Open bshaffer opened 1 year ago
getenv and putenv are considered not threadsafe. As a result, We should expose a way (similar to symphony's usePutenv function) to use the threadsafe version ($_ENV) instead.
getenv
putenv
usePutenv
$_ENV
As @DracoBlue mentioned in https://github.com/googleapis/google-auth-library-php/pull/429:
The current version of google auth library php uses getenv/putenv to read and set environment variables in php. But the function putenv is not threadsafe, which made libraries (Dotenv https://github.com/symfony/dotenv/blob/6.2/Dotenv.php#L61 and phpdotenv https://github.com/vlucas/phpdotenv#putenv-and-getenv) to disable putenv support by default. Frameworks like symfony (deprecated in 4.3 https://github.com/symfony/symfony/pull/31062 and removed in 5.0) and also in laravel there was a similiar solution to not use it anymore directly (https://github.com/vlucas/phpdotenv/issues/76). Thus here is a pull request to change all the ocurences of: getenv($variable) to array_key_exists($variable, $_ENV) ? $_ENV[$variable] : false putenv($variable) to unset($_ENV[$variable]) putenv($variable . "=") to $_ENV[$variable]='' putenv($variable . "=" . $value) to $_ENV[$variable]=$value Threads about this: https://bugs.php.net/bug.php?id=74143 (putenv does not work if fast cgi sets the variable!) https://github.com/symfony/symfony/pull/31062 https://github.com/vlucas/phpdotenv/issues/76 https://github.com/laravel/framework/issues/7354 https://github.com/laravel/framework/commit/866a8cfc58430830069bd24feacf2d81e99385a2 https://github.com/silverstripe/silverstripe-framework/pull/7484 https://github.com/laravel/framework/issues/27949
The current version of google auth library php uses getenv/putenv to read and set environment variables in php. But the function putenv is not threadsafe, which made libraries (Dotenv https://github.com/symfony/dotenv/blob/6.2/Dotenv.php#L61 and phpdotenv https://github.com/vlucas/phpdotenv#putenv-and-getenv) to disable putenv support by default. Frameworks like symfony (deprecated in 4.3 https://github.com/symfony/symfony/pull/31062 and removed in 5.0) and also in laravel there was a similiar solution to not use it anymore directly (https://github.com/vlucas/phpdotenv/issues/76).
Thus here is a pull request to change all the ocurences of:
getenv($variable)
array_key_exists($variable, $_ENV) ? $_ENV[$variable] : false
putenv($variable)
unset($_ENV[$variable])
putenv($variable . "=")
$_ENV[$variable]=''
putenv($variable . "=" . $value)
$_ENV[$variable]=$value
Threads about this:
Thanks for creating the feature request!
Isn't this change safe and non BC?
- $path = getenv(self::ENV_VAR); + $path = getenv(self::ENV_VAR) ?: $_ENV[self::ENV_VAR] ?: $_SERVER[self::ENV_VAR];
here https://github.com/googleapis/google-auth-library-php/blob/e10dc3fb43b6f76c717d10f553104431181a7686/src/CredentialsLoader.php#L79
getenv
andputenv
are considered not threadsafe. As a result, We should expose a way (similar to symphony'susePutenv
function) to use the threadsafe version ($_ENV
) instead.As @DracoBlue mentioned in https://github.com/googleapis/google-auth-library-php/pull/429: