phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017355phplist applicationCommand Linepublic05-09-14 11:5116-10-14 11:21
Reporterduncanc 
PrioritynormalSeverityfeatureReproducibilitysometimes
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.0.7 
Target Version3.0.XFixed in Version3.0.9 
Summary0017355: Recognise php-cgi when run from command line
DescriptionCurrently phplist checks the sapi name to be 'cli' to determine whether it is being run from a command line (or equivalently a cron job). Many shared hosts do not provide php-cli, only php-cgi, and to be able to run process queue and process bounces from a cron job people have to use commands such as

php /path_to_phplist/admin/index.ph action=processqueue page=pageaction login=zzz password=yyy
php /path_to_phplist/admin/index.ph page=processbounces login=zzz password=yyy

phplist treats these as web requests, not as commands.

Apart from leaking the admin password, this approach means it is not possible to disable the "process the queue" and "process bounces" menu options even when they are being run from cron jobs.

Looking at how other packages handle this, Drupal has a function drupal_is_cli() to determine whether php is running as a command or not.

function drupal_is_cli() {
  return (!isset($_SERVER['SERVER_SOFTWARE']) && (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0)));
}

I think that any of a number of $_SERVER variables could be used in place of SERVER_SOFTWARE.
I have tested the function and it correctly identifies

when php is running as a command
- direct linux command
- cron job running php-cli
- cron job running php-fcgi

when php is not running as a command
- web page served by apache php mod
- web page served by php-fcgi

Reviewing the code in admin/index.php there is already a check for something similar

# check for commandline and cli version
if (!isset($_SERVER["SERVER_NAME"]) && !PHP_SAPI == "cli") {
  print "Warning: commandline only works well with the cli version of PHP";
}

The code never displays the warning because the condition is incorrect - it should be PHP_SAPI != "cli"
but do you remember the reason for displaying a warning instead treating it as a fatal error?
A warning suggests that the intention is to allow the command but to expect some problems, but the code immediately following allows only a sapi value of "cli", which means that the command is treated as a web request.

TagsNo tags attached.
Attached Files

- Relationships
has duplicate 0017389resolvedmichiel Use of php_sapi_name to determine interface 

-  Notes
There are no notes attached to this issue.


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker