Bug reporting of PHP 4.3.4

Bug Reoprting of PHP4.3.4

Kreny <kreny at dalouis.com>
Last updated: Sunday, 10/08/2006 21:00
Original Page: http://bugs.php.net/bug.php?id=26370
New address: http://www.kreny.com/php4.3.4_bug.htm
Homepage: http://www.kreny.com/

1. Configure line of my PHP 4.3.4

'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-apache2=/usr/local/apache2' '--with-mysql=/usr/local/mysql' '--enable-force-cgi-redirect' '--with-zlib' '--with-jpeg-dir' '--with-png-dir' '--with-freetype-dir' '--with-gd' '--with-mcrypt=/usr/local/lib' '--enable-bcmath'

2. Changes of my php.ini

asp_tags = On
safe_mode = Off
disable_functions = system exec
default_charset =
session.name = D
session.cookie_domain =

[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.1.0
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.1.0
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

3. Information of MySQL

MySQL Support
Client API version
MYSQL_MODULE_TYPE
MYSQL_SOCKET
MYSQL_INCLUDE
MYSQL_LIBS

enabled
4.0.13
external
/tmp/mysql.sock
-I/usr/local/mysql/include
-L/usr/local/mysql/lib -lmysqlclient

4. Description:

Because I want to log the accesses to the authenticating page of my site I created a table named “ log_access ” in MySQL which had a structure like below:

CREATE TABLE `log_access` (
`id` int(7) unsigned NOT NULL auto_increment,
`ip` varchar(16) NOT NULL default '',
`access_time` varchar(14) NOT NULL default '',
`sql_access_time` datetime NOT NULL default '0000-00-00 00:00:00',
`hostname` varchar(35) default NULL,
`times` int(10) NOT NULL default '0',
UNIQUE KEY `id` (`id`)
) TYPE=MyISAM AUTO_INCREMENT=138 ;

I also built a function called Create_Log_Access() , saved in an extral file named fun_log.inc.php , which can return a log_access-SQL-query.

In my authenticating page which I request user to enter the username and password, I added such three PHP scripts like below to run Create_Log_Access():

require("./myadmin/connect.inc.php"); // Connection to MySQL
require_once("./myadmin/fun_log.inc.php"); // Include the funtion.
$query_log_access = Create_Log_Access()();
mysql_query($query_log_access);
mysql_close();

This can be done even if a user does nothing but just access the authenticating page. And if the user is accepted, this page will redirect the user to another page which named user.php by using the script

header('Location: user.php');

And of course I didn't add any scripts that can include or can run the Create_Log_Access()in my other pages except the authenticating page.

Problem: But I still found the number in my table “ log_access ” is increasing when I access some other pages even if in which I only use pure html scripts . I cut any html scripts which will not effect the wrong result and finally found that the script in the line below result the problem.

This is a script which can display a colorful square like this.

But when I delete the src="" part, everything return to normal -- the number in the table will not increase.

So I am wondering whether it is a bug of PHP or something else because this happened after I just updated the PHP from 4.3.2 to 4.3.4.

Thank you!

Any idea please feel free to contact me. <krenyATdalouis.com>

Added Comments

[23 Nov 2003 5:20pm EST] yuanhuanglin at hotmail dot com

It is also effected by name="" part in <img>.

[23 Nov 2003 8:12pm EST] iliaa@php.net

Does this happen when the zend extensions are not loaded.

[23 Nov 2003 8:33pm EST] yuanhuanglin at hotmail dot com

I commented the Zend part like below in php.ini, but it still occurrs.

----------------------------------
[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.1.0
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.1
.0
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

[23 Nov 2003 9:07pm EST] sniper@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Invalid HTML sometimes cause the pages to get loaded twice.

[24 Nov 2003 12:31am EST] yuanhuanglin at hotmail dot com

Thank you very much for your reply.
I also hope that it is not a bug, but may I have your attention again
that wheather a non-mysql-script-connected page can run a MySQL query in
the pages? This pages just start with the code I posted in 
http://www.s.fpu.ac.jp/t-yuan/php4.3.4_bug.htm
On that page I wrote some more details of my problem. It will be very
nice of you to read my problem description.

[5 Dec 2003 1:44pm EST] kreny at dalouis dot com

Anyone who has the idea please feel free to contact me at
krenyATdalouis.com, or write the feedback at
http://www.dalouis.com/feedback.php
I also want to take part in the Chinese Man Page Project and
Chinese-translation project for any open source, so anybody please feel
free to ask me to translate the English man page or introduction for
OPEN SOURCE. 
BTW, the lastest source of bug is at
http://www.dalouis.com/~kreny/php4.3.4_bug.htm
Thank you!

[14 Dec 2003 12:09am EST] kreny at dalouis dot com

New address:

http://www.kreny.com/php4.3.4_bug.htm

[11 Jan 1:46pm EST] dodu at hotmail dot com

Hello, I got a very similar issue.

Decription :

1. On my first page, I included a "write logfile" instructions such as
:
----------------------------------------------------
if (@$file_stat=fopen('../stat/stat.txt, 'a')) {
$p_stat = fputs($file_stat, 'pageview=1 and so on; ');
fclose($file_stat);
}

2. On another page it appears I had a broken image

Although my "write logfile" instruction does exist only in first page,
when loading the second one, the stat logfile was incremented !

Furthermore, in case the broken image was located in first page, then
the logfile were incremented twice at each request of the page !

Explanation :
-------------
I must say I took several hours to understand the logic behind :)
Actually, it was a very easy issue :(

My first page is set up as the default target for Error 404 redirection,
that is the reason why all broken items (even images) perform a request
to it ... and then increment my logfile :) That's it :)

You can easily check it by logging the $REQUEST_URI (At that way you
will get the name of the original requested item :) Also, this is a way
to track the broken links. Isn't it ?

Regards.

[11 Jan 2:01pm EST] kreny at dalouis dot com

Thank you Dodu. Your comment is really a new idea to me.
I have checked my Error 404 page. As my Error 404 page also quote the 
"write logfile" function so I think that is just the reason! I think
we've found it out.

BTW, although the broken image code make a redirection to 404 page, but
in my page, I have several broken images. But why it effects just one
time? Maybe because of the configuration?

I also added your commend to my full page at 
http://www.kreny.com/php4.3.4_bug.htm

Regards!

[6 Feb 7:45am EST] stanprog at stanprog dot com
I have the same problem with <SCRIPT> and src=

Here is what I found (This is block of one my class):

The following code didn't work:
foreach($this->addJS as $srcLocation) {
  $head .= '<script src="'.$srcLocation.'" />';
}

But the following works fine:
foreach($this->addJS as $srcLocation) {
  $head .= '<script src="'.$srcLocation.'"></script>';
}

In the beginning, I thought that the problem is with the way I close the
SCRIPT element, but the following works too (I just remove forech
loop):
$head .= '<script src="'.$srcLocation.'" />';

If instead src= I write sra= it works(I mean didn't crash), also if I
write srca= instead src= it works too. 

So now I think that it's a bug, some kind of conflict between src= and
foreach loop, something internally may be.
I try this without classes and the problem is the same, it's not in the
class context.

Best Regards!
Stanislav Yordanov

C O D E

1. Code of Create_Log_Access()
Description: I want to record every IP one time every day.If the same IP access my site several times(here I appoint to the authenticating page) count the number and save it to the same record.

2. Code of connect.inc.php

<?php
/* ========= connect.inc.php ================
* This is the golbal-db-variable-included file, it should
* be required in every database-based or *inux file
* system based file in this site.
* ==========================================*/

$SERVERNAME = "localhost";
$DB_USER = "aaaaaaa";
$DB_PASSWD = "bbbbbbb";
$DB_NAME = "cccccc";

$TABLE_LOG_ACCESS = "log_access";

$CONNECTION = @mysql_connect($SERVERNAME, $DB_USER, $DB_PASSWD);

if (!$CONNECTION) {
print "Sorry! Not connected.";
exit();
}

mysql_select_db($DB_NAME, $CONNECTION);

3. Non-MySQL-Query-contained Pages's top part.
This is the only script in other pages.

<?php
session_start();
if (!session_is_registered("admin_user")) { header('Location: /index.php'); }
?>

4. Code of authenticating page: -- index.php

<?php

require_once("./fun_log.inc.php");

// ================== Authenticating part ===================

if ($_POST['action'] == "auth") {

// Connect to DB to check the password
require("./connect.inc.php");

$auth_query = "SELECT * FROM `".$TABLE_USER."` WHERE `username`= '".$_POST['username']."'";
$auth_result = mysql_query($auth_query);
$auth_row = mysql_fetch_array($auth_result);

// -------- For administrator------------
if ($auth_row["usergroup"] <= 1 && $auth_row['passwd']<>"" && md5($_POST['passwd']) == $auth_row['passwd']) {
session_start();
session_register("admin_user"); // has the administrator's permition.
session_register("auth_user"); // has the normal user's permition.
session_register("lastlogin");
session_register("lastip");
session_register("user_level"); //User's level.
$_SESSION['username'] = $auth_row['username'];
$_SESSION['lastlogin'] = $auth_row['lastlogin'];
$_SESSION['lastip'] = $auth_row['ip'];
$_SESSION['user_level'] = $auth_row['usergroup'];

// ------------Login's log ----------------
$query_log_user = array();
$query_log_user = Create_Log_User($auth_row['username'],$auth_row['logintimes']);
mysql_query($query_log_user['log_user']);
mysql_query($query_log_user['update_user']);

unset($query_log_user);

header('Location: main.php');
}

// -------- For normal user------------
elseif ($auth_row["usergroup"] > 1) {
$warning_msg = "Not permitted.";
// Log the informatioin of the failed login.
$query_log_failure = Create_Log_Failed($_POST['username'],$_POST['passwd'],3);
mysql_query($query_log_failure);
}

// -------- For wrong passwd------------
else {
$warning_msg = "Wrong input. ";

// Log the informatioin of the failed login.
$query_log_failure = Create_Log_Failed($_POST['username'],$_POST['passwd'],0);
mysql_query($query_log_failure);
}

}

?>
<html>
<head>
<link rel="stylesheet" href="../style.css">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>TITLE</title>

</head>

<body topMargin=0 leftMargin=0>
...here I omitted the html scripts...
</body>
</html>

<?php

// ***************Log the access*****************

require("./connect.inc.php");
mysql_query(Create_Log_Access());
mysql_close();
?>

  Yuan Huanglin  /En Kou Rin/
  RHCE (Red Hat Certified Engineer)
  Email: kreny at dalouis dot com
  Homepage: http://www.kreny.com/
    _          _     ______    ______    __      _   __     __
    |_____/      |_____/     |_____      |   \      |        \_/
    |          \_     |           \_    |_____      |    \_   |         ||

本网址建立在创作公用协议下。版权声明：可以任意转载，转载时请务必以超链接形式标明文章原始出处和作者信息及以上“创作共用”声明。

本文链接：http://www.kreny.com/php4.3.4_bug.htm
作者: Kreny

Email:

您来自：本文最后更新：October 08 2006 20:00:50.