Fix bug #75712: getenv in php-fpm should not read $_ENV, $_SERVER

Closes GH-13195

NEWS

@@ -9,6 +9,10 @@ PHP                                                                        NEWS
 - Curl:
   . Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh)
 
+- FPM:
+  . Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER).
+    (Jakub Zelenka)
+
 15 Feb 2024, PHP 8.2.16
 
 - Core:

ext/standard/basic_functions.c

@@ -743,7 +743,7 @@ PHP_FUNCTION(getenv)
 
 	if (!str) {
 		array_init(return_value);
-		php_import_environment_variables(return_value);
+		php_load_environment_variables(return_value);
 		return;
 	}
 

main/php_variables.c

@@ -28,7 +28,9 @@
 
 /* for systems that need to override reading of environment variables */
 void _php_import_environment_variables(zval *array_ptr);
+void _php_load_environment_variables(zval *array_ptr);
 PHPAPI void (*php_import_environment_variables)(zval *array_ptr) = _php_import_environment_variables;
+PHPAPI void (*php_load_environment_variables)(zval *array_ptr) = _php_load_environment_variables;
 
 PHPAPI void php_register_variable(const char *var, const char *strval, zval *track_vars_array)
 {
@@ -632,6 +634,11 @@ void _php_import_environment_variables(zval *array_ptr)
 	tsrm_env_unlock();
 }
 
+void _php_load_environment_variables(zval *array_ptr)
+{
+	php_import_environment_variables(array_ptr);
+}
+
 bool php_std_auto_global_callback(char *name, uint32_t name_len)
 {
 	zend_printf("%s\n", name);

main/php_variables.h

@@ -32,6 +32,7 @@
 BEGIN_EXTERN_C()
 void php_startup_auto_globals(void);
 extern PHPAPI void (*php_import_environment_variables)(zval *array_ptr);
+extern PHPAPI void (*php_load_environment_variables)(zval *array_ptr);
 PHPAPI void php_register_variable(const char *var, const char *val, zval *track_vars_array);
 /* binary-safe version */
 PHPAPI void php_register_variable_safe(const char *var, const char *val, size_t val_len, zval *track_vars_array);

sapi/fpm/fpm/fpm_main.c

@@ -516,7 +516,21 @@ static void cgi_php_load_env_var(const char *var, unsigned int var_len, char *va
 }
 /* }}} */
 
-void cgi_php_import_environment_variables(zval *array_ptr) /* {{{ */
+static void cgi_php_load_env_var_unfilterd(const char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg)
+{
+	zval *array_ptr = (zval *) arg;
+	php_register_variable_safe(var, val, val_len, array_ptr);
+}
+
+static void cgi_php_load_environment_variables(zval *array_ptr)
+{
+	php_php_import_environment_variables(array_ptr);
+
+	fcgi_request *request = (fcgi_request*) SG(server_context);
+	fcgi_loadenv(request, cgi_php_load_env_var_unfilterd, array_ptr);
+}
+
+static void cgi_php_import_environment_variables(zval *array_ptr)
 {
 	fcgi_request *request = NULL;
 
@@ -542,7 +556,6 @@ void cgi_php_import_environment_variables(zval *array_ptr) /* {{{ */
 	request = (fcgi_request*) SG(server_context);
 	fcgi_loadenv(request, cgi_php_load_env_var, array_ptr);
 }
-/* }}} */
 
 static void sapi_cgi_register_variables(zval *track_vars_array) /* {{{ */
 {
@@ -1840,6 +1853,7 @@ consult the installation file that came with this distribution, or visit \n\
 	/* make php call us to get _ENV vars */
 	php_php_import_environment_variables = php_import_environment_variables;
 	php_import_environment_variables = cgi_php_import_environment_variables;
+	php_load_environment_variables = cgi_php_load_environment_variables;
 
 	/* library is already initialized, now init our request */
 	request = fpm_init_request(fcgi_fd);

sapi/fpm/tests/bug75712-getenv-server-vars.phpt

@@ -0,0 +1,62 @@
+--TEST--
+FPM: bug75712 - getenv should not read from $_ENV and $_SERVER
+--SKIPIF--
+<?php include "skipif.inc"; ?>
+--FILE--
+<?php
+
+require_once "tester.inc";
+
+$cfg = <<<EOT
+[global]
+error_log = {{FILE:LOG}}
+[unconfined]
+listen = {{ADDR}}
+pm = static
+pm.max_children = 1
+env[TEST] = test
+php_value[register_argc_argv] = on
+EOT;
+
+$code = <<<EOT
+<?php
+
+var_dump(isset(getenv()['argv']));
+var_dump(isset(getenv()['SERVER_NAME']));
+var_dump(getenv()['TEST']);
+var_dump(isset(getenv()['DTEST']));
+var_dump(getenv('DTEST'));
+putenv('DTEST=dt');
+var_dump(getenv()['DTEST']);
+var_dump(getenv('DTEST'));
+
+function notcalled()
+{
+    \$_SERVER['argv'];
+}
+EOT;
+
+$tester = new FPM\Tester($cfg, $code);
+$tester->start();
+$tester->expectLogStartNotices();
+$tester->request()->expectBody([
+    'bool(false)',
+    'bool(true)',
+    'string(4) "test"',
+    'bool(false)',
+    'bool(false)',
+    'string(2) "dt"',
+    'string(2) "dt"',
+]);
+$tester->terminate();
+$tester->close();
+
+?>
+Done
+--EXPECT--
+Done
+--CLEAN--
+<?php
+require_once "tester.inc";
+FPM\Tester::clean();
+?>