Basically I'm experiencing the same problem as featured in Bug #25753 "php_value|flag / php_admin_* settings "leak" from vhosts/.htaccess files" <http://bugs.php.net/bug.php?id=25753> which was marked as solved over 2 years ago.
I'm running PHP 5.1.2 with Apache 2.0.55 on FreeBSD 5.3 (PHP and Apache both installed from ports) so I'm assuming the fix in CVS should be included in my version. However, I've still tried some of the options mentioned in the bug. Not only is xbithack off by default I have explicitly set it to 0 in both php.ini and my httpd.conf. The problem is most noticeable in two areas. All the options referenced below are set in various conf files that are included in the main httpd.conf include_path is the most visible culprit; when an include_path is set for a vhost it seems to randomly suck in the include_path intended for another vhosts (this is actually a bit predictable since it's the same few vhosts picking up the same couple of include_path settings). Having an include_path for each vhost seems to solve this problem. More annoying is auto_append_file which results, as you might expect, certain files being appended to the bottom of php files for assorted vhosts. It seems to be groups that are affected, for example if I set auto_append_file for vhost1 then vhost2 and vhost3 will also append the file but vhost4 won't, but for vhost5 it seems to get pulled in by vhost2, vhost5 and vhost6. I've tried setting auto_append_file to none so that every vhost has it defined which cuts out most, but not all of the cross-over. At the moment if a certain vhost which shouldn't append a file does then the vhost that should append the file works fine; restarting apache seems to fix the host which shouldn't include any files but then causes the host which should be including the file to return the classic blank webpage showing the script has died despite not leaving any errors in the log (and error_reporting set to E_ALL). Interestingly both events are more likely to happen if apache is restarted with apachectl graceful than if I use apachectl restart. Now given the earlier bug reports about this issue I suspect this isn't enough information to fix this but if anyone has any ideas I'm eager to try them. I believe I can also recreate this problem so if anyone has details of the data they require just ask and I'll do my best to help. Kevin
