search

bitnami / containers

Bitnami container images
https://bitnami.com
Other
3.31k stars 4.79k forks source link

phpmyadmin 5.2.1 docker image started download php file when accessing to / #68901

Closed guitarrapc closed 2 months ago

guitarrapc commented 3 months ago

Name and Version

bitnami/phpmyadmin:5.2.1-debian-12-r32

What architecture are you using?

arm64

What steps will reproduce the bug?

  1. Place following compose.yaml
services:
  mysql:
    image: mysql:8.0
    ports:
      - "3306:3306"
    environment:
      - MYSQL_ROOT_PASSWORD=secret
      - MYSQL_DATABASE=phpmyadmin
      - MYSQL_USER=phpmyadmin
      - MYSQL_PASSWORD=secret
  phpmyadmin:
    image: bitnami/phpmyadmin:5.2.1-debian-12-r32
    depends_on:
      - mysql
    ports:
      - "8080:8080"
    environment:
      - PHPMYADMIN_ALLOW_ARBITRARY_SERVER=true
  1. Run docker compose up
  2. Open guest browse (private browse) and put localhost:8080 to url address bar
  3. You will find download file is downloaded instead of showing phpmyadmin login page.

What is the expected behavior?

phpMyAdmin page should be shown when accessing to root url like http://localhost:8080.

What do you see instead?

Accessing to http://localhost:8080 download download file instead of showing top page. If you put http://localhost:8080/index.php then successfully show top page.

Additional information

Who will affect?

Currently bitnami/phpmyadmin:5.2.1 is point to bitnami/phpmyadmin:5.2.1-debian-12-r32, so that users who cleaed host cached image bitnami/phpmyadmin:5.2.1 encount this issue.

I've confirm both arm64 and amd64 image have same issue.

Workaround

Use bitnami/phpmyadmin:5.2.1-debian-12-r31 instead of bitnami/phpmyadmin:5.2.1 or bitnami/phpmyadmin:5.2.1-debian-12-r32.

Content-Type

When accessing with bitnami/phpmyadmin:5.2.1-debian-12-r31 image,. top pages is Content-Type: text/html; charset=utf-8, however bitnami/phpmyadmin:5.2.1-debian-12-r32 image top pages is Content-Type: application/x-httpd-php.

bitnami/phpmyadmin:5.2.1-debian-12-r31

image

bitnami/phpmyadmin:5.2.1-debian-12-r32

image

guitarrapc commented 3 months ago

I suspect commit https://github.com/bitnami/containers/commit/56502da357af3f2fce3b1588c0f49d7e0ebea381 trigger issue, but can't understand why Content-Type was affected...?

guitarrapc commented 2 months ago

There are bitnami/phpmyadmin:5.2.1-debian-12-r33 image released on 2 days ago https://github.com/bitnami/containers/commit/593cbba1f04c1c71a4de0a262e28d8e991afc0ea, and confirm issue fixed.

image

Is this regarding to https://httpd.apache.org/security/vulnerabilities_24.html#2.4.61 which is happen from apache 2.4.60 and fixed on 2.4.61? Looking into r31, r32 and r33, apache version differs.

# r31
$ apachectl -v
Server version: Apache/2.4.59 (Unix)
Server built:   May 13 2024 14:41:26

# r32
$ apachectl -v
Server version: Apache/2.4.60 (Unix)
Server built:   Jul  1 2024 13:25:50

# r33
$ apachectl -v
Server version: Apache/2.4.61 (Unix)
Server built:   Jul  3 2024 16:36:35

To maintainer, I propose unlist bitnami/phpmyadmin:5.2.1-debian-12-r32 container image to prevent future impact.