROTECTED] wrote: You have of course hit a very weak spot for PHP here. I agree that it would be great if PHP bundled a bytecode compiler, cache, optimizer etc. But the fact is that Zend, who has contributed no small part of PHP, depend on selling these as commercial products. So if PHP bundles APC and similar extensions, that could put Zend out of business, and Zend would of course resist it. Everyone understands that. Just to make sure you understand (I assume you do, but anyway) the path you're heading down with this message: A deep conflict between Zend and parts or all of the PHP community will not lead to anything productive. It will be ugly, it will hurt PHP's public image, and it will make contributors leave. You, as one who speaks fondly about good marketing, should know better than to start this. The Zend/PHP relation _is_ tricky, and I don't claim to have a simple solution for the situation. One can argue a lot back and forth about whether Zend has PHP locked in and so on, but the fact is that there is a delicate symbiosis between Zend and PHP, and IMHO it would be very dangerous to start ripping that apart. I cannot agree with that. Zend appears to be a solid company with a very good vision of the future for PHP. As a business they know that they will eventually have competition from other vendors and open source projects. That is why they are writing other software in addition to the Zend Encoder. It is never a good reason not work on a project just to protect a company. It is the company's responsibility to protect itself. The Zend people will not stop working with the PHP community just because of an alternative PHP encoding tool. They will just improve their existing encoding tool and adjust their pricing scheme just as any other company would. Given that I believe that Manuel should continue his effort to drive this effort for an alternative encoding tool without feeling guilty about doing so. Manuel as well as all of those working for the Zend company are just trying to make a living and improve PHP at the same time. Brent __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #5370 Updated: Session won't pass any variables in this platform.
ID: 5370
Comment by: [EMAIL PROTECTED]
Old Reported By: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Feedback
Bug Type: Session related
Operating System: Windows 98
PHP Version: 4.0.1pl2
New Comment:
I'm getting this error msg:
Warning: open(/tmp\sess_021e6dafeb513b539d491681bfc95c73, O_RDWR)
failed: No such file or directory (2) in c:\programme\apache
group\apache\htdocs\voba_wangen\inc.frontend.funcs.php on line 468
on our linux machine it works great. only win98 sucks :(
i tried to set an absolute path like [EMAIL PROTECTED] said, but it didn't
help :(
Previous Comments:
[2002-01-14 15:12:48] [EMAIL PROTECTED]
FAT 32 bit
modified time?
Where is the registration form on this site?
[2002-01-12 20:57:31] [EMAIL PROTECTED]
What kind of FAT file system are you using?
(i.e. Does the file system support modified time?)
I believe you are using newer PHP, don't you? Please update Version
field.
PS: Change status to Open if you reopen bug report :)
[2002-01-12 04:25:08] [EMAIL PROTECTED]
Don't use the testing program I posted, I forgot it was tied to a
database.
[2002-01-12 03:46:20] [EMAIL PROTECTED]
I get these 3 warnings on Windows 98 4.10.A, Apache 1.3.14, PHP
4.0.3pl1:
Warning: open(\tmp\sess_906cf0440e666cf0f87ea4bbee139c97, O_RDWR)
failed: m (2) in c:\program files\Apache
Group\Apache\htdocs/session2.php on line 2
Warning: open(\tmp\sess_906cf0440e666cf0f87ea4bbee139c97, O_RDWR)
failed: m (2) in Unknown on line 0
Warning: Failed to write session data (files). Please verify that the
current setting of session.save_path is correct (\tmp) in Unknown on
line 0
The following solved the problem:
Make sure you are editing the php.ini file found in the Php\ directory,
not in the windows\ directory.
Set the session.save_path to an absolute path, relative paths (like
/tmp) don't work.
For example:
session.save_path = C:\Program Files\Apache Group\Apache\htdocs\tmp
I used this prog for testing:
?php
session_start();
session_register(your_name);
if(!empty($your_name))
{
echo I already know your name, $your_name;
}
elseif(empty($your_name)!isset($submit))
{
echo form name=myform method=post action=$PHP_SELF
input type=text name=first_name first namebr
input type=text name=last_name last namebr
input type=submit name=submit value=submit
/form;
}
elseif(isset($submit)empty($your_name))
{
$your_name=$first_name . . $last_name;
echo Thank you, $your_name;
}
?
[2000-08-01 22:43:39] [EMAIL PROTECTED]
no feedback, closed
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=5370
Edit this bug report at http://bugs.php.net/?id=5370edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15324: CGI version (php.exe) times out
From: [EMAIL PROTECTED] Operating system: Win2K PHP version: 4.1.1 PHP Bug Type: Reproducible crash Bug description: CGI version (php.exe) times out I attempted to use php.exe (with IIS) rather than the ISAPI module of PHP 4.1.1, as the ISAPI consistently crashes after laying dormant for a period of time in IIS. This bug is alluded to in the latest release notes, and I don't believe it has been solved. Having been warned that the ISAPI is not stable, I decided to run the CGI. I followed the installation instructions, and granted execute access for c:\php to IISUSR_computername Problem is, the exe hangs and eventually produces a timeout error in IIS. I am using file includes on each of my pages. Error: The script started from the URL '/index.php' with parameters '' has not responded within the configured timeout period. The HTTP server is terminating the script. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. Confused... -- Edit bug report at: http://bugs.php.net/?id=15324edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Here we try again)
- Add an API function that can compile arbitrary PHP scripts. How do you want to handle includes or evals in the code to be compiled? This is a majopr problem I see with a naive standalone compiler. - Add an API function for loading arbitrary compiled code. somewhat trickier. - If possible these should take source input and generating compiled output to string so we can handle input and output data from other sources besides files. wouldn't be too hard, modulo the above. These would be the basic this that would be necessary. Around this we could build other tools like GUI interfaces from compiling sources in batches, building distribution archives, self extracting and installable PHP applications, etc... Now, for something probably more challenging: could the compiled output be fed to Zend Optimizer somehow and get an optimized compiled output that could be saved, loaded and executed the same way as the non-optimized compiled output? No idea. closed source product. :) How Open Source is APC? Do you take volunteers help (patches, hackers with CVS accounts, bug reports, etc..)? APC is completely open-source (release under QPL). Patches are awesome. CVS write-access is only for maintainers at the moment (and anon cvs to the world). There's noo hard-and-fast rule, but the base guideline for maintainer status is contribution fixes/patches of consistent merit and of more than 10% of the code base. Great. And if PHP developers agree, would you be interested in integrating APC extension in PHP, with PHP license of course? I have no problems with relicensing APC, and I've offered before to contribute it to the php group, and it was turned down. I can give further details off-list, if you are interested. I looked at all free cache engines (PHPA, APC, Bware). PHPA seems to be going to non-Open Source route (no code available for everybody). Bware people are nice and are willing to cooperate even if they don't have much time. APC, I could not realize how alive the the project is. Do you actively work on it or are you too busy? I haven't been very active since October (wish I could say it was a vacation, but alas, it was just work). In about 3 weeks, I should have much much more free time and hopefully be able to get back to being very active in apc. Ok, that's normal with everybody these days. Anyway, as I said I have been getting a lot of support to provide a free PHP compiler/optimizer/cache/encoder. So, this will not go forward for the lack of will and contributed work. That's great news. Keep up the good work, Manuel Lemos // George Schlossnagle // 1024D/1100A5A0 1370 F70A 9365 96C9 2F5E 56C2 B2B9 262F 1100 A5A0 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: [Apc-cache] Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Here we try again)
Well, George Schlossnagle already proposed to submit APC and other useful extensions for inclusion in PHP. http://news.php.net/article.php?group=php.devarticle=64437 At the time, it was not done because Zeev said it would be necessary to add a directory in PHP tree for extensions that modify the behaviour of Zend engine and it would require a volunteer to do so. Actually the proposal was to generate a document section for zend_extensions, which I offered to take up and never got around to (bad george). Inclusion of actual zend_extensions in the code base was rejected. http://news.php.net/article.php?group=php.devarticle=64471 George volunteered to do it, but there seems to be no response to his offer after that. http://news.php.net/article.php?group=php.devarticle=64515 So, could George extensions be added to PHP now? Was that directory created or it still needs a volunteer to do it? Regards, Manuel Lemos -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] // George Schlossnagle // Director of Operations // Community Connect, Inc. // 1024D/1100A5A0 1370 F70A 9365 96C9 2F5E 56C2 B2B9 262F 1100 A5A0 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15325: mssql_query returns early
From: [EMAIL PROTECTED] Operating system: Windows 2000 Server PHP version: 4.1.1 PHP Bug Type: MSSQL related Bug description: mssql_query returns early Running the 4.1.1 binaries from php.net: Using mssql_query() to issue a backup statement doesn't work $conn = msssql_connect(localhost, sa, ) or die(bad); $sql = BACKUP DATABASE Northwind TO DC_Northwind; $result = mssql_query($sql, $conn); mssql_close($conn); sets $result to 1 and the script prints: MS SQL message: Cannot create worker thread. (severity 16) in Unknown on Line 0 MS SQL message: BACKUP DATABASE is terminating abnormally. (severity 16) in Unknown on Line 0 Then a dialog box reports: The instruction at 0x100a0f9d referenced memory at 0x. The memory cannot be written. SQL Profiler confirms that the backup failed. If a sleep(25) is placed after the call to mssql_query(): 1) The warning messages aren't displayed 2) The backup actually succeeds but 3) The dialog box still appears (and the script terminates). Using the 4.0.6 binaries from the web site the backup behaves identically, BUT the dialog box does not appear and the script terminates cleanly. The SQL Server has all service packs installed and the backup commands work without problem from the query analyzer or isql.exe -- Edit bug report at: http://bugs.php.net/?id=15325edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] [PROPOSAL] defense against session takeovers
[PROBLEM] Sessions can easily be taken over by other, malicious users. All you need is the session-id and you're done. User who have read-access to the directory where PHP stores it's session-data, can read the ids directly from the filenames. I don't think many administrators are aware of the security risks involved in storing sessions in world-readable directories (like /tmp, which is the default by now). As you'll understand, the possibility of taking over sessions, and that way claiming to be somebody else, can be a serious security hazard. There is a workaround, but IMO, PHP should be as secure as possible without a tricky configuration. Note: this problem is only valid for filebased sessions. [WORKAROUND] A workaround is to create a directory which is only readable by the user who runs the webserver. [PROPOSAL] Instead of directly using the session-id, an alternate id which depends on the session-id and possibly some client-specific data should be used to construct a filename to store the session data. A good option would be, IMO, creating a MD5 hash of the session-id and some client-specific data, like his IP address. That MD5 hash will be the alternate id used to construct the filename to store the session data. [ADVANTAGES] No tricky configuration necessary to assure a safe session-setup. [DISADVANTAGES] There's a slight overhead involved in creating the hash to construct the filename with the session data for each request. Unfortunately my C skills and my knowlegde of PHP internals are by far not supporting to implement this. However, I would like hear any reactions on this proposal. Sander -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15178 Updated: ob_implicit_flush is broken
ID: 15178 Updated by: sander Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Output Control Operating System: Linux PHP Version: 4.0CVS-2002-01-23 New Comment: It works fine for me now... Apache 1.3.22, yesterday's CVS, on Debian (Sid) Linux. Previous Comments: [2002-01-23 02:55:05] [EMAIL PROTECTED] Following script does not print This is a test on my browser :( Apache 1.3.22 --- begin --- ?php ob_implicit_flush(); echo This is a test; ? --- end --- It may be time for making 4.2.0-dev stable :) Edit this bug report at http://bugs.php.net/?id=15178edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [PROPOSAL] defense against session takeovers
Bringing the user's ip into the mix is going to cause all sorts of hard to track down problems as many many people do not have static ips. Having a session break because their lease expires and they are assigned a new one will confuse everyone. As far as I am concerned this is a documentation issue. -Rasmus On Fri, 1 Feb 2002, Sander Roobol wrote: [PROBLEM] Sessions can easily be taken over by other, malicious users. All you need is the session-id and you're done. User who have read-access to the directory where PHP stores it's session-data, can read the ids directly from the filenames. I don't think many administrators are aware of the security risks involved in storing sessions in world-readable directories (like /tmp, which is the default by now). As you'll understand, the possibility of taking over sessions, and that way claiming to be somebody else, can be a serious security hazard. There is a workaround, but IMO, PHP should be as secure as possible without a tricky configuration. Note: this problem is only valid for filebased sessions. [WORKAROUND] A workaround is to create a directory which is only readable by the user who runs the webserver. [PROPOSAL] Instead of directly using the session-id, an alternate id which depends on the session-id and possibly some client-specific data should be used to construct a filename to store the session data. A good option would be, IMO, creating a MD5 hash of the session-id and some client-specific data, like his IP address. That MD5 hash will be the alternate id used to construct the filename to store the session data. [ADVANTAGES] No tricky configuration necessary to assure a safe session-setup. [DISADVANTAGES] There's a slight overhead involved in creating the hash to construct the filename with the session data for each request. Unfortunately my C skills and my knowlegde of PHP internals are by far not supporting to implement this. However, I would like hear any reactions on this proposal. Sander -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] CVS Account Request: rbenea
To help on the translation of the PHP manual in Romanian language -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15315 Updated: german special chars
ID: 15315 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: MSSQL related Operating System: W2K Pro PHP Version: 4.0.6 Edit this bug report at http://bugs.php.net/?id=15315edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15315 Updated: german special chars
ID: 15315 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: MSSQL related Operating System: W2K Pro PHP Version: 4.0.6 New Comment: Sorry, not really a bug. Previous Comments: [2002-01-31 10:11:10] [EMAIL PROTECTED] PHP doesn't return german special chars like ä,ö,ü which comes from MSSQL server, it prints instead. Edit this bug report at http://bugs.php.net/?id=15315edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15315 Updated: german special chars
ID: 15315 Updated by: cnewbill Reported By: [EMAIL PROTECTED] Old Status: Closed Status: Bogus Bug Type: MSSQL related Operating System: W2K Pro PHP Version: 4.0.6 New Comment: No bug = Bogus :) Previous Comments: [2002-02-01 13:04:07] [EMAIL PROTECTED] Sorry, not really a bug. [2002-01-31 10:11:10] [EMAIL PROTECTED] PHP doesn't return german special chars like ä,ö,ü which comes from MSSQL server, it prints instead. Edit this bug report at http://bugs.php.net/?id=15315edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [PROPOSAL] defense against session takeovers
Also, ISPs (like AOL) who use farms of proxy caches will change a users apparent ip during a single session. (i.e. concurrent requests may come from different ips). George On Friday, February 1, 2002, at 11:58 AM, Rasmus Lerdorf wrote: Bringing the user's ip into the mix is going to cause all sorts of hard to track down problems as many many people do not have static ips. Having a session break because their lease expires and they are assigned a new one will confuse everyone. As far as I am concerned this is a documentation issue. -Rasmus On Fri, 1 Feb 2002, Sander Roobol wrote: [PROBLEM] Sessions can easily be taken over by other, malicious users. All you need is the session-id and you're done. User who have read-access to the directory where PHP stores it's session-data, can read the ids directly from the filenames. I don't think many administrators are aware of the security risks involved in storing sessions in world-readable directories (like /tmp, which is the default by now). As you'll understand, the possibility of taking over sessions, and that way claiming to be somebody else, can be a serious security hazard. There is a workaround, but IMO, PHP should be as secure as possible without a tricky configuration. Note: this problem is only valid for filebased sessions. [WORKAROUND] A workaround is to create a directory which is only readable by the user who runs the webserver. [PROPOSAL] Instead of directly using the session-id, an alternate id which depends on the session-id and possibly some client-specific data should be used to construct a filename to store the session data. A good option would be, IMO, creating a MD5 hash of the session-id and some client-specific data, like his IP address. That MD5 hash will be the alternate id used to construct the filename to store the session data. [ADVANTAGES] No tricky configuration necessary to assure a safe session-setup. [DISADVANTAGES] There's a slight overhead involved in creating the hash to construct the filename with the session data for each request. Unfortunately my C skills and my knowlegde of PHP internals are by far not supporting to implement this. However, I would like hear any reactions on this proposal. Sander -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: php-list- [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] // George Schlossnagle // Director of Operations // Community Connect, Inc. // 1024D/1100A5A0 1370 F70A 9365 96C9 2F5E 56C2 B2B9 262F 1100 A5A0 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] [patch] safe_mode_include_dir
Hello ... It's been a while since I've actively been
committing to PHP. So I thought I'd run this by everyone
first.
This is a patch to change the behavior of the PHP.INI
directive safe_mode_include_dir (which I added about 6
months ago). As it is currently, safe_mode_include_dir
takes a single directory (ie. /usr/local/lib/php) and
bypasses UID/GID checks on files included from that
directory.
This patch changes the behavior to allow a path-style list
of directories to be listed (similar to include_path).
While I was at it, I made the code surrounding the check
much more readable by separating the safe_mode_include_dir
check into a separate function (a la open_base_dir_check).
Since a single directory is a valid path-style string, this
patch is completely backward compatible. Unless I broke
anything in the actual checking, which is another reason I
am posting this before I commit it. I cannot get current
CVS to build, so this patch is off of php-4.1.1, but
applies cleanly to php-cvs.
Thanks,
-James
# Patch to change PHP-4.1.1 to allow multiple
# safe_mode_include_dir directories (PATH-style string)
#
# By James Flemer [EMAIL PROTECTED]
# 2002-02-01
#
--- php-4.1.1/main/fopen_wrappers.h.origSat Aug 4 21:42:43 2001
+++ php-4.1.1/main/fopen_wrappers.h Fri Feb 1 12:38:52 2002
@@ -74,6 +74,8 @@
PHPAPI int php_check_open_basedir(char *path TSRMLS_DC);
PHPAPI int php_check_specific_open_basedir(char *basedir, char *path TSRMLS_DC);
+PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC);
+
PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char
**opened_path TSRMLS_DC);
PHPAPI int php_is_url(char *path);
--- php-4.1.1/main/fopen_wrappers.c.origSat Aug 4 21:42:43 2001
+++ php-4.1.1/main/fopen_wrappers.c Fri Feb 1 12:45:04 2002
@@ -221,6 +221,57 @@
}
/* }}} */
+/* {{{ php_check_safe_mode_include_dir
+ */
+PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC)
+{
+ /* Only check when safe_mode on and safe_mode_include_dir is available */
+ if (PG(safe_mode) PG(safe_mode_include_dir)
+ *PG(safe_mode_include_dir))
+ {
+ char *pathbuf;
+ char *ptr;
+ char *end;
+ char resolved_name[MAXPATHLEN];
+
+ /* Resolve the real path into resolved_name */
+ if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL)
+ return -1;
+
+ pathbuf = estrdup(PG(safe_mode_include_dir));
+
+ ptr = pathbuf;
+
+ while (ptr *ptr) {
+ end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+ if (end != NULL) {
+ *end = '\0';
+ end++;
+ }
+
+ /* Check the path */
+#ifdef PHP_WIN32
+ if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0)
+#else
+ if (strncmp(ptr, resolved_name, strlen(ptr)) == 0)
+#endif
+ {
+ /* File is in the right directory */
+ efree(pathbuf);
+ return 0;
+ }
+
+ ptr = end;
+ }
+ efree(pathbuf);
+ return -1;
+ }
+
+ /* Nothing to check... */
+ return 0;
+}
+/* }}} */
+
/* {{{ php_fopen_and_set_opened_path
*/
static FILE *php_fopen_and_set_opened_path(const char *path, char *mode, char
**opened_path TSRMLS_DC)
@@ -375,13 +426,10 @@
char *pathbuf, *ptr, *end;
char *exec_fname;
char trypath[MAXPATHLEN];
- char trydir[MAXPATHLEN];
- char safe_mode_include_dir[MAXPATHLEN];
struct stat sb;
FILE *fp;
int path_length;
int filename_length;
- int safe_mode_include_dir_length;
int exec_fname_length;
if (opened_path) {
@@ -406,32 +454,16 @@
* files in safe_mode_include_dir (or subdir) are excluded from
* safe mode GID/UID checks
*/
- *safe_mode_include_dir = 0;
- safe_mode_include_dir_length = 0;
- if(PG(safe_mode_include_dir) VCWD_REALPATH(PG(safe_mode_include_dir),
safe_mode_include_dir)) {
- safe_mode_include_dir_length = strlen(safe_mode_include_dir);
- }
/* Absolute path open */
if (IS_ABSOLUTE_PATH(filename, filename_length)) {
- /* Check to see if file is in safe_mode_include_dir (or subdir) */
- if (PG(safe_mode) *safe_mode_include_dir VCWD_REALPATH(filename,
trypath)) {
-#ifdef PHP_WIN32
- if (strncasecmp(safe_mode_include_dir, trypath,
safe_mode_include_dir_length) == 0)
-#else
- if
[PHP-DEV] Bug #15327: copy() causes bus error with files which change size
From: [EMAIL PROTECTED]
Operating system: Linux 2.4.7-10, Redhat 7.2
PHP version: 4.1.1
PHP Bug Type: Reproducible crash
Bug description: copy() causes bus error with files which change size
The copy() function (actually php_copy_file() at ext/standard/file.c:1934)
uses mmap() when available. The mmap() function has the documented
feature (bug!) that if the file that is mapped is truncated (e.g. by
another process) after mmap() is called, a SIGBUS (bus error) signal is
generated during the write() to the destination file using the mmap'ed
pointer as the source of the write. This, of course, crashes php.
I can not find a workaround for this. I have not been able to find any
combination of flags to pass to mmap such that mmap() will fail gracefully
rather than write() failing non-gracefully. Don't use mmep()? That would
be a shame, but seems to be the solution.
Simple example. Note that /computers/win95 is an smbmount'ed file system.
The file being accessed here, a Window's swap file, is of course changing
all the time.
?php
copy(/computers/win95/C/WINDOWS/WIN386.SWP, /tmp/zzz);
?
Here's a simple C program which replicates what's going on in
php_copy_file()
#include unistd.h
#include errno.h
#include sys/types.h
#include sys/stat.h
#include sys/mman.h
int main(int argc, char * argv[])
{
int fdSrc;
int fdDest;
int len;
charbuf[8192];
void * srcfile;
struct stat sbuf;
if ((fdSrc = open(/computers/win95/C/WINDOWS/WIN386.SWP, 0)) 0)
{
perror(open);
exit(1);
}
if ((fdDest = creat(/tmp/zzz, 0777)) 0)
{
perror(creat);
exit(1);
}
if (fstat(fdSrc, sbuf))
{
perror(fstat);
exit(1);
}
srcfile = mmap(NULL, sbuf.st_size, PROT_READ, MAP_SHARED, fdSrc, 0);
printf(srcfile=%p\n, srcfile);
if (srcfile != (void *) MAP_FAILED)
{
if ((len = write(fdDest, srcfile, sbuf.st_size)) != sbuf.st_size)
{
printf(write returned %d; expected %d\n, len, sbuf.st_size);
}
munmap(srcfile, sbuf.st_size);
}
printf(Success\n);
close(fdSrc);
close(fdDest);
exit(0);
}
--
Edit bug report at: http://bugs.php.net/?id=15327edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [patch] safe_mode_include_dir
Looks ok to me. On Fri, 1 Feb 2002, James E. Flemer wrote: Hello ... It's been a while since I've actively been committing to PHP. So I thought I'd run this by everyone first. This is a patch to change the behavior of the PHP.INI directive safe_mode_include_dir (which I added about 6 months ago). As it is currently, safe_mode_include_dir takes a single directory (ie. /usr/local/lib/php) and bypasses UID/GID checks on files included from that directory. This patch changes the behavior to allow a path-style list of directories to be listed (similar to include_path). While I was at it, I made the code surrounding the check much more readable by separating the safe_mode_include_dir check into a separate function (a la open_base_dir_check). Since a single directory is a valid path-style string, this patch is completely backward compatible. Unless I broke anything in the actual checking, which is another reason I am posting this before I commit it. I cannot get current CVS to build, so this patch is off of php-4.1.1, but applies cleanly to php-cvs. Thanks, -James -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15328: A C-like comma operator would be useful
From: [EMAIL PROTECTED] Operating system: N/A PHP version: 4.1.1 PHP Bug Type: Feature/Change Request Bug description: A C-like comma operator would be useful A C-like comma operator would be useful, to string together series of statements. Example: echo ($precondition ? ( doThisAndDiscardReturnValue(), andDoThisAndReturnReturnValue() ) : doSomethingElseAndReturnReturnValue() ); -- Edit bug report at: http://bugs.php.net/?id=15328edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15329: Subscripting into strings would be useful
From: [EMAIL PROTECTED] Operating system: N/A PHP version: 4.1.1 PHP Bug Type: Feature/Change Request Bug description: Subscripting into strings would be useful The now very old North Star BASIC had a wonderful feature that I'd love to see in PHP, which was the ability to access strings using subscripts, rather like subscripting into an array, except even better since it allowed ranges to be subscripted just as easily as single characters in the strings. Examples: $string = My String; echo $string[5]; // returns r echo $string[0,]; // returns My String echo $string[3,5]; // returns Str echo $string[,3]; // returns My S -- Edit bug report at: http://bugs.php.net/?id=15329edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Bug #15328: A C-like comma operator would be useful
--- [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] Operating system: N/A PHP version: 4.1.1 PHP Bug Type: Feature/Change Request Bug description: A C-like comma operator would be useful A C-like comma operator would be useful, to string together series of statements. Example: echo ($precondition ? ( doThisAndDiscardReturnValue(), andDoThisAndReturnReturnValue() ) : doSomethingElseAndReturnReturnValue() ); how about echo ($precondition ? ( doThisAndDiscardReturnValue() andDoThisAndReturnReturnValue() ) : doSomethingElseAndReturnReturnValue() ); this should work! -- Edit bug report at: http://bugs.php.net/?id=15328edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Bug #15329: Subscripting into strings would be useful
--- [EMAIL PROTECTED] wrote:
From: [EMAIL PROTECTED]
Operating system: N/A
PHP version: 4.1.1
PHP Bug Type: Feature/Change Request
Bug description: Subscripting into strings would be useful
The now very old North Star BASIC had a wonderful feature that I'd love to
see in PHP, which was the ability to access strings using subscripts,
rather like subscripting into an array, except even better since it
allowed ranges to be subscripted just as easily as single characters in
the strings.
Examples:
this is very un-php like..
you can do the exact same thing with
What is the matter with doing this...
$string = My String;
echo $string[5]; // returns r
echo substr($string, 5);
echo $string[0,]; // returns My String
echo substr($string, 0);
echo $string[3,5]; // returns Str
echo substr($string, 3, 5);
echo $string[,3]; // returns My S
echo substr($string, 0, 3);
if you want to access a individual part of a string i think
it will be in zend2 with this syntax
$string foo;
echo $string{2}; // will print 'o';
anyone correct me if im wrong
- Brad
--
Edit bug report at: http://bugs.php.net/?id=15329edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
__
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [PROPOSAL] defense against session takeovers
Hi, i fully support rasmus, saying that we should mention the default configuration as unsafe in the documentation. Unlike Mr. Lorch or similiar people i do not think its our resposibility to configure the server for the admin. And i am a little bit tired about this whole session takeover discussion. Because in the end its our responsibility to design a secure new unsniffable protocol and develop clients and servers for it. Because THIS would be the only way to stop session takeovers. As long session IDs are transferred over http/https they are unsecure *POINT* If you want to blame someone go and bitch at Microsoft who endangers about 70% of all session-ids out there. Stefan -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15330: An efficient way to access the last element of an array is sorely missed
From: [EMAIL PROTECTED] Operating system: N/A PHP version: 4.1.1 PHP Bug Type: Feature/Change Request Bug description: An efficient way to access the last element of an array is sorely missed There seems to be no easy and efficient way to access the last element of an array (assuming you don't already know the key to that element). The most concise, though not terribly efficient workaround I have discovered is... $array[array_pop(array_keys($array))] ...which first extracts all the keys of the array, then pops off the last key and uses it as an index into the array. Fairly easy to write and understand (though bulky), but horribly inefficient. Perhaps there is a place for new array_lastkey($array), array_firstkey($array), and array_element_key($array, $n) functions. The first of these functions would simply return the last key in the array (or null if the array is empty). The second would return the first key in the array (or null). In the third, $n would be a numeric index into the array, totally unrelated to the array's keys. A positive number would indicate how far into the array to go, a negative number would indicate how far backward into the array to go, while 0 or an out of bounds index might either quietly return a null or might throw an error or warning. Some Examples: $array = array( 1 = One, two = Two, -3 = Minus Three ); echo $array[array_firstkey($array)]; // returns One because array_firstkey() returns 1 echo $array[array_lastkey($array)]; // returns Minus Three because array_lastkey() returns -3 echo $array[array_element_key($array,1)]; // returns One because array_element_key() returns 1 echo $array[array_element_key($array,2)]; // returns Two because array_element_key() returns two echo $array[array_element_key($array,-2)]; // returns Two because array_element_key() returns two echo $array[array_element_key($array,-1)]; // returns Minus Three because array_element_key() returns -3 -- Edit bug report at: http://bugs.php.net/?id=15330edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Bug #15328: A C-like comma operator would be useful
--- brad lafountain [EMAIL PROTECTED] wrote: --- [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] Operating system: N/A PHP version: 4.1.1 PHP Bug Type: Feature/Change Request Bug description: A C-like comma operator would be useful A C-like comma operator would be useful, to string together series of statements. Example: echo ($precondition ? ( doThisAndDiscardReturnValue(), andDoThisAndReturnReturnValue() ) : doSomethingElseAndReturnReturnValue() ); how about echo ($precondition ? ( doThisAndDiscardReturnValue() andDoThisAndReturnReturnValue() ) : doSomethingElseAndReturnReturnValue() ); sorry i guess i didn't read that good enough but then it makes less to me why you would wanna do that! becaues you always want doThisAndDiscardReturnValue() to execute. so why wouldn't you call it before you do you echo.. i would think your example would just be poor programming construct! this would work, doThisAndDiscardReturnValue(); echo ($precondition ? andDoThisAndReturnReturnValue() : doSomethingElseAndReturnReturnValue() ); this should work! -- Edit bug report at: http://bugs.php.net/?id=15328edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Email Attachment
Hello, I'm new in php development... I was wondering how can I attach a Word (.doc) Document in an email sent with the mail() function (if I can do it just with it). I know it has to see with the additional headers of the email, but I would be grateful If anyone could tell where can i go to for this specific information. I couldn't find it in PHP manual (.pdf version). Thanxs ! -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15331: odbc_fetch_array gives a Call to undefined function
From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 4.1.1
PHP Bug Type: ODBC related
Bug description: odbc_fetch_array gives a Call to undefined function
./configure' '--prefix=/usr/share' '--datadir=/usr/share/php'
'--bindir=/usr/bin' '--libdir=/usr/share'
'--with-config-file-path=/etc'
'--with-exec-dir=/usr/lib/php/bin' '--with-sybase-ct=/opt/sybase'
'--with-mysql=/usr' '--with-gd=yes'
'--enable-gd-native-ttf' '--enable-gd-imgstrttf'
'--with-tiff-dir=/usr' '--with-jpeg-dir=/usr' '--with-png-dir=/usr'
'--with-xpm-dir=/usr/X11R6'
'--with-ldap=yes' '--with-zlib=yes' '--with-bz2' '--with-gmp'
'--with-xml' '--with-ttf' '--with-t1lib' '--with-mcal=/usr'
'--with-imap=yes'
'--with-sablot' '--with-ftp' '--with-ndbm' '--with-gdbm'
'--with-mcrypt' '--with-gettext' '--with-mm' '--with-gd=yes'
'--with-iodbc'
'--enable-versioning' '--enable-yp' '--enable-bcmath'
'--enable-trans-sid' '--enable-inline-optimization' '--enable-track-vars'
'--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets'
'--enable-sysvsem' '--enable-sysvshm' '--enable-shmop'
'--enable-calendar'
'--enable-mbstring' '--enable-mbstr-enc-trans' '--enable-exif'
'--enable-ftp' '--enable-memory-limit' '--enable-wddx' '--enable-filepro'
'--enable-dbase' '--enable-ctype' '--disable-debug'
'--enable-force-cgi-redirect' '--enable-discard-path' '--enable-sigchild'
'--with-openssl'
'--with-imap-ssl' '--with-gd=yes'
'--with-apxs=/usr/sbin/apxs' '--with-pgsql=/usr' '--with-snmp'
'i386-suse-linux'
Compiles fine. This should work:
html
body
?php
$db = odbc_pconnect(TEST,test,test);
if($db){
echo(success);
$rs = odbc_exec($db, select * from UDT_KUNDEN);
$ar = odbc_fetch_array($rs);
foreach ($ar as $key = $value) {
echo Key: $key; Value: $valuebr\n;
}
odbc_close($db);
}
?
/body
/html
But I get Call to undefine function.
I used iODBC + FreeTDS. Other ODBC function seem to work fine.
--
Edit bug report at: http://bugs.php.net/?id=15331edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Email Attachment
Hello, you're asking the wrong list. This list is for developing PHP, not for developing WITH PHP. You want to ask on the [EMAIL PROTECTED] mailinglist for support questions. regards, Derick On Fri, 1 Feb 2002, Mauricio Sthandier wrote: Hello, I'm new in php development... I was wondering how can I attach a Word (.doc) Document in an email sent with the mail() function (if I can do it just with it). I know it has to see with the additional headers of the email, but I would be grateful If anyone could tell where can i go to for this specific information. I couldn't find it in PHP manual (.pdf version). Thanxs ! -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Email Attachment
--- Mauricio Sthandier [EMAIL PROTECTED] wrote: Hello, I'm new in php development... I was wondering how can I attach a Word (.doc) Document in an email sent with the mail() function (if I can do it just with it). I know it has to see with the additional headers of the email, but I would be grateful If anyone could tell where can i go to for this specific information. I couldn't find it in PHP manual (.pdf version). Thanxs ! Since you are new you can get a WARNING! :) Sorry this is the wrong list to be asking this question. this list is for people who develop php its self not develop IN php. try '[EMAIL PROTECTED]' -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Email Attachment
* Mauricio Sthandier wrote: Hello, I'm new in php development... I was wondering how can I attach a Word This list is *only* for developing PHP itself, not for developing *with* PHP. For the future, please use [EMAIL PROTECTED], as you can find it on http://www.php.net/mailing-lists.php (General user list). In order to answer your question: have a look at PEAR::Mail_MIME class from Richard Heyes. It provides an easy API in order to send mails with multiple (inline) attachments such as Word documents: http://cvs.php.net/cvs.php/pear/Mail_Mime -- PHP-Support * realitätsnahe Performance-Messungen mit Code-Analyse Webapplikationsentwicklung * PHP-Schulungen * Consulting 0700-THINKPHP -*- [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Re: Email Attachment
Ooops... .sorry. Is really easy to get confused. Goodbye ! Mauricio Sthandier [EMAIL PROTECTED] escribió en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I'm new in php development... I was wondering how can I attach a Word (.doc) Document in an email sent with the mail() function (if I can do it just with it). I know it has to see with the additional headers of the email, but I would be grateful If anyone could tell where can i go to for this specific information. I couldn't find it in PHP manual (.pdf version). Thanxs ! -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15330 Updated: An efficient way to access the last element of an array is sorely missed
ID: 15330 Comment by: [EMAIL PROTECTED] Old Reported By: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Feature/Change Request Operating System: N/A PHP Version: 4.1.1 New Comment: While there is no way to set the internal pointer (afaik) to a given element #, you can set the pointer to the first/last/next/previous item. http://se.php.net/manual/en/function.end.php end -- Set the internal pointer of an array to its last element. -- mats Previous Comments: [2002-02-01 14:07:08] [EMAIL PROTECTED] There seems to be no easy and efficient way to access the last element of an array (assuming you don't already know the key to that element). The most concise, though not terribly efficient workaround I have discovered is... $array[array_pop(array_keys($array))] ...which first extracts all the keys of the array, then pops off the last key and uses it as an index into the array. Fairly easy to write and understand (though bulky), but horribly inefficient. Perhaps there is a place for new array_lastkey($array), array_firstkey($array), and array_element_key($array, $n) functions. The first of these functions would simply return the last key in the array (or null if the array is empty). The second would return the first key in the array (or null). In the third, $n would be a numeric index into the array, totally unrelated to the array's keys. A positive number would indicate how far into the array to go, a negative number would indicate how far backward into the array to go, while 0 or an out of bounds index might either quietly return a null or might throw an error or warning. Some Examples: $array = array( 1 = One, two = Two, -3 = Minus Three ); echo $array[array_firstkey($array)]; // returns One because array_firstkey() returns 1 echo $array[array_lastkey($array)]; // returns Minus Three because array_lastkey() returns -3 echo $array[array_element_key($array,1)]; // returns One because array_element_key() returns 1 echo $array[array_element_key($array,2)]; // returns Two because array_element_key() returns two echo $array[array_element_key($array,-2)]; // returns Two because array_element_key() returns two echo $array[array_element_key($array,-1)]; // returns Minus Three because array_element_key() returns -3 Edit this bug report at http://bugs.php.net/?id=15330edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14841 Updated: this is a test bug report.
ID: 14841 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Bogus Bug Type: Website problem PHP Version: 4.1.1 New Comment: The bug system is not the appropriate forum for asking support questions. For a list of a range of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php Previous Comments: [2002-02-01 14:50:02] [EMAIL PROTECTED] Not enough information was provided for us to be able to handle this bug. Please re-read the instructions at http://bugs.php.net/how-to-report.php If you can provide more information, feel free to add it to this bug and change the status back to Open. [2002-02-01 14:49:03] [EMAIL PROTECTED] Not enough information was provided for us to be able to handle this bug. Please re-read the instructions at http://bugs.php.net/how-to-report.php If you can provide more information, feel free to add it to this bug and change the status back to Open. [2002-02-01 14:20:07] [EMAIL PROTECTED] oops, the from address wasn't quite right. take 2. [2002-02-01 14:17:21] [EMAIL PROTECTED] just testing. [2002-01-15 07:13:55] [EMAIL PROTECTED] Shoudn't we make this bug a bogus so it doesn't show up in the stats??? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=14841 Edit this bug report at http://bugs.php.net/?id=14841edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [PROPOSAL] defense against session takeovers
The only reason session data is stored in /tmp is that we want sessions to work out of the box and /tmp is the only place we can be semi-sure that we will have write access to. People who run large servers with multiple sites that all use sessions should of course change the session directory on a per-server basis in their httpd.conf file, or better yet, write their own session back end handler. If we shipped PHP with sessions that did not work out of the box, we would get flooded with questions here. The general philosophy of PHP has always been to make PHP easy for the beginner yet flexible enough for advanced users. This fits that rule. Give the advanced users the tools to configure PHP to have per-virtualhost session handling, while sessions still work for the guy who just installed PHP on his own little server and really doesn't know what he is doing. -Rasmus On Fri, 1 Feb 2002, Ivan Ristic wrote: Also, ISPs (like AOL) who use farms of proxy caches will change a users apparent ip during a single session. (i.e. concurrent requests may come from different ips). The real IP address can be tracked in most cases (say, using the HTTP_X_FORWARDED header an others) but I am not really sure that we should put the logic for that in the PHP engine itself. Users can add the additional PHP code to their libraries. Anyway, you can change the session id from the PHP code itself. I am more afraid of several applications (web sites) sharing the same session directory. Can a sessionid from one site be used as a sessionid for the other site residing on the same server (provided that session files are stored in the same directory)? From all the tests I've done - it can. This would allow an intruder to construct session data with any kind of variables and then switch to the other application with arbitrary privileges. ASP-s are most vulnarable here. If two instances of the same applications are running on the same server, then the administrator of one application can quite possibly become the administrator of the other... -- Ivan Ristic, [EMAIL PROTECTED] [ Weblog on PHP, Software development, Intranets, and Knowledge Management: http://www.webkreator.com ] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14902 Updated: php crash when using curl with returntransfer
ID: 14902
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Closed
Bug Type: cURL related
Operating System: Windows 2000 Server
PHP Version: 4.1.1
New Comment:
In a vmware installation of windows 2000 with php 4.1.1 I got no crash
as well. However if I run here
fetchHeader($currUrl,0) for the given example
the script terminates successfully after a few seconds but when
executing
fetchHeader($currUrl,1)
it times out which seems unlogical to me.
Previous Comments:
[2002-01-27 01:12:32] [EMAIL PROTECTED]
Cannot reproduce, works fine with CVS.
[2002-01-07 06:24:14] [EMAIL PROTECTED]
function fetchHeader($url, $returntransfer)
{
$ch = curl_init ($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, $returntransfer);
curl_setopt ($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_NOBODY, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_exec ($ch);
}
$arrTestUrl = array(www.alle-autos.ch, www.alpendrifter.ch,
www.cam-schweiz.ch, www.bwinfo.ch, www.canonshop.ch,
www.bmparch.ch,www.jahaya.ch);
reset($arrTestUrl);
foreach($arrTestUrl as $currUrl)
{ echo $currUrl . br; flush(); $currUrl = http://; . $currUrl;
fetchHeader($currUrl,0); }
Running the above script generates no error. In my case the script
crashed when using fetchHeader($currUrl,1) instead of
fetchHeader($currUrl,1), for every given url.
I am using the curl that comes with php 4.1.1 and php as a CGI
executable.
Edit this bug report at http://bugs.php.net/?id=14902edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [PROPOSAL] defense against session takeovers
The general philosophy of PHP has always been to make PHP easy for the beginner yet flexible enough for advanced users. This fits that rule. Give the advanced users the tools to configure PHP to have per-virtualhost session handling, while sessions still work for the guy who just installed PHP on his own little server and really doesn't know what he is doing. That is fine for a philosophy. I would still like to try to make the default setup more secure. I agree, the least we can do is to document this. How about that we use the SERVER_NAME environment variable when generating session filenames? Instead of name like sess_, the name could be sess__, where is a server fingerprint? I understand that this is not foolproof (say, for applications that run on the same domain name) but it will solve the most serious cases (shared hosting solutions). -- Ivan Ristic, [EMAIL PROTECTED] [ Weblog on PHP, Software development, Intranets, and Knowledge Management: http://www.webkreator.com ] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [PROPOSAL] defense against session takeovers
That is fine for a philosophy. I would still like to try to make the default setup more secure. I agree, the least we can do is to document this. How about that we use the SERVER_NAME environment variable when generating session filenames? Instead of name like sess_, the name could be sess__, where is a server fingerprint? I understand that this is not foolproof (say, for applications that run on the same domain name) but it will solve the most serious cases (shared hosting solutions). I really do think that someone setting up shared hosting should be clueful enough to configure things themselves or they probably shouldn't be in the business. -Rasmus -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [PROPOSAL] defense against session takeovers
How about that we use the SERVER_NAME environment variable when generating session filenames? Instead of name like sess_, the name could be sess__, where is a server fingerprint? I understand that this is not foolproof (say, for applications that run on the same domain name) but it will solve the most serious cases (shared hosting solutions). -1 for this because it destroys php functionality. it makes it impossible to have multiple domains with the same sessions f.e. www1.myserver.com www2.myserver.com news.myserver.com archive.myserver.com -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Summary on PHP 4.1.1 installation problems on Solaris 2.8
Dear PHP Colleagues,
After a rest period of nearly a year, we are back to our old tricks,
trying to build a kitchen sink version of the latest PHP release, 4.1.1,
on our SPARC platforms under Solaris 2.8/gcc 2.95.2, using as many options
as possible.
Not suprisingly, we have encountered a number of problems, to which we've
thus far gotten no insight from the various PHP mailing lists we've posted
to. We send this summary prior to backing off to a pared-down version of PHP:
1) Some of the configure options appear to be obsolete. For example, PHP 4.1.1
comes with an internal copy of expat; if we configure it with
--with-expat=path, it complains about not finding the header file
expat.h. It would appear to us that --with-expat= should not even be
supported, and that enable-expat should be supported to trigger inclusion
of the internally-supplied version of expat. Are there other extensions
that are now included in the PHP code base for which such options should
be eliminated?
2) When we tried to compile php 4.1.1 with the option
--with-snmp=/depot/package/ucd-snmp_4.2.1, we got the following error
message (apologies for its length, but did not want to eliminate information
here):
mkdir .libs
rm -fr .libs/libphp_java.la .libs/libphp_java.* .libs/libphp_java.*
(cd . ln -s java.lo java.o)
/usr/ucb/echo { global: .libs/libphp_java.so.exp
cat /site4/web_kit_1.0_rodgers/php_4.1.1/sapi/apache/php.sym | sed -e s
/\(.*\)/\1;/ .libs/libphp_java.so.exp
/usr/ucb/echo local: *; }; .libs/libphp_java.so.exp
/usr/ccs/bin/ld -G -M .libs/libphp_java.so.exp -h libphp_java.so -o .li
bs/libphp_java.so java.lo -R/depot/package/recode_3.5/lib -R/depot/pac
kage/xmlrpc-epi_0.50/vendor/lib -R/depot/lib/.libs -R/depot/package/pdfl
ib_3.0/lib -R/depot/package/jpeg_6b/lib -R/depot/package/mysql_3.23.46/v
endor/lib/mysql -R/depot/package/mhash_0.6.1/lib -R/depot/package/libmcr
ypt_2.4.19/vendor/lib -R/depot/package/libtool_1.4.2/vendor/lib -R/depot
/package/openLDAP_2.0.19/vendor/lib -R/depot/package/libiconv_1.7/vendor
/lib -R/depot/package/gettext_0.10.40/vendor/lib -R/depot/package/t1lib_
1.0.1/lib -R/depot/package/freetype_2.0.5/lib -R/depot/package/libxml_2.
4.13/vendor/lib -R/depot/package/gdbm_1.8/lib -R/depot/package/curl_7.9.
2/lib -R/depot/package/recode_3.5/lib -R/depot/package/xmlrpc-epi_0.50/v
endor/lib -R/depot/package/ucd-snmp_4.2.1/lib -R/depot/package/pdflib_3.
0/lib -R/depot/package/jpeg_6b/lib -R/depot/package/mysql_3.23.46/vendor
/lib/mysql -R/depot/package/mhash_0.6.1/lib -R/depot/package/libmcrypt_2
.4.19/vendor/lib -R/depot/package/libtool_1.4.2/vendor/lib -R/depot/pack
age/openLDAP_2.0.19/vendor/lib -R/depot/package/libiconv_1.7/vendor/lib
-R/depot/package/gettext_0.10.40/vendor/lib -R/depot/package/t1lib_1.0.1
/lib -R/depot/package/freetype_2.0.5/lib -R/depot/package/libxml_2.4.13/
vendor/lib -R/depot/package/gdbm_1.8/lib -R/depot/package/curl_7.9.2/lib
-R/usr/ucblib -R/depot/package/openssl_0.9.6b/vendor/lib -R/depot/packa
ge/gcc_2.95.2/lib/gcc-lib/sparc-sun-solaris2.8/2.95.2 -R/depot/package/z
lib_1.1.3/lib -R/depot/package/bzip2_1.0.1/lib -R/depot/package/cracklib
_2.7/vendor/lib -R/depot/lib -R/depot/package/rsaref_2.0/lib -R/depot/pa
ckage/openssl_0.9.6b/lib -R/depot/package/berkeley_db_3.2.9/lib -R/depot
/package/libpng_1.2.1/lib -R/depot/package/xpm_3.4k/lib -R/depot/package
/t1lib_1.1.1/vendor/lib -R/depot/package/gd_1.8.3/lib -R/site4/web_kit_1
.0_rodgers/imap-2001a/c-client -R/depot/package/mhash_0.8.13/lib -R/depo
t/package/mysql_3.23.46/lib/mysql -R/depot/package/ncurses_5.2/vendor/li
b -R/depot/package/tiff_3.5.5/lib -R/depot/package/pdflib_4.0.1/lib -R/d
epot/package/recode_3.6/vendor/lib -L/depot/package/libiconv_1.7/lib -L
/site4/web_kit_1.0_rodgers/openldap-2.0.19/libraries -L/depot/package/li
btool_1.3.4/lib -L/usr/local/lib -L/depot/lib -L/usr/ucblib -L/depot/pac
kage/openssl_0.9.6b/vendor/lib -L/depot/package/gcc_2.95.2/lib/gcc-lib/s
parc-sun-solaris2.8/2.95.2 -L/depot/package/zlib_1.1.3/lib -L/depot/pack
age/bzip2_1.0.1/lib -L/depot/package/cracklib_2.7/vendor/lib -L/depot/pa
ckage/curl_7.9.2/lib -L/depot/package/rsaref_2.0/lib -L/depot/package/op
enssl_0.9.6b/lib -L/depot/package/gdbm_1.8/lib -L/depot/package/berkeley
_db_3.2.9/lib -L/depot/package/libxml_2.4.13/vendor/lib -L/depot/package
/jpeg_6b/lib -L/depot/package/libpng_1.2.1/lib -L/depot/package/xpm_3.4k
/lib -L/depot/package/freetype_2.0.5/lib -L/depot/package/t1lib_1.1.1/ve
ndor/lib -L/depot/package/gd_1.8.3/lib -L/depot/package/gettext_0.10.40/
vendor/lib -L/depot/package/libiconv_1.7/vendor/lib -L/site4/web_kit_1.0
_rodgers/imap-2001a/c-client -L/depot/package/openLDAP_2.0.19/vendor/lib
[PHP-DEV] Bug #14923 Updated: is_readable, is_writable, is_executable fail on POSIX ACL based filesystems
ID: 14923
Updated by: Jade Nicoletti [EMAIL PROTECTED]
Old Reported By: [EMAIL PROTECTED]
Reported By: Jade Nicoletti [EMAIL PROTECTED]
Status: Open
Bug Type: Filesystem function related
Operating System: Linux 2.4.17, Debian unstable
PHP Version: 4.1.0
New Comment:
The submitter of this bug is right. PHP must not (try to) calculate
access rights.
Only the operating system knows what really allows or denies access.
There may be access control lists (ACLs), mandatory access control
(MAC), capabilities and may be even other access determining factors in
effect.
Therefore PHP should really use access(2) for the is_*able() family.
--Jade
Previous Comments:
[2002-01-07 22:05:30] [EMAIL PROTECTED]
The is_writeable, is_readable and is_executable functions
make the assumption that all permissions on POSIX systems
will be limited to UID/GID masks applied to the current
process UID and GID.
The particular application where this is biting me is accessing
files on an XFS filesystem. On top of the plain old
file permissions, which by default give the webserver UID/GID
access to a whole swag of files, several files are specifically
excluded from the webserver UID/GID using POSIX ACL's such as:
chuckles:/mnt/archive$ getfacl somefile
# somefile: 002-asdf/
# owner: danpat
# group: users
user::rwx
group::r--
other::r--
group:www-data:---
The user www-data under which the webserver runs is a member
of both the users group and the www-data group. This
ACL means that members of the users group who are no also
members of the www-data group can read the file, but people
who are in both groups may not.
For this case, calculating the bitmasks is not enough to determine
the correct result.
I note that the PHP code uses the stat() function to obtain
the file permissions and calculates the permissions itself.
There is an alternative function in access(2) which can be
used to obtain the readability, writeability and executability
of a file in a way such as:
#include unistd.h
int is_writeable(const char *filename) {
return access(filename, W_OK);
}
int is_readable(const char *filename) {
return access(filename, R_OK);
}
int is_executable(const char *filename) {
return access(filename, X_OK);
}
I believe something like this is probably more inline with what
the is_readable, is_writeable and is_executable function are
trying to achieve. Currently, they're returning the mask of
the process UID/GID and the file mask, however, this isn't always
100% accurate (i.e. if running as the superuser, is_readable
is almost always true, even if the file permissions say otherwise).
Edit this bug report at http://bugs.php.net/?id=14923edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re[2]: [PHP-DEV] [PROPOSAL] defense against session takeovers
Hi, This topic was already discussed in bugtraq and there should also be an entry in the PHP bug database about this: http://www.securityfocus.com/archive/1/250196 http://www.securityfocus.com/archive/1/250593 i fully support rasmus, saying that we should mention the default configuration as unsafe in the documentation. I absolutely agree with you. I would even suggest to set engine = Off by default which forces admins to at least have a quick look at php.ini. But unfortunately a dedicated server does not cost much more than virtual hosting anymore (just have a look at http://powerraq.com/ ). PHP is mostly pre-installed (with dev settings and not production settings - many admins even forget to switch on safe_mode) and this lazyness leads to thousands of insecure PHP installations on production machines. Yes, there are many idiots who call themselves admins (cobalt's servers have a graphical user interface, so you never get in touch with the underlying software), but in the end these people could spoil PHP's reputation and *that's* what I'm worrying about. Unlike Mr. Lorch [..] Daniel is ok :) I really don't know why people call me Mr. Maybe add my family name, otherwise I might get taken for Daniel Beulshausen (php4win.de). [..] or similiar people i do not think its our resposibility to configure the server for the admin. And i am a little bit tired about this whole session takeover discussion. Because in the end its our responsibility to design a secure new unsniffable protocol and develop clients and servers for it. Because THIS would be the only way to stop session takeovers. As long session IDs are transferred over http/https they are unsecure *POINT* HTTPS is just a component of the whole end product - PHP is another component and from a modular point of view, each component has to take any possible precautions to ensure maximum security. Kind Regards, Daniel Lorch -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14245 Updated: make install fails on apxs
ID: 14245 Updated by: [EMAIL PROTECTED] Old Reported By: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Apache related Operating System: AIX 4.3.3 PHP Version: 4.1.0RC5 New Comment: I am trying to install PHP 4.1.1 on AIX 4.3.3. I have GNU GCC 3.01 installed $ ./configure --prefix=/usr/local/php \ --with-apxs \ --with-mysql \ --with-zlib $ make Making all in Zend ... Target all is up to date. # /local/www/bin/apachectl stop # /usr/sbin/slibclean # make install Making install in Zend ... Target install-p is up to date. Target install is up to date. Making install in . /local/www/bin/apxs -i -a -n php4 libs/libphp4.so cp libs/libphp4.so /local/www/libexec/libphp4.so cp: libs/libphp4.so: A file or directory in the path name does not exist. apxs:Break: Command failed with rc=65536 make: 1254-004 The error code from the last command is 1. Stop. make: 1254-004 The error code from the last command is 1. Stop. # ls -l libs total 16008 -rw--- 1 root system 4094311 Nov 26 23:53 libphp4.a -rw--- 1 root system 749 Nov 26 23:53 libphp4.la Any update on resolution to this problem?? or a good workaround? I can not find lilphp4.so.0 as mentioned above. Previous Comments: [2001-12-16 16:28:06] [EMAIL PROTECTED] Don't have time to look at this anymore. And it indeed is a libtool bug. [2001-12-12 11:05:04] [EMAIL PROTECTED] This is NOT fixed in CVS yet. It's a libtool bug and I'm trying to find out how to fix it atm. [2001-12-11 13:47:31] [EMAIL PROTECTED] This should be fixed in CVS can you try a snapshot from snaps.php.net? Derick [2001-12-03 16:36:17] [EMAIL PROTECTED] Updated PHP Version. [2001-11-28 13:55:17] [EMAIL PROTECTED] I've found a workaround for this problem. If I manually copy .libs/libphp4.so.0 to libs/libphp4.so, it seems to continue okay: # make install ... cp: libs/libphp4.so: A file or directory in the path name does not exist. apxs:Break: Command failed with rc=65536 make: 1254-004 The error code from the last command is 1. ... Stop. # cp .libs/libphp4.so.0 libs/libphp4.so # make install ... Target install-p is up to date. Target install is up to date. Making install in . /local/www/bin/apxs -i -a -n php4 libs/libphp4.so cp libs/libphp4.so /local/www/libexec/libphp4.so chmod 755 /local/www/libexec/libphp4.so [activating module `php4' in /local/www/conf/httpd.conf] installing shared modules into /local/www/php/lib/php/20010901 Target install-p is up to date. ... Target install is up to date. # /local/www/bin/apachectl start Target install is up to date. Is there some way make install can do that copying step automatically? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=14245 Edit this bug report at http://bugs.php.net/?id=14245edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Here we try again)
Hello, George Schlossnagle wrote: - Add an API function that can compile arbitrary PHP scripts. How do you want to handle includes or evals in the code to be compiled? This is a majopr problem I see with a naive standalone compiler. I am not aware. What exactly is the problem? When I say compiler I mean PHP source to Zend bytecodes. The way I see it compiled included files should be loaded on demand with a function for instance named include_apc() that would simply load the code and run it. eval would be handled normally with Zend engine like any other PHP source code extract. - Add an API function for loading arbitrary compiled code. somewhat trickier. Why? - If possible these should take source input and generating compiled output to string so we can handle input and output data from other sources besides files. wouldn't be too hard, modulo the above. Great. These would be the basic this that would be necessary. Around this we could build other tools like GUI interfaces from compiling sources in batches, building distribution archives, self extracting and installable PHP applications, etc... Now, for something probably more challenging: could the compiled output be fed to Zend Optimizer somehow and get an optimized compiled output that could be saved, loaded and executed the same way as the non-optimized compiled output? No idea. closed source product. :) Oh, I see, undocumented API, right? Never mind, most people can live without it. It took me a while to realize that PHP pages can be served much faster efficiently just by using a cache extension like APC than just with Zend Optimizer. Actually, with all optimizations on, it seems that my site was running slower and consuming more CPU cycles when I just used Zend Optimizer. Ideally an optimizer could run before storing the compiled output to the cache or disk. We can live without Zend Optimizer. BTW, I talked with BWare people and they say they have good ideas for optimizing the compiled code. Even if that is not as good as the Zend Optimizer, it is better than raw compiled code. It seems that PHPA also does some optimization but since it is closed source and the author seems to be stalling to not share his code or ideas, we'd better not count on him unless he changes his posture. I don't have a problem with the fact that he closes the source (it is his sole right), but for this free PHP compiler project we can't rely on closed source projects. How Open Source is APC? Do you take volunteers help (patches, hackers with CVS accounts, bug reports, etc..)? APC is completely open-source (release under QPL). Patches are awesome. CVS write-access is only for maintainers at the moment (and anon cvs to the world). There's noo hard-and-fast rule, but the base guideline for maintainer status is contribution fixes/patches of consistent merit and of more than 10% of the code base. Great. And if PHP developers agree, would you be interested in integrating APC extension in PHP, with PHP license of course? I have no problems with relicensing APC, and I've offered before to contribute it to the php group, and it was turned down. I can give further details off-list, if you are interested. Sure I and a lot of people here would like to know why it was turned down. If you feel you can only tell me privately, please do so, but I think PHP is an Open Source project and therefore everybody envolved should be coherent and not hide the reasons why a contribution is accepted or rejected. Open Source is not consistent with secret decisions. So please, I am encouraging you to speak openly and let everybody know what was the reasoning for being excluded. I looked at all free cache engines (PHPA, APC, Bware). PHPA seems to be going to non-Open Source route (no code available for everybody). Bware people are nice and are willing to cooperate even if they don't have much time. APC, I could not realize how alive the the project is. Do you actively work on it or are you too busy? I haven't been very active since October (wish I could say it was a vacation, but alas, it was just work). In about 3 weeks, I should have much much more free time and hopefully be able to get back to being very active in apc. Ok, that's normal with everybody these days. Anyway, as I said I have been getting a lot of support to provide a free PHP compiler/optimizer/cache/encoder. So, this will not go forward for the lack of will and contributed work. That's great news. Yes, oh BTW, I would like to apologise to the numerous people that contacted me privately because I still did not have time to reply to them personally. I will do so ASAP. Regards, Manuel Lemos -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL
[PHP-DEV] Closing bugs 14452, 14602, 14616, 14824
The bugs 14452, 14602, 14616, 14824 all seem to be the same. Maybe it's a libtool bug - maybe not. What I do know, however, is that if the Zend intermediate library built only add libs that Zend need, the bug doesn't occur. The fix below introduces define ZEND_EXTRA_LIBS that are the libs used by Zend (usually very few). I don't have karma to apply the fix. And if I had, I'd ask people anyway. -- Adam Dickmeiss Index: Makefile.in === RCS file: /repository/php4/Makefile.in,v retrieving revision 1.105 diff -u -r1.105 Makefile.in --- Makefile.in 24 Jan 2002 12:55:08 - 1.105 +++ Makefile.in 1 Feb 2002 22:13:19 - @@ -14,7 +14,7 @@ $(TSRM_LIB) LTLIBRARY_LDFLAGS = -rpath $(phptempdir) $(EXTRA_LDFLAGS) $(LDFLAGS) $(PHP_RPATHS) -LTLIBRARY_LIBADD = $(LTLIBRARY_DEPENDENCIES) $(EXTRA_LIBS) +LTLIBRARY_LIBADD = $(LTLIBRARY_DEPENDENCIES) $(EXTRA_LIBS) $(ZEND_EXTRA_LIBS) PROGRAM_NAME = php PROGRAM_SOURCES = stub.c Index: configure.in === RCS file: /repository/php4/configure.in,v retrieving revision 1.296 diff -u -r1.296 configure.in --- configure.in30 Jan 2002 23:46:44 - 1.296 +++ configure.in1 Feb 2002 22:13:19 - @@ -825,6 +825,8 @@ PHP_REGEX +EXTRA_LIBS=$EXTRA_LIBS $DLIBS $LIBS +unset LIBS LDFLAGS dnl Configuring Zend and TSRM. dnl - @@ -849,7 +851,7 @@ INCLUDES=$INCLUDES -I\$(top_srcdir)/TSRM fi -EXTRA_LIBS=$EXTRA_LIBS $DLIBS $LIBS +ZEND_EXTRA_LIBS=$LIBS unset LIBS LDFLAGS PHP_CONFIGURE_PART(Configuring TSRM) @@ -1001,6 +1003,7 @@ PHP_SUBST_OLD(EXTENSION_DIR) PHP_SUBST(EXTRA_LDFLAGS) PHP_SUBST_OLD(EXTRA_LIBS) +PHP_SUBST_OLD(ZEND_EXTRA_LIBS) PHP_SUBST(INCLUDES) PHP_SUBST_OLD(INCLUDE_PATH) PHP_SUBST_OLD(INSTALL_IT) Index: Zend/Makefile.am === RCS file: /repository/Zend/Makefile.am,v retrieving revision 1.43 diff -u -r1.43 Makefile.am --- Zend/Makefile.am2001/09/19 08:26:11 1.43 +++ Zend/Makefile.am2002/02/01 22:16:37 @@ -15,7 +15,8 @@ zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ zend_ini.c zend_qsort.c -libZend_la_LDFLAGS = @EXTRA_LIBS@ +libZend_la_LDFLAGS = +libZend_la_LIBADD = @ZEND_EXTRA_LIBS@ # automake isn't too clever about non-standard use of lex and yacc Index: Zend/configure.in === RCS file: /repository/Zend/configure.in,v retrieving revision 1.31 diff -u -r1.31 configure.in --- Zend/configure.in 2000/12/02 13:26:41 1.31 +++ Zend/configure.in 2002/02/01 22:16:38 @@ -35,9 +35,9 @@ LIBZEND_ENABLE_DEBUG LIBZEND_OTHER_CHECKS -EXTRA_LIBS=$LIBS +ZEND_EXTRA_LIBS=$LIBS LIBS= -AC_SUBST(EXTRA_LIBS) +AC_SUBST(ZEND_EXTRA_LIBS) AC_OUTPUT(Makefile) # Local Variables: -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15334: no way to upload to a virtual domain
From: [EMAIL PROTECTED] Operating system: FreeBSD 4.4 PHP version: 4.1.1 PHP Bug Type: HTTP related Bug description: no way to upload to a virtual domain using phpMyAdmin to upload a SQL query file, Apache reports the following error: *** Warning: open_basedir restriction in effect. File is in wrong directory in /usr/local/psa/home/vhosts/bogus.org/httpdocs/sql/read_dump.php on line 220 Warning: fopen(/usr/local/psa/home/vhosts/anotherone.com/httpdocs/_php_upload_tmp/php66Xwh8, r) - Operation not permitted in /usr/local/psa/home/vhosts/bogus.org/httpdocs/sql/read_dump.php on line 220 Warning: Supplied argument is not a valid File-Handle resource in /usr/local/psa/home/vhosts/bogus.org/httpdocs/sql/read_dump.php on line 220 ** Please notice that Apache is referring to two different virtual domains, bogus.org and anotherone.com !!! I was uploading to bogus.org and Apache reported trying to fopen on anotherone.com!! Is it impossible to perform uploads on a server that hosts virtual domains? It shouldnt, should it -- Edit bug report at: http://bugs.php.net/?id=15334edit=1 Fixed in CVS: http://bugs.php.net/fix.php?id=15334r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=15334r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=15334r=needtrace Try newer version: http://bugs.php.net/fix.php?id=15334r=oldversion Not for support: http://bugs.php.net/fix.php?id=15334r=support Not wrong behavior: http://bugs.php.net/fix.php?id=15334r=notwrong Not enough info: http://bugs.php.net/fix.php?id=15334r=notenoughinfo -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Herewe try again)
Hello, Hartmut Holzgraefe wrote: Manuel Lemos wrote: Unless I'm mistaken, Java doesn't have eval. Any language with eval needs a runtime environment when executing, even if the rest of the code is converted to C I am not expert in Java (actually I don't program in Java - MetaL generates it for me if I ever need it), but I suppose that what eval does is what java.lang.Compiler class is for. java.lang.compiler is a little different ... 1) Java *has* a complete runtime environment available at runtime, the JVM and the standard classes, that's why JVMs tend to be so big and have a rather large startup time overhead What is the difference to PHP? PHP also has to compile any sources before executing them. Actually I think PHP is much better than Java because the runtime enviroment, which is Zend compiler and all PHP extensions, was completely handwritten in C. 2) java.lang.Compiler takes a java source file and compiles it into a class file, so the result is persistent and you have to have your code wrapped up to a complete class, write it to filesystem, compile it, load the compiled class into the JVM and then execute PHP already does that. What is missing is the hooks to save the compiled output to disk or for instance to somewhere in the network to run in a distributed enviroment where not only the objects data but also the code can migrate between machines. eval just executes statements within the eingine, and what you pass to it has to be just a complete statement, not a whole class Unlike Java, PHP code does not have to be a class. eval is like include except that the source input comes for a string passed as argument. That is what is called dynamic loading. Regards, Manuel Lemos -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re[2]: [PHP-DEV] [PROPOSAL] defense against session takeovers
But unfortunately a dedicated server does not cost much more than virtual hosting anymore (just have a look at http://powerraq.com/ ). PHP is mostly pre-installed (with dev settings and not production settings - many admins even forget to switch on safe_mode) and this lazyness leads to thousands of insecure PHP installations on production machines. Why would you switch on safe_mode if you have a dedicated server? That makes no sense. There is also nothing unsafe about the session code if you are on a dedicated server. -Rasmus -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: Re[2]: [PHP-DEV] [PROPOSAL] defense against session takeovers
Why would you switch on safe_mode if you have a dedicated server? That makes no sense. It can be useful to minimise the damage in case someone finds a hole in your PHP scripts, and the hole allows them to access files on the server. -- Ivan Ristic, [EMAIL PROTECTED] [ Weblog on PHP, Software development, Intranets, and Knowledge Management: http://www.webkreator.com ] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Bug #15328 Updated: A C-like comma operator would be
Lars Torben Wilson wrote: On Fri, 2002-02-01 at 11:49, [EMAIL PROTECTED] wrote: ID: 15328 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: Feature/Change Request Operating System: N/A PHP Version: 4.1.1 New Comment: not likely to be implemented... bogussing. I hardly think it's fair to Bogus a bug request because one person thinks it's unlikely to be implemented. Even if the request is denied, it should only be Closed (instead of Bogussed) unless it's another one of those damn 'PHP should detect infinite loops' requests. ;) I think it's okay to make bogus. If someone think it' worth to be implmented, one should post his/her opinion. That's the way should be, IMHO -- Yasuo Ohgaki -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15324 Updated: CGI version (php.exe) times out
ID: 15324 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Reproducible crash Operating System: Win2K PHP Version: 4.1.1 New Comment: note: I think we may have isolated the ISAPI problem...4.1.1 seems to crash in IIS (Win2K) after some period of dormancy only if it is *not* installed as an ISAPI filter as well as an ISAPI application, contrary to the advice given in the installation notes. Previous Comments: [2002-02-01 10:27:53] [EMAIL PROTECTED] I attempted to use php.exe (with IIS) rather than the ISAPI module of PHP 4.1.1, as the ISAPI consistently crashes after laying dormant for a period of time in IIS. This bug is alluded to in the latest release notes, and I don't believe it has been solved. Having been warned that the ISAPI is not stable, I decided to run the CGI. I followed the installation instructions, and granted execute access for c:\php to IISUSR_computername Problem is, the exe hangs and eventually produces a timeout error in IIS. I am using file includes on each of my pages. Error: The script started from the URL '/index.php' with parameters '' has not responded within the configured timeout period. The HTTP server is terminating the script. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. Confused... Edit this bug report at http://bugs.php.net/?id=15324edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15336: New mysql function: mysql_real_connect
From: [EMAIL PROTECTED] Operating system: any PHP version: 4.1.1 PHP Bug Type: Feature/Change Request Bug description: New mysql function: mysql_real_connect Since version 3.22.x we have a mysql_real_connect instead of mysql_connect + mysql_db_select in the mysql C-API. If you come from C, its annoying, to use the (deprecated) functions mysql_connect + mysql_select_db. Its ok for BC, but mysql_real_connect should be art of the state. Georg -- Edit bug report at: http://bugs.php.net/?id=15336edit=1 Fixed in CVS: http://bugs.php.net/fix.php?id=15336r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=15336r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=15336r=needtrace Try newer version: http://bugs.php.net/fix.php?id=15336r=oldversion Not for support: http://bugs.php.net/fix.php?id=15336r=support Not wrong behavior: http://bugs.php.net/fix.php?id=15336r=notwrong Not enough info: http://bugs.php.net/fix.php?id=15336r=notenoughinfo -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14529 Updated: script doesn't always finish output
ID: 14529 Updated by: [EMAIL PROTECTED] Old Reported By: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Output Control Operating System: Linux RH 7.2 PHP Version: 4.1.1 New Comment: I am also experiencing this problem with PHP. On some pages no output is generated whatsoever (http://ged.dynodns.net/band/events.php [events.phps for source]). But the main page (http://ged.dynodns.net/band/index.php [index.phps for source]) works fine until GET var's are passed to it (ie: index.php?func=articleoid=19288), in which case it doesn't work at all. It cuts output off when I have output buffering off, but appears to work OK when I have output buffering enabled. ./configure \ --with-apxs \ --disable-short-tags \ --without-mysql \ --with-pgsql=/usr/pgsql and the php.ini file can be viewed here: http://ged.dynodns.net/band/php.ini I also, do not get any error reports or crashes when running Apache in gdb for debugging. I have all logging in PHP set to E_ALL so I should see any cought source errors, and Apache set to 'debug' so I should get verbose error messages there, and none are showing up for this problem. Previous Comments: [2002-01-19 23:50:47] [EMAIL PROTECTED] Never thought to look at apache logs. Here is a very common error. [Sat Jan 19 20:49:54 2002] [notice] child pid 14822 exit signal Segmentation fault (11) [Sat Jan 19 21:25:20 2002] [warn] child process 14826 still did not exit, sending a SIGTERM [Sat Jan 19 21:25:24 2002] [error] child process 14826 still did not exit, sending a SIGKILL The first line has at least 20 of them in a row and then the last two occasionally show up at the end of it. It happens on every page load. I was using trans-sid for most tests. Register globals has been Off for most tests as well. No use of ob_end_flush() or ob_end_clean() anywhere in my scripts. (I have output_buffering set to Off - but have tried, On and 4K). I'm not sure what you mean by gdb for running httpd under. I tried using tail on the error_log and when the page locks the error message (above) is what I got. [2002-01-19 23:33:04] [EMAIL PROTECTED] Please update Version :) Here comes more questions. Do you use trans-sid? (If yes, do you have register_globals=On?) Do you use ob_end_flush(), ob_end_clean() anywher in your scripts? I guess you have already checked, but Do you see any error logs for Apache and PHP? Could you try to run httpd under gdb to see if you get any signal or exit code. [2002-01-19 23:29:21] [EMAIL PROTECTED] PHP4.0.6 compiled with the same ./configure line works flawless so it's only happening in 4.1.0 - 4.2.0-dev In linux the pages almost never load simply gives me error reports (some sort of connection error so drops connection), IE loads about 60-70% of the time (but I've noticed it is only displaying old cached information even though I've got it set to nocache in php.ini and tried sending headers to force no caching). I even tried forcing IE not to cache in it's settings but it still does it or else it locks up forever (ALT-CTL-DEL to finally end that task - I've left it for as long as an hour to see if it'd time out first or do something). I've tried reducing the code to force it not to do any includes except the main one. So I could test a much smaller script and it still gives me the problem. Yet if I do a very simple page (like with ? phpinfo() ?) there is no problems at all. I'm reading through other bugs trying to find similarities with various functions I use and other bugs to see if I can narrow this down. [2002-01-19 23:16:19] [EMAIL PROTECTED] I've answered that before (I've tried 3 different snaps versions). I tried todays php-200201191500 and still the same problem. I even re-compiled my kernel to the latest stable version this morning just in case it was a RH default compile thing. I'm recompiling php-4.0.6 from scratch (rather than the RPM) as we speak with the exact same options on ./configure line just to be sure that it is just 4.1.0 or newer giving me the grief. [2002-01-19 21:56:53] [EMAIL PROTECTED] This is 4th time to ask. Do you have problem with 4.2.0-dev? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=14529 Edit this bug report at http://bugs.php.net/?id=14529edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail:
[PHP-DEV] Bug #15338: Can't select database with '-' in name.
From: [EMAIL PROTECTED] Operating system: windows NT IIS PHP version: 4.1.1 PHP Bug Type: MSSQL related Bug description: Can't select database with '-' in name. I have a database on my MSSQL server with a '-' in the database name. The database works fine with all of my other applications including ASP. However, I cannot select the database with PHP. Interestingly, a '-' in the server name doesn't seem to be a problem. $server=SQL-Server; $dbName=My-DB; $user=phpusr; $passwd=phppass; $hcon = mssql_connect($server, $user, $passwd); if ($hcon == FALSE) die(Could not connect to SQL server '$server'); $hdb = mssql_select_db($dbName, $hcon); The resulting message is: Warning: MS SQL message: Line 1: Incorrect syntax near '-'. (severity 15) in C:\InetPub\PHP\dbtest.php on line 10 Warning: MS SQL: Unable to select database: My-DB in C:\InetPub\PHP\dbtest.php on line 10 Could not select database 'My-DB' -- Edit bug report at: http://bugs.php.net/?id=15338edit=1 Fixed in CVS: http://bugs.php.net/fix.php?id=15338r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=15338r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=15338r=needtrace Try newer version: http://bugs.php.net/fix.php?id=15338r=oldversion Not for support: http://bugs.php.net/fix.php?id=15338r=support Not wrong behavior: http://bugs.php.net/fix.php?id=15338r=notwrong Not enough info: http://bugs.php.net/fix.php?id=15338r=notenoughinfo -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15338 Updated: Can't select database with '-' in name.
ID: 15338 Updated by: [EMAIL PROTECTED] Old Summary: Can't select database with '-' in name. Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: MSSQL related Operating System: windows NT IIS PHP Version: 4.1.1 New Comment: If your database name contains '-' or ' ' you can select the database like this: mssql_select_db([my database]); or mssql_select_db([my-database]); That works fine. Previous Comments: [2002-02-01 19:46:52] [EMAIL PROTECTED] I have a database on my MSSQL server with a '-' in the database name. The database works fine with all of my other applications including ASP. However, I cannot select the database with PHP. Interestingly, a '-' in the server name doesn't seem to be a problem. $server=SQL-Server; $dbName=My-DB; $user=phpusr; $passwd=phppass; $hcon = mssql_connect($server, $user, $passwd); if ($hcon == FALSE) die(Could not connect to SQL server '$server'); $hdb = mssql_select_db($dbName, $hcon); The resulting message is: Warning: MS SQL message: Line 1: Incorrect syntax near '-'. (severity 15) in C:\InetPub\PHP\dbtest.php on line 10 Warning: MS SQL: Unable to select database: My-DB in C:\InetPub\PHP\dbtest.php on line 10 Could not select database 'My-DB' Edit this bug report at http://bugs.php.net/?id=15338edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15156 Updated: apache segmentation fault (11) with php4
ID: 15156 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Old Status: Feedback Status: Open Bug Type: Reproducible crash Operating System: RedHat Linux, 2.4.2 kernel PHP Version: 4.1.1 New Comment: I did as you suggested. New apache and apache-devel rpms. Then installed PHP 4.1.1 All is well regarding segmentation faults. However, in order to get apache to process the embedded php code, I had to slightly modify the httpd.conf file. This was the code that didn't work: IfModule mod_php4.c AddType application/x-httpd-php .php4 .php3 .phtml .php AddType application/x-httpd-php-source .phps /IfModule # The following is for PHP3: IfModule mod_php3.c AddType application/x-httpd-php3 .php3 AddType application/x-httpd-php3-source .phps /IfModule # The following is for PHP/FI (PHP2): IfModule mod_php.c AddType application/x-httpd-php .phtml /IfModule I moved the AddType directives outside of the IfModule mod_php4.c block and now it works. Thanks for your help! Previous Comments: [2002-02-01 00:31:20] [EMAIL PROTECTED] I suggest you to install from scrach (including all config files related) Make sure you do rpm -e for all apache/php related package including -devel one. Delete or move all httpd.conf/php.ini. If you still have segfault problem, report it again. [2002-01-31 18:55:54] [EMAIL PROTECTED] In spite of my prior 'make clean' commands, I found that copies of libphp3.so and libphp4.so were present on my system. I deleted these files and reinstalled PHP 4.1.1 from a fresh tarball distribution (configuration options as before). I also scrutinized my httpd.conf file and found that 'LoadModule libphp4.so' appeared twice, each with a different path. In order to satisfy apache, I had previously created a symbolic link from the second directory to modules/libphp4.so. I subsequently deleted the symbolic link and the Apache directive that refered to it. I continue to have the problems but there are some differences. The server starts fine. Documents with .html or .php extensions fail to load in the browser and result in a child process segmentation fault in the error_log. Occasionally, one browser request results in multiple child seg. faults. I tried to get a backtrace but strangely, when I run httpd with the -X flag, the server does not crash. However, PHP code is not processed. The core file is nowhere to be found. Incidentally, commenting out the AddModule directive: ... LoadModule php4_modulemodules/libphp4.so ... # AddModule mod_php4.c ... restores functionality to the server (without PHP enabled). Scripts in the cgi-bin directory seem to work fine and text documents (with .txt extensions) load fine from the html directory. Any advice? [2002-01-30 14:29:33] [EMAIL PROTECTED] Sorry if this is a stupid question but how do I turn off the xbit hack directive? Here are the answers to your questions: 1) I followed directions for an Apache module installation. If PHP4 is installed as a CGI version as well, then I am not aware of it. How can I confirm that the CGI version is not installed? 2) PHP3 was installed on this machine as part of the RedHat 7.1 distribution. I removed it (rpm -e php) prior to installing PHP4. Should I check for some remnant of the previous installation that might be causing a conflict? 3) Here are the relevant lines from my httpd.conf file IfModule mod_php4.c AddType application/x-httpd-php .php4 .php3 .phtml .php AddType application/x-httpd-php-source .phps /IfModule # The following is for PHP3: IfModule mod_php3.c AddType application/x-httpd-php3 .php3 AddType application/x-httpd-php3-source .phps /IfModule # The following is for PHP/FI (PHP2): IfModule mod_php.c AddType application/x-httpd-php .phtml /IfModule Thanks again. Craig [2002-01-24 21:01:31] [EMAIL PROTECTED] Turn off xbit hack ini directive to see if it helps. BTW, xbit hack works fine for me. (4.2.0-dev. It worked older versions also) Are you using PHP CGI version also? Are you using PHP3 AND PHP4 as module? What is AddType setting for PHP. (In httpd.conf) [2002-01-24 13:03:15] [EMAIL PROTECTED] I've tried versions of PHP all the way back to 3.0.18 and I still get the same problems. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=15156 Edit this bug report at
Re: [PHP-DEV] [PROPOSAL] defense against session takeovers
based on something nasty i did with cookies a while back Session id [][bb] eg. first 32? chars are the standard md5, the remainder is a variable length key. aaa - the standard session id. (eg. the filename) bbb - an simple key overlay say the session file contains 'abcd' and b contains 0au2dr then the resulting sessoin file would contain : char 1 = (a + 0) mod 256 char 2 = (b + a) mod 256 char 3 = (c + u) mod 256 and so on. -- to decrept you obvious overlay the negative with modulus.. its an incredibly dumb and simple encryption method.. - but it may solve alot of the concerns... - eg. without the full session id, you cant use the session file. or guess the full session file.. anyway its early morning so I probably missed something.. - it doesnt make it impossible - just alot more difficult... regards alan Ivan Ristic wrote: The general philosophy of PHP has always been to make PHP easy for the beginner yet flexible enough for advanced users. This fits that rule. Give the advanced users the tools to configure PHP to have per-virtualhost session handling, while sessions still work for the guy who just installed PHP on his own little server and really doesn't know what he is doing. That is fine for a philosophy. I would still like to try to make the default setup more secure. I agree, the least we can do is to document this. How about that we use the SERVER_NAME environment variable when generating session filenames? Instead of name like sess_, the name could be sess__, where is a server fingerprint? I understand that this is not foolproof (say, for applications that run on the same domain name) but it will solve the most serious cases (shared hosting solutions). -- Ivan Ristic, [EMAIL PROTECTED] [ Weblog on PHP, Software development, Intranets, and Knowledge Management: http://www.webkreator.com ] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] pthreads
i have a question. would making a wrapper extension around pthreads work? or would this break alot of stuff conserning tsrm and other memory/execution that im not positive about. - Brad __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Re: Bug #15323: pg_connect failing on iPlanet 4.1 nsapi
You haven't reply to me for this question. Can you connect PostgreSQL server from other machine? Please do not open new bug report at least while I'm still trying to help you. -- Yasuo Ohgaki [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] Operating system: Solaris 2.8 PHP version: 4.1.1 PHP Bug Type: PostgreSQL related Bug description: pg_connect failing on iPlanet 4.1 nsapi Revisiting bug #15282, I am unable to connect to a remote PostgreSQL database using server parsed php. I can connect when the script is run: a). On the command line b). As a CGI binary c.) Using a perl script d.) Using psql Postmaster on the remote server IS running with the '-i' option, even though the error message in the web server logs reads: [29/Jan/2002:22:50:18] info (14848): for host b-39-117-res1.mts.net trying to POST /members.php, PHP_log_message reports: PHP Warning: Unable to connect to PostgreSQL server: connectDBStart() -- connect() failed: No such file or directory Is the postmaster running (with -i) at 'db1' and accepting connections on TCP/IP port 5432? in /usr/local/etc/httpd/htdocs/cardp.ca/members.php on line 100 No other errors appear and the server keeps on running. The results of running snoop on the interfaces reveals that instead of the expected SYN/ACK, the system initiating the connection sends SYN/RST. The connection fails identically when using either pg_connect or pg_pconnect. Php configuration is as shown below, taken from the original report. As well, the contents of the script are included. After the bug had been closed as bogus, I asked [EMAIL PROTECTED] if he could be more specific in his diagnosis that this behaviour is expected and in the manual. His only reply was that postgres needs to be run using the -i option, which I have already stated is the case. If it weren't, none of the other connections would suceed either. Connections from the sames server to the same remote database using mysql as the database do not fail. Niether does running the script using apache as the web server. Unfortunately, these are not valid options in our production environment. Any insight would be greatly appreciated. - Dave Ruppel From bug #15282: [29 Jan 1:56pm] [EMAIL PROTECTED] When attempting to connecting to a remote database using pg_connect(host=dbhost user=dbuser dbname=dbname), the operation fails. I can connect using psql from the command line or through a perl script as any user. Running php as a CGI binary also works. However, when running as an nsapi, the connection fails. A quick look using snoop shows that the failed connection appears to be sending SYN/RST instead of SYN/ACK (which is what is seen during a successful connection). Here's my system details: OS: Solaris 2.8 Web Server: iPlanet 4.1 PHP version: php 4.1.1 PHP configure options: ./configure --with-nsapi=/usr/local/iws41 \ --with-pgsql=/usr/local/pgsql \ --enable-libgcc PostgreSQL version: 7.0.3 For what it's worth, connections to a mysql database between the same systems works without a hitch. Any suggestions would be appreciated. [29 Jan 8:42pm] [EMAIL PROTECTED] Could you take a look at web server error log? Do you have anything related? (segfault, etc) Could you run iPlanet under gdb? (to see if it is exting or segfaulting) Do you quote connection string? Do you get any error message from pg_connect? Do you have multiple libpq? (find / -name libpq*) Do you have the same problem with snapshot? http://snaps.php.net/ Attach *complete* script even if it is a few lines next time. [30 Jan 12:11am] [EMAIL PROTECTED] I've also tried using the current CVS (01/26/2002) with no luck. The are no multiple copies of libpq, it's a new system. I haven't tried running iPlanet under gdb yet, that'll be something to try tommorow. In the mean time, here's the error from the logs: [29/Jan/2002:22:50:18] info (14848): for host b-39-117-res1.mts.net trying to POST /members.php, PHP_log_message reports: PHP Warning: Unable to connect to PostgreSQL server: connectDBStart() -- connect() failed: No such file or directory Is the postmaster running (with -i) at 'db1' and accepting connections on TCP/IP port 5432? in /usr/local/etc/httpd/htdocs/cardp.ca/members.php on line 100 No other errors appear and the server keeps on running. The source of the script (sans-HTML) calling the database follows:
[PHP-DEV] Bug #15323 Updated: pg_connect failing on iPlanet 4.1 nsapi
ID: 15323 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: PostgreSQL related Operating System: Solaris 2.8 PHP Version: 4.1.1 Edit this bug report at http://bugs.php.net/?id=15323edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15178 Updated: ob_implicit_flush is broken
ID: 15178 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Output Control Operating System: Linux PHP Version: 4.0CVS-2002-01-23 Old Assigned To: Assigned To: yohgaki New Comment: Thanks, I'll check it again. Previous Comments: [2002-02-01 11:57:28] [EMAIL PROTECTED] It works fine for me now... Apache 1.3.22, yesterday's CVS, on Debian (Sid) Linux. [2002-01-23 02:55:05] [EMAIL PROTECTED] Following script does not print This is a test on my browser :( Apache 1.3.22 --- begin --- ?php ob_implicit_flush(); echo This is a test; ? --- end --- It may be time for making 4.2.0-dev stable :) Edit this bug report at http://bugs.php.net/?id=15178edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15339: can not run test program while cross compiling
From: [EMAIL PROTECTED]
Operating system: RedHat 7.1
PHP version: 4.1.1
PHP Bug Type: Compile Failure
Bug description: can not run test program while cross compiling
[root@dcprac php-4.1.1]# LIBS=-lmcrypt -lltdl ./configure \
--with-curl \
--with-apache=../apache_1.3.23 \
--enable-wddx \
--enable-dbx \
--enable-track-vars \
--with-mcrypt \
--with-mysql \
--with-xml \
--with-OpenSSL=/usr \
--enable-bcmath \
--enable-calendar \
--enable-ftp \
--enable-sockets
loading cache ./config.cache
checking for a BSD compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking whether make sets ${MAKE}... yes
checking for working aclocal... found
checking for working autoconf... found
checking for working automake... found
checking for working autoheader... found
checking for working makeinfo... found
checking whether to enable maintainer-specific portions of Makefiles...
no
checking host system type... i686-pc-linux-gnu
checking for gawk... gawk
checking for bison... bison -y
checking bison version... 1.28 (ok)
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... yes
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking how to run the C preprocessor... gcc -E
checking for AIX... no
checking for gcc option to accept ANSI C... none needed
checking for ranlib... ranlib
checking whether gcc and cc understand -c and -o together... yes
checking whether ln -s works... yes
checking for flex... flex
checking for yywrap in -lfl... yes
checking lex output file root... lex.yy
checking whether yytext is a pointer... yes
checking for working const... yes
checking for pthreads_cflags...
checking for pthreads_lib...
Configuring SAPI modules
checking for AOLserver support... no
checking for Apache module support via DSO through APXS... no
checking for Apache module support... yes - Apache 1.3.x
checking for mod_charset compatibility option... no
checking whether gcc supports -rdynamic... yes
checking for Apache 2.0 module support via DSO through APXS... no
checking for Caudium support... no
checking for fhttpd module support... no
checking for FastCGI support... no
checking for Zeus ISAPI support... no
checking for NSAPI support... no
checking for PHTTPD support... no
checking for Pi3Web Support... no
checking for Roxen/Pike support... no
checking for Servlet support... no
checking for thttpd... no
checking for TUX... no
checking for chosen SAPI module... apache
Running system checks
checking for missing declarations of reentrant functions... done
checking whether compiler supports -R... no
checking whether compiler supports -Wl,-rpath,... yes
checking for sendmail... /usr/sbin/sendmail
checking whether system uses EBCDIC... no
checking for socket in -lsocket... no
checking for htonl in -lsocket... no
checking for yp_get_default_domain... no
checking for gethostname in -lnsl... yes
checking for dlopen in -ldl... yes
checking for sin in -lm... yes
checking for inet_aton in -lresolv... yes
checking for res_search in -lsocket... no
checking for res_search in -lresolv... yes
checking for ANSI C header files... yes
checking for dirent.h that defines DIR... yes
checking for opendir in -ldir... no
checking for fclose declaration... ok
checking for alloca.h... yes
checking for arpa/inet.h... yes
checking for arpa/nameser.h... yes
checking for crypt.h... yes
checking for fcntl.h... yes
checking for grp.h... yes
checking for ieeefp.h... no
checking for langinfo.h... yes
checking for limits.h... yes
checking for locale.h... yes
checking for netinet/in.h... yes
checking for pwd.h... yes
checking for resolv.h... yes
checking for signal.h... yes
checking for stdarg.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for syslog.h... yes
checking for sysexits.h... yes
checking for sys/file.h... yes
checking for sys/mman.h... yes
checking for sys/mount.h... yes
checking for sys/resource.h... yes
checking for sys/select.h... yes
checking for sys/socket.h... yes
checking for sys/statfs.h... yes
checking for sys/statvfs.h... yes
checking for sys/vfs.h... yes
checking for sys/sysexits.h... no
checking for sys/time.h... yes
checking for sys/types.h... yes
checking for sys/varargs.h... no
checking for sys/wait.h... yes
checking for unistd.h... yes
checking for unix.h... no
checking for utime.h... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for tm_zone in struct tm... yes
checking for tm_gmtoff in struct tm... yes
checking for struct flock... yes
checking for socklen_t... yes
checking size of long... 8
checking size of int... 4
checking for st_blksize in struct stat... yes
checking for st_blocks in struct stat... yes
checking for st_rdev in struct stat...
[PHP-DEV] Bug #15338 Updated: Can't select database with '-' in name.
ID: 15338 Updated by: [EMAIL PROTECTED] Old Summary: Can't select database with '-' in name. Reported By: [EMAIL PROTECTED] Old Status: Closed Status: Bogus Bug Type: MSSQL related Operating System: windows NT IIS PHP Version: 4.1.1 New Comment: In PHP bug db, cloased is used for fixed bugs/problems. Bogus should be the correct status :) Previous Comments: [2002-02-01 20:00:41] [EMAIL PROTECTED] If your database name contains '-' or ' ' you can select the database like this: mssql_select_db([my database]); or mssql_select_db([my-database]); That works fine. [2002-02-01 19:46:52] [EMAIL PROTECTED] I have a database on my MSSQL server with a '-' in the database name. The database works fine with all of my other applications including ASP. However, I cannot select the database with PHP. Interestingly, a '-' in the server name doesn't seem to be a problem. $server=SQL-Server; $dbName=My-DB; $user=phpusr; $passwd=phppass; $hcon = mssql_connect($server, $user, $passwd); if ($hcon == FALSE) die(Could not connect to SQL server '$server'); $hdb = mssql_select_db($dbName, $hcon); The resulting message is: Warning: MS SQL message: Line 1: Incorrect syntax near '-'. (severity 15) in C:\InetPub\PHP\dbtest.php on line 10 Warning: MS SQL: Unable to select database: My-DB in C:\InetPub\PHP\dbtest.php on line 10 Could not select database 'My-DB' Edit this bug report at http://bugs.php.net/?id=15338edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Re: PHP42/Zend update needed for Apache 2.0.31
I can build php fine (did you do the php/Zend and php/TSRM checkout/update?), I just haven't had much luck in the past two weeks getting apache to startup with php installed. Nuttin' but segfaults Jim. David Justin Erenkrantz wrote: On Thu, Jan 31, 2002 at 04:15:38PM -0500, David Ford wrote: Apache 2.0.31 got tagged this evening, the php/zend code has been out of sync with it for a bit now. Would anyone mind chit chatting and getting the appropriate code updated? :) FWIW, I think DougM has made the appropriate input filtering changes and committed them to PHP's CVS repository almost immediately after my changes. So, I'm not really sure what could be wrong. I can't be of any help since it seems that PHP's HEAD is busted. configure isn't producing correct Makefiles. I looked at their commit logs yesterday and a commit made a few days ago changed the configure.in file (revision 1.295) and removed all generation of the top-level Makefiles among many others Makefiles (incl. sapi). So, I'm not even sure how you can even build their code in its current state. =( Doug or other PHP people have any clue here? Is something busted in PHP land or is buildconf no longer sufficient to generate the PHP configure scripts? -- justin -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Re: PHP42/Zend update needed for Apache 2.0.31
On Fri, Feb 01, 2002 at 01:28:50PM -0500, David Ford wrote: I can build php fine (did you do the php/Zend and php/TSRM checkout/update?), I just haven't had much luck in the past two weeks getting apache to startup with php installed. Nuttin' but segfaults Jim. Yeah, I have those dirs. You can run buildconf and configure and it produces all of the relevant Makefiles? Odd, because it isn't doing that here. -- justin -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] PHP42/Zend update needed for Apache 2.0.31
Apache 2.0.31 got tagged this evening, the php/zend code has been out of sync with it for a bit now. Would anyone mind chit chatting and getting the appropriate code updated? :) I'd like to help, but I'm rather new to the code. If I'm speaking to the wrong people, please let me know. Apache cores on startup here, I suspect that 0x0 is to blame. #0 0x402c613f in zend_register_functions (functions=0x404cdc00, function_table=0x0, type=1, tsrm_ls=0x8136da8) at zend_API.c:1033 1033target_function_table = CG(function_table); (gdb) bt #0 0x402c613f in zend_register_functions (functions=0x404cdc00, function_table=0x0, type=1, tsrm_ls=0x8136da8) at zend_API.c:1033 #1 0x402c63aa in zend_register_module (module=0x404cdcc0) at zend_API.c:1099 #2 0x402c60a2 in zend_startup_module (module=0x404cdcc0) at zend_API.c:1010 #3 0x402d3965 in php_startup_extensions (ptr=0x404cc810, count=18) at main.c:782 #4 0x402e0a93 in php_startup_internal_extensions () at internal_functions.c:80 #5 0x402d3f68 in php_module_startup (sf=0x404c8d80) at main.c:939 #6 0x402d0e65 in php_apache_server_startup (pconf=0x80b3bf8, plog=0x80e9cd0, ptemp=0x80ebcd8, s=0x80b6490) at sapi_apache2.c:428 #7 0x0807b6ff in ap_run_post_config (pconf=0x80b3bf8, plog=0x80e9cd0, ptemp=0x80ebcd8, s=0x80b6490) at config.c:124 #8 0x0807f872 in main (argc=1, argv=0xb634) at main.c:453 Thank you, David smime.p7s Description: S/MIME Cryptographic Signature
[PHP-DEV] PHP42/Zend update needed for Apache 2.0.31
Apache 2.0.31 got tagged this evening, the php/zend code has been out of sync with it for a bit now. Would anyone mind chit chatting and getting the appropriate code updated? :) I'd like to help, but I'm rather new to the code. If I'm speaking to the wrong people, please let me know. Apache cores on startup here, I suspect that 0x0 is to blame. #0 0x402c613f in zend_register_functions (functions=0x404cdc00, function_table=0x0, type=1, tsrm_ls=0x8136da8) at zend_API.c:1033 1033target_function_table = CG(function_table); (gdb) bt #0 0x402c613f in zend_register_functions (functions=0x404cdc00, function_table=0x0, type=1, tsrm_ls=0x8136da8) at zend_API.c:1033 #1 0x402c63aa in zend_register_module (module=0x404cdcc0) at zend_API.c:1099 #2 0x402c60a2 in zend_startup_module (module=0x404cdcc0) at zend_API.c:1010 #3 0x402d3965 in php_startup_extensions (ptr=0x404cc810, count=18) at main.c:782 #4 0x402e0a93 in php_startup_internal_extensions () at internal_functions.c:80 #5 0x402d3f68 in php_module_startup (sf=0x404c8d80) at main.c:939 #6 0x402d0e65 in php_apache_server_startup (pconf=0x80b3bf8, plog=0x80e9cd0, ptemp=0x80ebcd8, s=0x80b6490) at sapi_apache2.c:428 #7 0x0807b6ff in ap_run_post_config (pconf=0x80b3bf8, plog=0x80e9cd0, ptemp=0x80ebcd8, s=0x80b6490) at config.c:124 #8 0x0807f872 in main (argc=1, argv=0xb634) at main.c:453 Thank you, David smime.p7s Description: S/MIME Cryptographic Signature
Re: [PHP-DEV] NEW PHP standalone compiler (was Re: [PHP-DEV] Here we try again)
Manuel Lemos wrote: Actually, with all optimizations on, it seems that my site was running slower and consuming more CPU cycles when I just used Zend Optimizer. Sure, since the compilation takes longer due to the optimizations made. Using the Zend Optimizer makes only sense if a) your application runs long or b) you cache the bytecode. -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Re: [PHP-CVS] cvs: php4 / configure.in
On Sat, Feb 02, 2002 at 06:21:59AM -, Jon Parise wrote: jon Sat Feb 2 01:21:59 2002 EDT Modified files: /php4 configure.in Log: Revert revision 1.294. This commit broke things in interesting ways under FreeBSD. By adding these default header files to every header check, a number of subsequent checks failed (due to unsatisfied header file dependencies). This occured because netinet/in.h, for example, requires sys/types.h. In other words, these default includes are not autonomous and don't make workable defaults. This fixes the problem some people were seeing where the Zend build would fail early on, saying that it couldn't find va_list. This was a real bitch to track down based on that error. va_list is defined by stdarg.h, which wasn't getting included in Zend due to the HAVE_STDARG_H check. That wasn't getting defined because the configure run was failing (under FreeBSD) for nearly every header file check. Anyway, FreeBSD builds are now working with the latest cvs code. -- Jon Parise ([EMAIL PROTECTED]) . Information Technology (2001) http://www.csh.rit.edu/~jon/ : Computer Science House Member -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
