[PHP-DEV] Bug #15384 Updated: Seriously Dangerous Exploit
ID: 15384 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Apache related Operating System: All Windows Versions PHP Version: 4.1.1 New Comment: This has been reported before, and the documentation has been amended. Due to significant upgrades in the SAPI module for windows under both IIS and Apache, there is now no longer a need to use the binary. From exploration it would seem that there is no other way to run PHP as a binary, with apache. The suggested action is to change the scriptalias name, so it's harder or impossible to work out where the PHP binary is - however we accept that that is not a wonderfull solution. a better one is being investigated. Previous Comments: [2002-02-05 05:55:50] [EMAIL PROTECTED] As advised in the installation text that comes with all versions of PHP, when installing PHP.EXE for use on a windows machine installed with Apache, the user should insert a few lines of code into the Apache httpd.conf. These exact lines are shown here: ScriptAlias /php/ c:/php/ AddType application/x-httpd-php .php Action application/x-httpd-php /php/php.exe A security vulnerability arises when placing the ScriptAlias line above. This line effectively maps the alias /php/ to your web document root such that typing http://www.example.com/php/; will actually try to access in this case c:\php\. Please note that the last / on the end of the URL has to exist for this to work (http://www.example.com/php; will not work). At this point your server will respond with Access Denied, however if you now specify the URL http://www.example.com/php/php.exe; , you will see the error No input file specified. This error is actually returned by php.exe, which you have just executed on the server. There are many exploits that can happen with this setup (some very serious, which could be used to gain root access). Details Exploit 1: It is possible to read any file remotely on the server, even across drives with the following URL construct: http://www.example.com/php/php.exe?c:\winnt\repair\sam; PHP.EXE will parse the sam file c:\winnt\repair\sam and return it to the browser for download (this is the Windows NT password file). http://www.example.com/php/php.exe?d:\winnt\repair\sam; PHP.EXE will return the same file on the D: drive. The above SAM file can then be used to decrypt all the Account Passwords for the Server. Exploit 2: If you specify a file that exists in the php directory (different files exist depending on the version of PHP), the web server will try to execute this file and will throw back an error reporting the install directory of php. So in PHP4, for example, you would specify the following line: http://www.example.com/php/php4ts.dll; The error returned by the web server would be: couldn't create child process: 22693: C:/php/php4ts.dll showing the install path of PHP. -- Edit this bug report at http://bugs.php.net/?id=15384edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Bug #15369 Updated: Warning: Failed opening '/home/include/phpweb' for inclusion (include_path='.:.
ID: 15369 Updated by: [EMAIL PROTECTED] -Summary: Warning: Failed opening '/home/include/phpweb' for inclusion (include_path='.:. Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Unknown/Other Function Operating System: win PHP Version: 4.1.1 New Comment: can we possibly get some information that might make this bug seem slighlty less of a joke? Previous Comments: [2002-02-04 11:23:52] [EMAIL PROTECTED] true [2002-02-04 11:23:27] [EMAIL PROTECTED] right [2002-02-04 11:22:42] [EMAIL PROTECTED] Warning: Failed opening '/home/include/phpweb' for inclusion (include_path='.:./include:../include:../../include') in Unknown on line 0 -- Edit this bug report at http://bugs.php.net/?id=15369edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Bug #11813 Updated: ImageGammaCorrect no longer works
ID: 11813 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Critical Bug Type: GD related Operating System: Win NT 4.0 PHP Version: 4.0.6 New Comment: has this been resolved with 4.1.1 ? --james Previous Comments: [2001-10-16 10:22:36] [EMAIL PROTECTED] Let's keep this open (critical) until it really is solved. And I think there should be two modules in the win32 release, for both 1.8.x and 2.0.x versions of GD. --Jani [2001-10-16 01:42:37] [EMAIL PROTECTED] Closing. Next Windows binaries will have to use GD 1.8.x. [2001-10-02 18:22:46] [EMAIL PROTECTED] This is because the binaries use GD 2.0.1..which is still in beta state. We have to have extension which uses GD 1.8.x in next release. --Jani [2001-07-21 20:47:36] [EMAIL PROTECTED] Try setting the error_reporting level so that the script shows EVERYTHING. This may or may not help. [2001-06-30 19:20:05] [EMAIL PROTECTED] A script that worked in PHP 4.0.4 no longer works in PHP 4.0.6 (with the php_gd.dll bundled with the Win32 binaries). Here's a snippet: $srcImgName = SWD2.jpg; $dstImgName = gam_ . $srcImgName; $srcImage = ImageCreateFromJPEG( $srcImgName ); ImageGammaCorrect( $srcImage, 1.8, 2.2 ); ImageJPEG( $srcImage, $dstImgName ); No errors are produced, and the new image is created but it is identical to the original -- no gamma correction has occurred. Edit this bug report at http://bugs.php.net/?id=11813edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Bug #15303 Updated: Error compiling
ID: 15303 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: GD related Operating System: rocklinux 1.4 PHP Version: 4.1.1 New Comment: The version of PHP that this bug was reported in is too old. Please try to reproduce this bug in the latest version of PHP (available from http://www.php.net/downloads.php If you are still able to reproduce the bug with one of the latest versions of PHP, please change the PHP version on this bug report to the version you tested and change the status back to Open. Previous Comments: [2002-01-30 16:31:10] [EMAIL PROTECTED] Hello Dont know if this is a gd or php issus. I downloaded gd to have it to work with gd cause i wanted to generate alpha blending images on the fly. therefore i choosed the 2.0.1 beta build. When i compile gd everything is allright but when i try to compile php i get this error message snip gcc -I. -I/usr/src/php-4.1.1/ext/gd -I/usr/src/php-4.1.1/main -I/usr/src/php -4.1.1 -I/usr/src/php-4.1.1/Zend -I/usr/src/php-4.1.1/ext/mysql/libmysql -I/ usr/src/php-4.1.1/ext/xml/expat -I/usr/src/php-4.1.1/TSRM -g -O2 -c gd.c touch gd.lo In file included from /usr/include/gd.h:25, from php_gd.h:33, from gd.c:36: /usr/include/gd_io.h:21: undefined or invalid # directive In file included from gd.c:36: php_gd.h:69: warning: static declaration for `gdImageColorResolve' follows non-static gd.c:92: conflicting types for `gdIOCtx' /usr/include/gd_io.h:18: previous declaration of `gdIOCtx' make[3]: *** [gd.lo] Error 1 make[3]: Leaving directory `/usr/src/php-4.1.1/ext/gd' /snip The only option i have supplied is ./configure --with-gd Im using rocklinux 1.4 and have tried to download and install zlib libpng libjpeg freetype several times. Whats wrong? Should i send a bugreport to php or is this a gd issue? Thanx for a good software /Alexander Edit this bug report at http://bugs.php.net/?id=15303edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Bug #15303 Updated: Error compiling
ID: 15303 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Old Status: Bogus Status: Open Bug Type: GD related Operating System: rocklinux 1.4 PHP Version: 4.1.1 New Comment: that was the wrong message. Previous Comments: [2002-02-03 07:08:53] [EMAIL PROTECTED] The version of PHP that this bug was reported in is too old. Please try to reproduce this bug in the latest version of PHP (available from http://www.php.net/downloads.php If you are still able to reproduce the bug with one of the latest versions of PHP, please change the PHP version on this bug report to the version you tested and change the status back to Open. [2002-01-30 16:31:10] [EMAIL PROTECTED] Hello Dont know if this is a gd or php issus. I downloaded gd to have it to work with gd cause i wanted to generate alpha blending images on the fly. therefore i choosed the 2.0.1 beta build. When i compile gd everything is allright but when i try to compile php i get this error message snip gcc -I. -I/usr/src/php-4.1.1/ext/gd -I/usr/src/php-4.1.1/main -I/usr/src/php -4.1.1 -I/usr/src/php-4.1.1/Zend -I/usr/src/php-4.1.1/ext/mysql/libmysql -I/ usr/src/php-4.1.1/ext/xml/expat -I/usr/src/php-4.1.1/TSRM -g -O2 -c gd.c touch gd.lo In file included from /usr/include/gd.h:25, from php_gd.h:33, from gd.c:36: /usr/include/gd_io.h:21: undefined or invalid # directive In file included from gd.c:36: php_gd.h:69: warning: static declaration for `gdImageColorResolve' follows non-static gd.c:92: conflicting types for `gdIOCtx' /usr/include/gd_io.h:18: previous declaration of `gdIOCtx' make[3]: *** [gd.lo] Error 1 make[3]: Leaving directory `/usr/src/php-4.1.1/ext/gd' /snip The only option i have supplied is ./configure --with-gd Im using rocklinux 1.4 and have tried to download and install zlib libpng libjpeg freetype several times. Whats wrong? Should i send a bugreport to php or is this a gd issue? Thanx for a good software /Alexander Edit this bug report at http://bugs.php.net/?id=15303edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Bug #15161 Updated: persistent connections(php)
ID: 15161 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Old Bug Type: Website problem Bug Type: *General Issues Operating System: win9x PHP Version: 4.1.1 New Comment: erm, firstly, this isn't a problem with the website. Secondly, this isn't a problem with PHP. Increase your max connections for mysql, or debug it so you don't need so many. Previous Comments: [2002-01-22 08:01:05] [EMAIL PROTECTED] Warning: Too many connections in /usr/home/h/a/haqwaris/public_html/vb/admin/db_mysql.php on line 38 Warning: MySQL Connection Failed: Too many connections in /usr/home/h/a/haqwaris/public_html/vb/admin/db_mysql.php on line 38 There seems to have been a slight problem with the database. Please try again by pressing the refresh button in your browser. An E-Mail has been dispatched to our Technical Staff, who you can also contact if the problem persists. We apologise for any inconvenience kindly solve this matter as it is comming now alot on the page very warm rgds Edit this bug report at http://bugs.php.net/?id=15161edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15159 Updated: apache chush and write when i use header('') function;
ID: 15159 Updated by: imajes Old Summary: apache chush and write when i use header('') function; Reported By: [EMAIL PROTECTED] Status: Open Old Bug Type: Website problem Bug Type: Apache related Operating System: linux 2.2.16-20 PHP Version: 4.1.1 New Comment: this isn't a website problem, but potentially an apache problem. Previous Comments: [2002-01-22 05:47:16] [EMAIL PROTECTED] function DoAuthorise(){ header( WWW-Authenticate: Basic realm=\Catalog Administaror Login\ ); header( HTTP/1.0 401 Unauthorized ); echo Authorization require; exit; } this is not work in php 4.1.1 !!! Apache log: [notice] child pid 6527 exit signal Segmentation fault (11) When i comment all header invocation all fine my apache configuration: Apache/1.3.12 (Unix) (Red Hat/Linux) mod_ssl/2.6.6 OpenSSL/0.9.5a PHP/4.1.1 mod_perl/1.24 when a change my php module to previous version 4.0.6 the code above work OK! Edit this bug report at http://bugs.php.net/?id=15159edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15161 Updated: persistent connections(php)
ID: 15161 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Bogus Old Bug Type: Performance problem Bug Type: MySQL related Operating System: win9x PHP Version: 4.1.1 New Comment: erm, this is not a performance problem, please don't label it as such (doesn't help our stats). Previous Comments: [2002-01-22 09:55:28] [EMAIL PROTECTED] erm, firstly, this isn't a problem with the website. Secondly, this isn't a problem with PHP. Increase your max connections for mysql, or debug it so you don't need so many. [2002-01-22 08:01:05] [EMAIL PROTECTED] Warning: Too many connections in /usr/home/h/a/haqwaris/public_html/vb/admin/db_mysql.php on line 38 Warning: MySQL Connection Failed: Too many connections in /usr/home/h/a/haqwaris/public_html/vb/admin/db_mysql.php on line 38 There seems to have been a slight problem with the database. Please try again by pressing the refresh button in your browser. An E-Mail has been dispatched to our Technical Staff, who you can also contact if the problem persists. We apologise for any inconvenience kindly solve this matter as it is comming now alot on the page very warm rgds Edit this bug report at http://bugs.php.net/?id=15161edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15133 Updated: SSI
ID: 15133 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Feature/Change Request Operating System: Windows PHP Version: 4.1.1 New Comment: alternatively, why not have your isp make a new filtered extension, like .pssi or something, which has the executable set as php.exe -q ? Previous Comments: [2002-01-20 23:56:30] [EMAIL PROTECTED] Well, on UN*X, too you don't have to supply the path to PHP. But as you are implying, a script is either called normally OR from a SSI include. So every script which is called by SSI could have a php -q at the beginning, right? Your set_expose would therefore be redundant (unless -q is not possible from within IIS). Is it possible, or not, to run a PHP-script with -q on IIS? Kind Regards, Daniel Lorch [2002-01-20 22:32:19] [EMAIL PROTECTED] Under IIS, you do not have to supply the path to the executable in every script. That's the nature of windows. It works via file extension association. My solution is to create a function called set_expose(off) or whatever fits in with the php naming conventions so that this can be set at runtime from within the script. Thus forcing php to not send out any headers by itself. [2002-01-20 22:28:34] [EMAIL PROTECTED] But this a completely intended behaviour. On UN*X you have to provide the -q as well in _every script_ which should be used as output called from a SSI directive. Where do you have to make this setting? Globally for all PHP scripts? Or can it be done in every script. I don't know IIS, sorry. Kind Regards, Daniel Lorch [2002-01-20 22:11:59] [EMAIL PROTECTED] Under IIS you specify what script engine runs your php file. Basically says that all files with extension .php are run by c:/php/php.exe or whatever the executable is. You COULD put the -q in there, but that would apply for all users. Can you specify -q at runtime so that my ISP (or any ISP for that matter) doesn't have to set explicit settings for this? That way it gets left up to the programmer HOW they want their php scripts run. Forcing -q on all users would mean that everyone of the ISP's clients would have to output all the headers just to get their scripts running. [2002-01-20 22:08:46] [EMAIL PROTECTED] php.exe -q doesn't work on Windows? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=15133 Edit this bug report at http://bugs.php.net/?id=15133edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15093 Updated: $_FILES and other global array are not documented
ID: 15093 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Duplicate Old Bug Type: Website problem Bug Type: Documentation problem Operating System: All PHP Version: 4.1.1 New Comment: This is being worked on, thanks for the report. :) Previous Comments: [2002-01-17 21:21:48] [EMAIL PROTECTED] The $_FILES array is the worst of these. Its existence can be deduced only by looking at the naming scheme of the new arrays versus the old one (or typing $_FILES in Google!), but it'd be nice to see this nifty new feature documented. I figure the main reason people people still use $postvar instead of $HTTP_POST_VARS['postvar'] is because of lazyness, so at least $_POST['postvar'] will help wrangle them in the right direction. Maybe. Anyways... here are a couple of places where it would have been nice to see some info. http://www.php.net/release_4_1_0.php http://www.php.net/manual/en/features.file-upload.php http://www.php.net/manual/en/language.variables.predefined.php http://www.php.net/manual/en/language.variables.external.php -Abner Edit this bug report at http://bugs.php.net/?id=15093edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15052 Updated: Reserved Variable Name id ?
ID: 15052 Updated by: imajes Old Summary: Reserved Variable Name id ? Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Variables related Operating System: WIn2k PHP Version: 4.0CVS-2002-01-15 New Comment: $id is not a reserved variable, and should be useable where-ever you code. You might find however that you have used id before in the script, so it is picking that variable, and you have a conflict. Previous Comments: [2002-01-15 11:58:43] [EMAIL PROTECTED] Hi, I hope this is really a bug and I'm not too stupid: In a larger script I used to embed variables in links, like this: search.php?a=1bc=2 which worked perfectly. But when I used id as Variablename it always got lost, so what should be search.phpid=1 became search.phpid=ressource id #1. I looked for hours for the problem, than I renamed id to it, and now the variables are transferred correctly and the program works.. So is id perhaps some kind of variable that is used by php internally ? I searched in the docus and the bug reports, but didn't find anything on it. [2002-01-15 11:56:22] [EMAIL PROTECTED] Hi, I hope this is really a bug and I'm not too stupid: In a larger script I used to embed variables in links, like this: search.php?a=1bc=2 witch worked perfectly. But when I used id as Variablename it always got lost, so what should be search.phpid=1 became search.phpid=ressource id #1. I looked for hours for the problem, than I renamed id to it, and now the variables are transferred correctly and the program works.. So is id perhaps some kind of variable that is used by php internally ? I searched in the docus and the bug reports, but didn't find anything on it. Edit this bug report at http://bugs.php.net/?id=15052edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15052 Updated: Reserved Variable Name id ?
ID: 15052 Updated by: imajes Old Summary: Reserved Variable Name id ? Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: Variables related Operating System: WIn2k PHP Version: 4.0CVS-2002-01-15 Previous Comments: [2002-01-15 11:58:43] [EMAIL PROTECTED] Hi, I hope this is really a bug and I'm not too stupid: In a larger script I used to embed variables in links, like this: search.php?a=1bc=2 which worked perfectly. But when I used id as Variablename it always got lost, so what should be search.phpid=1 became search.phpid=ressource id #1. I looked for hours for the problem, than I renamed id to it, and now the variables are transferred correctly and the program works.. So is id perhaps some kind of variable that is used by php internally ? I searched in the docus and the bug reports, but didn't find anything on it. [2002-01-15 11:56:22] [EMAIL PROTECTED] Hi, I hope this is really a bug and I'm not too stupid: In a larger script I used to embed variables in links, like this: search.php?a=1bc=2 witch worked perfectly. But when I used id as Variablename it always got lost, so what should be search.phpid=1 became search.phpid=ressource id #1. I looked for hours for the problem, than I renamed id to it, and now the variables are transferred correctly and the program works.. So is id perhaps some kind of variable that is used by php internally ? I searched in the docus and the bug reports, but didn't find anything on it. Edit this bug report at http://bugs.php.net/?id=15052edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15062: apache crash in php4ts.dll
From: [EMAIL PROTECTED] Operating system: Windows 2000 + Apache PHP version: 4.1.1 PHP Bug Type: Reproducible crash Bug description: apache crash in php4ts.dll i am running latest stable 1.3 apache on my windows 2000 machine here. When i execute the following code (both $f_user and $f_pass are populated) ?php require_once(global.php); if (isset ($f_user) isset ($f_pass)) { /* so the user [form] needs to be logged in... */ $sql = SELECT * FROM login WHERE user = ' . addslashes($f_user) . '; $userchk = db_connect($sql, Y); if ( isset($userchk) ($userchk != )) { if ( $userchk-pass = $f_pass ) { $icauser = true; session_register(icauser); } } } ? it causes apache.exe to crash. when restarting the service, i get the following message 3 times: titlebar: apache.exe Entry Point Not Found message: The procedure entry point wrong_param_count could not be located in the dynamic link library php4ts.dll. I will get/give more info as requested. -- Edit bug report at: http://bugs.php.net/?id=15062edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15007 Updated: search for $_SERVER fails while attempting to search PHP documentation
ID: 15007 Updated by: imajes Old Summary: search for $_SERVER fails while attempting to search PHP documentation Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: Website problem Operating System: N/A PHP Version: 4.1.1 New Comment: yes, we are aware of this, and documentation people are working on documentation for _* global variables. Thanks. Previous Comments: [2002-01-12 15:33:43] [EMAIL PROTECTED] I've seen the new $_SERVER (for example) variable arrays mentioned, as replacements for the old $HTTP_SERVER_VARS (I think) array, but I wasn't able to easily find any pages that mention them. I therefore put $_SERVER (no quotes) in the search box, and got pages with the word server, not $_SERVER so I tried entering $_SERVER (a quoted string), which produced the same results. Problems: 1. It appears there is no way to find pages with the exact text $_SERVER using this search system. 2. Discussion of $_SERVER (and $POST, $_ENV, etc.) arrays needs to be findable in the documentation. Edit this bug report at http://bugs.php.net/?id=15007edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14909 Updated: Allows access to ANY file
ID: 14909 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Critical Old Bug Type: Documentation problem Bug Type: Apache related Operating System: Windows PHP Version: 4.1.1 Assigned To: [EMAIL PROTECTED] New Comment: Ok, I have checked in a newer, cleaner version of the relevant documentation. As far as the guidelines go, configuring php and apache like that is a massive security risk, (since we've been recommending all production level sites to create a script alias for /php/ and mapping that to their php directory), so I appeal to the apache people (Jimw, etc) to look into ways of fixing it so you don't have to use a scriptalias and action. (or use action with an absolute path). This is a pretty urgent problem, so i'm going to mark this bug as critical and move it to Apache Related. Previous Comments: [2002-01-07 12:02:52] [EMAIL PROTECTED] Georg, our security section has a link to that CERT advisory for quite a long time now. I have added a warning and a link to the particular security page to that setup instruction page for Apache windows. Please give better instructions for CGI setups under windows if you can. A setup, where PHP sritps are portable, so no #!c:\php\php.exe type of method is doable... Maybe James can find another way. The Apache doc only documents the methods we have in the install and security chapters... --- Goba [2002-01-07 09:46:58] [EMAIL PROTECTED] Actually, our documentation tells win32 users to install that way. I'm investigating a better method right now, and will patch the documentation in a short while. I knew i forgot to do something after i updated my win32 last week! [2002-01-07 09:41:20] [EMAIL PROTECTED] Unbelievable, why do you set your cgi-binary in the document root tree!? See http://www.cert.org/advisories/CA-1996-11.html [2002-01-07 09:34:04] [EMAIL PROTECTED] Well you should have already heard about this but I'll report it anyway becoz we all need a fix very fast! Well when you do this: http://www.example.com/php/php.exe?c:\winnt\repair\sam (this is an example, you can view any file) it will return the files contents! This happens with ANY windows versions...i don't think it affects linux. Also this will return the install path of PHP: http://www.example.com/php/php4ts.dll could you please get a path/new vesion out ASAP! This is extremly serious! Edit this bug report at http://bugs.php.net/?id=14909edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14909 Updated: Allows access to ANY file
ID: 14909 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Critical Old Bug Type: Documentation problem Bug Type: Apache related Operating System: Windows PHP Version: 4.1.1 Assigned To: imajes New Comment: the documentation is fixed, i committed this morning/last night. there is however a bug in the way apache handles the binary -- or the way php acts when called as a binary (you can get premature end of script headers). What i would like to do is leave this open, and noticeable for some of the apache guys to take a look at and comment on it. The docs are fixed we just need to wait to see if this is a thing to hand off to apache. Previous Comments: [2002-01-08 07:16:40] [EMAIL PROTECTED] As said by others, this is NOT a bug, but a documentation problem. (btw: assigned to only needs your username) [2002-01-08 03:28:11] [EMAIL PROTECTED] Ok, I have checked in a newer, cleaner version of the relevant documentation. As far as the guidelines go, configuring php and apache like that is a massive security risk, (since we've been recommending all production level sites to create a script alias for /php/ and mapping that to their php directory), so I appeal to the apache people (Jimw, etc) to look into ways of fixing it so you don't have to use a scriptalias and action. (or use action with an absolute path). This is a pretty urgent problem, so i'm going to mark this bug as critical and move it to Apache Related. [2002-01-07 12:02:52] [EMAIL PROTECTED] Georg, our security section has a link to that CERT advisory for quite a long time now. I have added a warning and a link to the particular security page to that setup instruction page for Apache windows. Please give better instructions for CGI setups under windows if you can. A setup, where PHP sritps are portable, so no #!c:\php\php.exe type of method is doable... Maybe James can find another way. The Apache doc only documents the methods we have in the install and security chapters... --- Goba [2002-01-07 09:46:58] [EMAIL PROTECTED] Actually, our documentation tells win32 users to install that way. I'm investigating a better method right now, and will patch the documentation in a short while. I knew i forgot to do something after i updated my win32 last week! [2002-01-07 09:41:20] [EMAIL PROTECTED] Unbelievable, why do you set your cgi-binary in the document root tree!? See http://www.cert.org/advisories/CA-1996-11.html The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=14909 Edit this bug report at http://bugs.php.net/?id=14909edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14938 Updated: No htmlescape() function for PHP4
ID: 14938 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Documentation problem Operating System: Linux PHP Version: 4.1.1 Old Assigned To: Assigned To: imajes New Comment: i'm a sucker for punishment. Previous Comments: [2002-01-08 18:36:18] [EMAIL PROTECTED] You can use htmlspecialchars() htmlentities(). Filled as a documentation problem. [2002-01-08 17:29:58] [EMAIL PROTECTED] As you can find PHP Faq at:http://www.php.net/manual/en/faq.html.php, there is a function of htmlescape() to escape string for html syntax. unfortunately, i can not find htmlescape() function from php function table, and wonder what is going on here. would you kindly please let me about it? thanx a ton! Jackey Edit this bug report at http://bugs.php.net/?id=14938edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14938 Updated: No htmlescape() function for PHP4
ID: 14938 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Documentation problem Operating System: Linux PHP Version: 4.1.1 Assigned To: imajes New Comment: thanks, that's fixed. Previous Comments: [2002-01-08 18:43:21] [EMAIL PROTECTED] i'm a sucker for punishment. [2002-01-08 18:36:18] [EMAIL PROTECTED] You can use htmlspecialchars() htmlentities(). Filled as a documentation problem. [2002-01-08 17:29:58] [EMAIL PROTECTED] As you can find PHP Faq at:http://www.php.net/manual/en/faq.html.php, there is a function of htmlescape() to escape string for html syntax. unfortunately, i can not find htmlescape() function from php function table, and wonder what is going on here. would you kindly please let me about it? thanx a ton! Jackey Edit this bug report at http://bugs.php.net/?id=14938edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14938 Updated: No htmlescape() function for PHP4
ID: 14938 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: Documentation problem Operating System: Linux PHP Version: 4.1.1 Assigned To: imajes Previous Comments: [2002-01-08 18:43:21] [EMAIL PROTECTED] i'm a sucker for punishment. [2002-01-08 18:36:18] [EMAIL PROTECTED] You can use htmlspecialchars() htmlentities(). Filled as a documentation problem. [2002-01-08 17:29:58] [EMAIL PROTECTED] As you can find PHP Faq at:http://www.php.net/manual/en/faq.html.php, there is a function of htmlescape() to escape string for html syntax. unfortunately, i can not find htmlescape() function from php function table, and wonder what is going on here. would you kindly please let me about it? thanx a ton! Jackey Edit this bug report at http://bugs.php.net/?id=14938edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14909 Updated: Allows access to ANY file
ID: 14909 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Bogus Status: Open Old Bug Type: Apache related Bug Type: Documentation problem Operating System: Windows PHP Version: 4.1.1 Old Assigned To: Assigned To: [EMAIL PROTECTED] New Comment: Actually, our documentation tells win32 users to install that way. I'm investigating a better method right now, and will patch the documentation in a short while. I knew i forgot to do something after i updated my win32 last week! Previous Comments: [2002-01-07 09:41:20] [EMAIL PROTECTED] Unbelievable, why do you set your cgi-binary in the document root tree!? See http://www.cert.org/advisories/CA-1996-11.html [2002-01-07 09:34:04] [EMAIL PROTECTED] Well you should have already heard about this but I'll report it anyway becoz we all need a fix very fast! Well when you do this: http://www.example.com/php/php.exe?c:\winnt\repair\sam (this is an example, you can view any file) it will return the files contents! This happens with ANY windows versions...i don't think it affects linux. Also this will return the install path of PHP: http://www.example.com/php/php4ts.dll could you please get a path/new vesion out ASAP! This is extremly serious! Edit this bug report at http://bugs.php.net/?id=14909edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14914 Updated: php.netvision.net.il link mentioned in install.txt doesn't exist
ID: 14914 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Documentation problem Operating System: Win2000 PHP Version: 4.1.1 New Comment: yes, you're right. I'll remove that link right now. Something else i forgot. Previous Comments: [2002-01-07 13:36:15] [EMAIL PROTECTED] Link to: http://php.netvision.net.il/browser-id.php3 mentioned in PHP 4.1.1 Windows .zip distributions install.txt doesn't exist --- On PWS and IIS, you can set the browscap.ini to point to: 'c:\windows\system\inetsrv\browscap.ini' on Windows 9x/Me and 'c:\winnt\system32\inetsrv\browscap.ini' on NT/2000 Server. Additional information on using the browscap functionality in PHP can be found at http://php.netvision.net.il/browser-id.php3 select the source button to see it in action. --- Edit this bug report at http://bugs.php.net/?id=14914edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14914 Updated: php.netvision.net.il link mentioned in install.txt doesn't exist
ID: 14914 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: Documentation problem Operating System: Win2000 PHP Version: 4.1.1 New Comment: yes, you're right. I'll remove that link right now. Something else i forgot. Previous Comments: [2002-01-07 13:39:50] [EMAIL PROTECTED] yes, you're right. I'll remove that link right now. Something else i forgot. [2002-01-07 13:36:15] [EMAIL PROTECTED] Link to: http://php.netvision.net.il/browser-id.php3 mentioned in PHP 4.1.1 Windows .zip distributions install.txt doesn't exist --- On PWS and IIS, you can set the browscap.ini to point to: 'c:\windows\system\inetsrv\browscap.ini' on Windows 9x/Me and 'c:\winnt\system32\inetsrv\browscap.ini' on NT/2000 Server. Additional information on using the browscap functionality in PHP can be found at http://php.netvision.net.il/browser-id.php3 select the source button to see it in action. --- Edit this bug report at http://bugs.php.net/?id=14914edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14914 Updated: php.netvision.net.il link mentioned in install.txt doesn't exist
ID: 14914 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Closed Bug Type: Documentation problem Operating System: Win2000 PHP Version: 4.1.1 New Comment: oops, meant to say fixed. :) Previous Comments: [2002-01-07 13:53:59] [EMAIL PROTECTED] yes, you're right. I'll remove that link right now. Something else i forgot. [2002-01-07 13:39:50] [EMAIL PROTECTED] yes, you're right. I'll remove that link right now. Something else i forgot. [2002-01-07 13:36:15] [EMAIL PROTECTED] Link to: http://php.netvision.net.il/browser-id.php3 mentioned in PHP 4.1.1 Windows .zip distributions install.txt doesn't exist --- On PWS and IIS, you can set the browscap.ini to point to: 'c:\windows\system\inetsrv\browscap.ini' on Windows 9x/Me and 'c:\winnt\system32\inetsrv\browscap.ini' on NT/2000 Server. Additional information on using the browscap functionality in PHP can be found at http://php.netvision.net.il/browser-id.php3 select the source button to see it in action. --- Edit this bug report at http://bugs.php.net/?id=14914edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14864 Updated: Object and sessions, no way!
ID: 14864 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: Reproducible crash Operating System: Linux Slackware and Cobalt Raq4 PHP Version: 4.1.1 New Comment: firstly, this isn't a reproduceable crash, since the engine didn't crash. Secondly, the code you show here WORKS. I suggest you look at your code again, and debug it properly. Previous Comments: [2002-01-04 20:27:57] [EMAIL PROTECTED] mispelled while restyling the code for you :-) ?php class BinLaden{ var $wow; function BinLaden($Parola){ $this-wow=$Parola; } } session_start(); if(!isset($wa)) { $wa = new BinLaden(Hello Word); session_register('wa'); print New objectbr; } else { echo($wa-wow); // THIS LINE WAS MISPELLED print Object from sessionbr; } ? [2002-01-04 20:24:37] [EMAIL PROTECTED] FIRST OUTPUT: New object REFRESH BROWSER: Fatal error: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition binladen of the object you are trying to operate on was loaded _before_ the session was started in test.php on line 16 Note: The class is defined before the session start! ?php class BinLaden{ var $wow; function BinLaden($Parola){ $this-wow=$Parola; } } session_start(); if(!isset($wa)) { $wa = new BinLaden(Hello Word); session_register('wa'); print New objectbr; } else { echo($wa-cazz); print Object from sessionbr; } ? Edit this bug report at http://bugs.php.net/?id=14864edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14864 Updated: Object and sessions, no way!
ID: 14864 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Old Bug Type: Reproducible crash Bug Type: Unknown/Other Function Operating System: Linux Slackware and Cobalt Raq4 PHP Version: 4.1.1 New Comment: maybe, but i doubt it. Previous Comments: [2002-01-04 20:46:17] [EMAIL PROTECTED] Quite strange, I've just copied the php.ini-dist on the php.ini I had and now it works. Maybe when installed 4.1.1 I've forgotten to upgrade my php.ini that was 4.0.6 Could you imagine what could have been the cause of it ? Thanks J [2002-01-04 20:36:57] [EMAIL PROTECTED] firstly, this isn't a reproduceable crash, since the engine didn't crash. Secondly, the code you show here WORKS. I suggest you look at your code again, and debug it properly. [2002-01-04 20:27:57] [EMAIL PROTECTED] mispelled while restyling the code for you :-) ?php class BinLaden{ var $wow; function BinLaden($Parola){ $this-wow=$Parola; } } session_start(); if(!isset($wa)) { $wa = new BinLaden(Hello Word); session_register('wa'); print New objectbr; } else { echo($wa-wow); // THIS LINE WAS MISPELLED print Object from sessionbr; } ? [2002-01-04 20:24:37] [EMAIL PROTECTED] FIRST OUTPUT: New object REFRESH BROWSER: Fatal error: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition binladen of the object you are trying to operate on was loaded _before_ the session was started in test.php on line 16 Note: The class is defined before the session start! ?php class BinLaden{ var $wow; function BinLaden($Parola){ $this-wow=$Parola; } } session_start(); if(!isset($wa)) { $wa = new BinLaden(Hello Word); session_register('wa'); print New objectbr; } else { echo($wa-cazz); print Object from sessionbr; } ? Edit this bug report at http://bugs.php.net/?id=14864edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14864 Updated: Object and sessions, no way!
ID: 14864 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: Reproducible crash Operating System: Linux Slackware and Cobalt Raq4 PHP Version: 4.1.1 New Comment: I just did close the bug! and i am going to close this again! Previous Comments: [2002-01-04 20:51:53] [EMAIL PROTECTED] Just tell me, if U want, how to send you both php.ini.406 and php.ini.411 files :-) otherwise close the bug :-) J [2002-01-04 20:49:53] [EMAIL PROTECTED] maybe, but i doubt it. [2002-01-04 20:46:17] [EMAIL PROTECTED] Quite strange, I've just copied the php.ini-dist on the php.ini I had and now it works. Maybe when installed 4.1.1 I've forgotten to upgrade my php.ini that was 4.0.6 Could you imagine what could have been the cause of it ? Thanks J [2002-01-04 20:36:57] [EMAIL PROTECTED] firstly, this isn't a reproduceable crash, since the engine didn't crash. Secondly, the code you show here WORKS. I suggest you look at your code again, and debug it properly. [2002-01-04 20:27:57] [EMAIL PROTECTED] mispelled while restyling the code for you :-) ?php class BinLaden{ var $wow; function BinLaden($Parola){ $this-wow=$Parola; } } session_start(); if(!isset($wa)) { $wa = new BinLaden(Hello Word); session_register('wa'); print New objectbr; } else { echo($wa-wow); // THIS LINE WAS MISPELLED print Object from sessionbr; } ? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=14864 Edit this bug report at http://bugs.php.net/?id=14864edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14865 Updated: php4apache.dll - phpinfo error - winXP - Apache
ID: 14865 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Apache related Operating System: Win XP Prof PHP Version: 4.1.1 New Comment: Wow, wierd. If you go to the second page (cgi binary) it displays fine, yet the first page starts to display, and then dies. I have a sneaky suspicion that it is more to do with permissions, or something. Could you paste your apache php definitions, please, so we know what apache is doing when it gets a php4a / php4c url. Thanks. Previous Comments: [2002-01-04 20:54:51] [EMAIL PROTECTED] The correct links: Apache API: http://www.wenpas.ch:8080/phpinfo.php4a CGI API: http://www.wenpas.ch:8080/phpinfo.php4c Pascal [2002-01-04 20:51:14] [EMAIL PROTECTED] I have problem with the php4apache.dll on win xp prof apache 1.3.22 and php4.1.1 ! Server API: Apache If you execute the phpinfo(), same time it work, but the most time came the message that the page not can show. Or same line are wrong (wrong character like @#°§@°@#§879...) http://xp.wenpas.ch:8080/phpinfo.php4c Server API: CGI The same example with the installation as CGI work fine. (same php.ini) http://xp.wenpas.ch:8080/phpinfo.php4a I think the problem is at php4apache.dll Pascal Edit this bug report at http://bugs.php.net/?id=14865edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14865 Updated: php4apache.dll - phpinfo error - winXP - Apache
ID: 14865 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Feedback Bug Type: Apache related Operating System: Win XP Prof PHP Version: 4.1.1 Previous Comments: [2002-01-04 20:54:51] [EMAIL PROTECTED] The correct links: Apache API: http://www.wenpas.ch:8080/phpinfo.php4a CGI API: http://www.wenpas.ch:8080/phpinfo.php4c Pascal [2002-01-04 20:51:14] [EMAIL PROTECTED] I have problem with the php4apache.dll on win xp prof apache 1.3.22 and php4.1.1 ! Server API: Apache If you execute the phpinfo(), same time it work, but the most time came the message that the page not can show. Or same line are wrong (wrong character like @#°§@°@#§879...) http://xp.wenpas.ch:8080/phpinfo.php4c Server API: CGI The same example with the installation as CGI work fine. (same php.ini) http://xp.wenpas.ch:8080/phpinfo.php4a I think the problem is at php4apache.dll Pascal Edit this bug report at http://bugs.php.net/?id=14865edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14839 Updated: getcwd() and `pwd` report incorrect directory
ID: 14839 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Open Bug Type: *Directory/Filesystem functions Operating System: Linux, FreeBSD, Solaris PHP Version: 4.0.5 New Comment: Ok, some comments, if i may. Firstly, I have verified this behaviour, however (and I could be wrong), this is not unexpected. The script executes relavtive to the directory it exists within, not the directory you are currently in. I can't particularly explain why, but this kind of makes sense. If you had a script in some unsafe directory, allowing the moving and deleting of files, and you could run it in a secured directory, in which the php process had sufficient access, and affect the files there, would that not present potential security risks? Anyhow, i could be wrong, so don't take what i said as corret. Previous Comments: [2002-01-04 00:22:32] [EMAIL PROTECTED] Oh, I suppose you want my configure line, even though it really doesn't make a difference. Here it is: CONFIGURE_COMMAND = './configure' '--with-gd=/usr/local' '--with-mysql' '--with-openssl' '--with-apxs=/usr/local/sbin/apxs' '--prefix=/usr/local' [2002-01-04 00:16:48] [EMAIL PROTECTED] This problem was previously reported by someone against PHP 4.0.6 in Bug ID # 14214. Latest comment on the that reports says they are going to close it for lack of information. This bug has existed in every version of PHP I've used since 1999. It fails on Linux, FreeBSD and Solaris. Both mistaken report the directory which contains the script being run, NOT the current working directory. This fails when run from a directory other than where the script is saved: #! /usr/local/bin/php -q ?php system(pwd); echo `pwd`; echo getcwd(); echo \n; ? Under any POSIX-compliant OS, or just about any version of Unix, calling the getcwd(3) library routine should get the correct result. It appears the PHP interpreter startup is changing directories without saving this value first, since even calling the OS gives incorrect values. Edit this bug report at http://bugs.php.net/?id=14839edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14742 Updated: Example is wrong
ID: 14742 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: Documentation problem Old Operating System: don't care Operating System: don\'t care PHP Version: 4.1.1 New Comment: I've updated the documentation. Thanks. Previous Comments: [2001-12-28 13:15:52] [EMAIL PROTECTED] http://download.php.net/manual/en/function.strftime.php This is a mistake. print (strftime (%A, in French )); setlocale (LC_TIME, fr_CA); fr is the French language CA is a country, Canada in this case. So, fr_CA is likely Quebec Time or Eastern Time. This example should be replaced with: print (strftime (%A, in French )); setlocale (LC_TIME, fr_FR); Denis Edit this bug report at http://bugs.php.net/?id=14742edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14734 Updated: new superglobals ($_SERVER, etc.) not documented
ID: 14734 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Documentation problem Operating System: Win XP PHP Version: 4.1.0 New Comment: but $PHP_SELF is also a special variable, so I think also listing it out of any collection is a good thing. Previous Comments: [2001-12-28 11:35:45] [EMAIL PROTECTED] Tested again. Yes you are right. It would be good to have it listed only in _SERVER, as the other vars. [2001-12-28 10:29:47] [EMAIL PROTECTED] It's printed in _SERVER too (apache 1.3.22/php 4.1.0). [2001-12-28 10:17:17] [EMAIL PROTECTED] Just a note: in the PHP 4.1.0 phpinfo() output, all the predefined vars are printed as _SERVER and _ENV members, except PHP_SELF, it is printed alone, and not in any array. This must be corrected! [2001-12-28 10:05:28] [EMAIL PROTECTED] Valid point. I'm reopening this as a documentation problem. [2001-12-28 10:01:35] [EMAIL PROTECTED] Hi All, Thanks for the replies. The docs tell me that using globally registered vars presents a security risk and is being turned off in future versions anyway, so it's quite necessary to get accustomed to it. Using $_SERVER['PHP_SELF'] must be the way to go. However, where to find proper documentation on these 'new' vars ? I can't find them, only some pages mentioning they exist.. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=14734 Edit this bug report at http://bugs.php.net/?id=14734edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #11833 Updated: Unsufficient docs
ID: 11833 Updated by: imajes Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: Documentation problem Operating System: any PHP Version: 4.0.6 Assigned To: danbeck New Comment: No feedback. Previous Comments: [2001-07-03 10:28:12] [EMAIL PROTECTED] Assigning this to myself. (I must love the pain...) [2001-07-02 10:21:56] [EMAIL PROTECTED] It's very hard to understand what you are saying... please forgive us if we don't quite get your point. Are you saying that the documentation is not clear as to which variables you can access using the $HTTP_ENV_VARS and $HTTP_SERVER_VARS. If this is what you are asking, then please read the 3rd paragraph and the note that follows at: http://php.net/manual/en/language.variables.predefined.php The manual can not be an exhaustive resource for all predefined variables. The best way to see exactly what is available to you is the check the output of the phpinfo() function. It describes everthing you would need to know about the PHP environment and it's predefined variables in gratuitous detail. Also, you specifically mention $PHP_SELF. You say that it's not intuitive to be in HTTP_SERVER_VARS? But it is.. it has noting to do with the system environment ($HTTP_ENV_VARS), but everything to do with the server environment. It's the filename part of the URI, not the actual filename on the server. [2001-07-02 07:13:33] [EMAIL PROTECTED] I don't agree. I just disable register_global by setting it Off. Now I can't acces simply $PHP_SELF - returned string is empty. When I get $HTTP_SERVER_VARS[PHP_SELF], the return string is such as the $PHP_SELF with register_global On. Maybe it isn't docs bug, but devel bug? [2001-07-02 07:06:16] [EMAIL PROTECTED] $PHP_SELF is not an environment variable, nor a server variable, it is a special PHP variable, so it wont be registered in any arrays you listed [2001-07-02 06:53:24] [EMAIL PROTECTED] There isn't enough information, from which assosiative array we can acces to predefined variables, when register globals is not set. Espesially $PHP_SELF isn't in $HTTP_ENV_VARS but $HTTP_SERVER_VARS, which mean not intuos (in my opinion) localization. Regards Edit this bug report at http://bugs.php.net/?id=11833edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14777 Updated: Style Sheets not interpreted when sent through Apache/PHP
ID: 14777 Updated by: imajes Reported By: [EMAIL PROTECTED] Status: Bogus Bug Type: Apache related Operating System: Windows ME PHP Version: 4.1.0 New Comment: Actually, it's to do with the IE engine not interpreting css correctly. Remember, that the scroll bar code is a: microsoft proprietary, and b: not standard compliant. Thus, the error is in the ie engine in the way it inteprets html. I have found that this works sometimes and sometimes not on .php files, and the same is true for .html files. Go yell at Microsoft. :) Previous Comments: [2001-12-30 17:49:38] [EMAIL PROTECTED] Thanks, I tried changing the wrong DOCTYPE-Definition (I replaced all extensions .html with .php via Search and Replace, so also the DOCTYPE-Definition was wrong afterwords), aswell as deleting it from the file, but it didn't work out unfortunately. Have you got another clue? [2001-12-30 15:40:30] [EMAIL PROTECTED] i forgot to +bogus [2001-12-30 15:31:12] [EMAIL PROTECTED] check your DOCTYPE definition: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0//EN it's WRONG. either chose the right one or leave it out. Kind Regards, Daniel Lorch [2001-12-30 14:39:52] [EMAIL PROTECTED] Hi! I've got the following configuration: PHP 4.1.0 running as ISAPI-Module on Apache 1.3.22 The following problem results only (!) if I use .php as extension. I originally programmed the entire site with the extension .html. I used IE-specific CSS-elements to change the color/style of the scrollbar. It all worked fine. Then I wanted to use .php as extension instead, so that I could use a prepend if necessary (e.g. include a config.php, etc.). It seemed to work fine still, PHP code is executed, the page is shown as usual. Only that the scrollbar is not shown with its changed appearance anymore. If I change back to .html everythings fine again. I can't explain this because I have in mind, that everything that is outside of ?php-Tags is sent unchanged to the browser. And the Source-Code (right-click in Internet-Explorer) shows no differences between the two files. Still it doesn't seem to work with .php Hereby the necessary files: hp_mitte.php: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0//EN html head titlePfarrgemeinde St. Maria Geburt, Duderstadt-Gerblingerode/title script type=text/javascript!-- function checkFrameset() {if(!parent.oben) location.href=index.php;} --/script style type=text/css!-- body {margin-bottom:0px; margin-top:0px; margin-left:0px; margin-right:0px; scrollbar-face-color:#FF; scrollbar-highlight-color:#43CBFF; scrollbar-shadow-color:#43CBFF; scrollbar-3dlight-color:#43CBFF; scrollbar-arrow-color:#43CBFF; scrollbar-track-color:#D5D5D5; scrollbar-darkshadow-color:#43CBFF;} table {border:0px;} --/style /head body onLoad=checkFrameset() table cellspacing=0 cellpadding=0 width=100% height=100% tr bgcolor=#D5D5D5 td height=24px colspan=3 font style=font: bold 12pt Arial, Helvetica, sans-serif; nbsp;nbsp;Startseite /font /td /tr tr td align=center colspan=3 valign=middle img src=images/kirche.jpg /br / font style=font:10pt Arial, Helvetica, sans-serif; Pfarrkirche St. Maria Geburt /font /td /tr /table body /html index.php: !DOCTYPE php PUBLIC -//W3C//DTD php 4.0 Frameset//EN html head titlePfarrgemeinde St. Maria Geburt, Duderstadt-Gerblingerode/title /head frameset frameborder=no border=0 framespacing=0 rows=30px,*,24px frame src=hp_oben.php noresize=noresize scrolling=no name=oben marginheight=0 marginwidth=0 frameset border=0 frameborder=no framespacing=0 cols=159px,*,9px frame src=hp_links.php noresize=noresize scrolling=no name=links marginheight=0 marginwidth=0 frame src=hp_mitte.php noresize=noresize name=mitte scrolling=yes marginheight=0 marginwidth=0 frame src=hp_rechts.php noresize=noresize scrolling=no name=rechts marginheight=0 marginwidth=0 /frameset frame src=hp_unten.php noresize=noresize scrolling=no name=unten marginheight=0 marginwidth=0 noframes body /body /noframes /frameset /html The other files are not really important, you can have empty files and the same problem results (or results not depending on the file-extension). I hope you can help me! Sincelery Daniel Warner Edit this bug report at http://bugs.php.net/?id=14777edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list