With DSO and PHP7.3: htaccess file written by cPanel Multi PHP Ini editor invalid: Apache2.4 error php_value takes two arguments, PHP Value Modifier

webel

January 07, 2020 21:20

Centos 6.10 cpanel: 84.0 (build 19) Apache/2.4.41 (cPanel) PHP: 7.3.13 Handler: DSO (not negotiable, must use) After upgrading to PHP7.3 (from PHP5.6) and using the cPanel Multi PHP INI Editor it wrote PHP variable settings into the .htaccess file that Apache2.4 chokes on: ... /home/USERNAME/public_html/.htaccess: php_value takes two arguments, PHP Value Modifier
The .htaccess as written by cPanel is: [CODE=apacheconf] # BEGIN cPanel-generated php ini directives, do not edit # Manual editing of this file may result in unexpected behavior. # To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor) # For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI) php_value error_reporting E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT php_value memory_limit 2048M php_value post_max_size 20M php_value upload_max_filesize 20M php_value max_execution_time 120 php_flag display_errors Off php_value max_input_time 60 php_value max_input_vars 1000 php_value session.gc_maxlifetime 1440 php_value session.save_path "/var/cpanel/php/sessions/ea-php73" php_flag zlib.output_compression Off php_value error_reporting E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT php_value memory_limit 2048M php_value post_max_size 20M php_value upload_max_filesize 20M php_value max_execution_time 120 php_flag display_errors Off php_value max_input_time 60 php_value max_input_vars 1000 php_value session.gc_maxlifetime 1440 php_value session.save_path "/var/cpanel/php/sessions/ea-php73" php_flag zlib.output_compression Off # END cPanel-generated php ini directives, do not edit
Observations: - Happens with tiny PHP test file. - Happens when start with no previous .htaccess file (so only as written by cPanel). - I have checked carefully (also with cat -v .htaccess) for any strange or extra characters. - Reboot of Apache server did not help. - Reboot of Centos VPS did not help.

Comments

14 comments

webel

January 08, 2020 02:30
Progress: If I completely remove the original php.ini and regenerate the .htaccess using cPanel INI editor it is ok, so something in the original php.ini affects it (but php -l said was ok). The trouble seems to be this line (which is ok for php.ini syntax): php_value error_reporting E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
If I double-quote it works (or at least Apache does not choke on it): php_value error_reporting "E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT"
0
cPanelLauren

January 09, 2020 21:05
Hello @webel Thank you for the detailed information on this, I've not seen anything similar come through the ticket system or our recent issues and I believe that this warrants further investigation. Would it be possible for you to open a ticket with us so that we can look into the issue further? If you do open it, please update here with the ticket ID and I'll note the ticket and follow up here with the outcome. Thanks!
0
matt1206

September 30, 2020 14:49
Did anything else come of this? I'm seeing the same on a new server I've set up. It's using Apache 2.4 with lsapi has the PHP handler. cPanel is writing the .htaccess files as per the below:
0
matt1206

September 30, 2020 14:55
Full errors from the log [Wed Sep 30 10:52:52.879331 2020] [core:alert] [pid 32203:tid 47839187097344] [client 94.130.18.160:42110] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:52.879414 2020] [core:alert] [pid 32203:tid 47839187097344] [client 94.130.18.160:42110] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:52.955872 2020] [core:alert] [pid 32204:tid 47839006258944] [client 76.77.125.206:60542] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:52.955943 2020] [core:alert] [pid 32204:tid 47839006258944] [client 76.77.125.206:60542] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:53.521751 2020] [core:alert] [pid 32204:tid 47839006258944] [client 76.77.125.206:60542] /home/triketal/.htaccess: php_value takes two arguments, PHP Value, referer: https://www.triketalk.com/content/ [Wed Sep 30 10:52:53.521825 2020] [core:alert] [pid 32204:tid 47839006258944] [client 76.77.125.206:60542] /home/triketal/.htaccess: php_value takes two arguments, PHP Value, referer: https://www.triketalk.com/content/ [Wed Sep 30 10:52:54.026189 2020] [core:alert] [pid 32206:tid 47839166084864] [client 192.99.13.88:39108] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:54.026245 2020] [core:alert] [pid 32206:tid 47839166084864] [client 192.99.13.88:39108] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:57.028086 2020] [core:alert] [pid 32201:tid 47839159781120] [client 40.77.167.66:17265] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:57.028148 2020] [core:alert] [pid 32201:tid 47839159781120] [client 40.77.167.66:17265] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:58.782943 2020] [core:alert] [pid 32202:tid 47839077701376] [client 72.172.39.31:52989] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:58.783023 2020] [core:alert] [pid 32202:tid 47839077701376] [client 72.172.39.31:52989] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:59.359955 2020] [core:alert] [pid 32203:tid 47839193401088] [client 185.191.171.23:56252] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:52:59.360020 2020] [core:alert] [pid 32203:tid 47839193401088] [client 185.191.171.23:56252] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:53:00.401631 2020] [core:alert] [pid 32204:tid 47839170287360] [client 114.119.138.5:30440] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:53:00.401699 2020] [core:alert] [pid 32204:tid 47839170287360] [client 114.119.138.5:30440] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:53:01.413914 2020] [core:alert] [pid 32205:tid 47839170287360] [client 40.77.167.228:9889] /home/triketal/.htaccess: php_value takes two arguments, PHP Value [Wed Sep 30 10:53:01.413986 2020] [core:alert] [pid 32205:tid 47839170287360] [client 40.77.167.228:9889] /home/triketal/.htaccess: php_value takes two arguments, PHP Value
I have to delete the .htaccess file from the home directory to get the site back online.
0
Rocketfella

June 17, 2022 19:35
I can confirm and recreate this issue. PHP 7.4 + LSAPI or PHP 8.0 + LSAPI The CPanel generated .htaccess causes the "php_value takes two arguments, PHP Value" Under Changing the line php_value error_reporting E_ALL & ~E_NOTICE to php_value error_reporting "E_ALL & ~E_NOTICE" (adding the double quotes) fixes things.
0
cPRex Jurassic Moderator

June 17, 2022 19:40
Were you doing anything specific to generate that .htaccess file, or is that just the default file on the account?
0
Rocketfella

June 17, 2022 20:31
Were you doing anything specific to generate that .htaccess file, or is that just the default file on the account?

I had switched from CGI to LSAPI. Like @matt1206 above, I had to wipe out the htaccess file to get the site to load again. Saving the multiphpini file causes cpanel to regenerate the htaccess file. that regenerated htaccess file contains the error that causes the "php_value takes two arguments, PHP Value" errors in the log. I am able to recreate this.
0
cPRex Jurassic Moderator

June 17, 2022 20:36
Could you submit a ticket to our team so we can reproduce this on our end?
0
banana_bender

March 12, 2025 03:02
This is a bug within MultiPHP, as it does not convert error_reporting to a bitmask as it should for .htaccess. The PHP module documentation specifically mentions:

PHP constants do not exist outside of PHP. For example, in httpd.conf you can not use PHP constants such as E_ALL or E_NOTICE to set the error_reporting directive as they will have no meaning and will evaluate to 0. Use the associated bitmask values instead. These constants can be used in php.ini

MultiPHP should be converting whatever is in the editor for error_reporting to a bitmask to place in .htaccess.

In the multi-php editor for this site on CloudLinux 8 using mod_lsapi, I had the line:
```
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
```
The value is copied verbatim into the .htaccess. If I do not have the double quotes around the value then apache throws a 500 error to the user and the apache log has the following relevant log:
```
[core:alert] /pathtosite/.htaccess: php_value takes two arguments, PHP Value
```
Unhelpfully this does not include the offending line, but it is indeed the error_reporting line that needs to be double-quoted for the actual setting value in the .htaccess, i.e it needs to be:
```
php_value error_reporting "E_ALL & ~E_DEPRECATED & ~E_STRICT"
```
Whether this is then interpreted by PHP as a plain string or as an integer using constants for bitmasking I do not know. So, to work around this once and for all, use a PHP Error Reporting Level Calculator to calculate the bitmask and use that integer value instead. Note that the bitmask may change for different versions of PHP.

Example of new MultiPHP editor value which works around the issue:
```
error_reporting = 22527
```
0
cPRex Jurassic Moderator

March 12, 2025 14:00
banana_bender - can you let me know what PHP version you're using so I can test this?
0
banana_bender

March 12, 2025 19:22
Sure, my bad. This is using ea-php56 for a legacy site, I haven't tested using other versions of PHP yet.
0
cPRex Jurassic Moderator

March 17, 2025 15:38
Thanks for that information - here is the process I used to test this:

-Created a CloudLinux 8 server with cPanel 126
-Ensured all PHP versions were installed
-Created a new cPanel account
-Used the WHM >> MultiPHP Manager to set the domain to PHP 5.6
-Used the cPanel >> MultiPHP INI Editor tool under the Editor Mode tab to add
```
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
```
to the configuration and saved that change.

I did confirm that gets added directly to the .htaccess.

However, at this point I'm no longer able to reproduce as I do not see any errors in my Apache log when accessing the site - everything works normally and nothing odd is logged.

It's possible that I don't have the correct PHP site in place to see anything get logged there.

Would it be possible for you to create a ticket so this can be investigated directly on the server experiencing the issue?
0
banana_bender

March 17, 2025 20:36

Edited
Thanks for taking the time. Were you also using mod_lsapi as the handler (using LSPHP in daemon mode)? Yes I can log a ticket directly.

I'd like to note that the PHP constants being added to the .htaccess directly contradicts PHP docs as I previously stated, although I understand wanting to avoid a potentially breaking change like that.
0
cPRex Jurassic Moderator

March 18, 2025 13:52
My test was using lsapi, yes. I can't comment on the PHP docs portion of the issue as that's up to our development team, but if you have a ticket number I'd be happy to follow along with that on my end!
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?