Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Dotenv] Get env using $_SERVER to work with fastcgi_param and workaround thread safety issues #23949

Merged
merged 1 commit into from
Aug 22, 2017
Merged

[Dotenv] Get env using $_SERVER to work with fastcgi_param and workaround thread safety issues #23949

merged 1 commit into from
Aug 22, 2017

Conversation

nicolas-grekas
Copy link
Member

Q A
Branch? 3.3
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #23502
License MIT
Doc PR -

getenv() is not thread safe, and doesn't work with fastcgi_param, see links in linked issue.

@nicolas-grekas nicolas-grekas added this to the 3.3 milestone Aug 22, 2017
nicolas-grekas
nicolas-grekas commented Aug 22, 2017
View reviewed changes
src/Symfony/Component/Dotenv/Dotenv.php
continue;
}

putenv("$name=$value");
$_ENV[$name] = $value;
$_SERVER[$name] = $value;
if ($notHttpName) {
Copy link
Member Author

@nicolas-grekas nicolas-grekas Aug 22, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with this, env vars that start with HTTP_* do not populate $_SERVER anymore.
this is to mitigate security issues with $_SERVER mixing several sources (env+http headers+etc).

@fabpot
Copy link
Member

fabpot commented Aug 22, 2017

Thank you @nicolas-grekas.

@fabpot fabpot merged commit f76e420 into symfony:3.3 Aug 22, 2017
fabpot added a commit that referenced this pull request Aug 22, 2017
@fabpot
bug #23949 [Dotenv] Get env using $_SERVER to work with fastcgi_param…
420f089 
… and workaround thread safety issues (nicolas-grekas)

This PR was merged into the 3.3 branch.

Discussion
----------

[Dotenv] Get env using $_SERVER to work with fastcgi_param and workaround thread safety issues

| Q             | A
| ------------- | ---
| Branch?       | 3.3
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #23502
| License       | MIT
| Doc PR        | -

`getenv()` is not thread safe, and doesn't work with `fastcgi_param`, see links in linked issue.

Commits
-------

f76e420 [Dotenv] Get env using $_SERVER to work with fastcgi_param and workaround thread safety issues
@nicolas-grekas nicolas-grekas deleted the no-getenv branch August 22, 2017 16:01
@fabpot fabpot mentioned this pull request Aug 28, 2017
Merged
@nicolas-grekas nicolas-grekas mentioned this pull request Sep 4, 2017
Closed
@ostrolucky ostrolucky mentioned this pull request Jan 6, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

@Simperfit Simperfit Simperfit approved these changes

Assignees
No one assigned
Labels
Bug Status: Needs Review
Projects
None yet
Milestone
3.3
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@nicolas-grekas @fabpot @Simperfit @carsonbot