php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75212 php_value acts like php_admin_value
Submitted: 2017-09-15 14:09 UTC Modified: 2017-09-18 16:10 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: FPM related
PHP Version: Irrelevant OS: GNU/Linux
Private report: No CVE-ID: None
 [2017-09-15 14:09 UTC] remi@php.net
Description:
------------
If pool configuration contains a php_admin_value directive, it is protected and cannot be modified in .user.init: OK.

If pool configuration contains a php_value directive, it is also protected and cannot be modified in .user.init: looks like a bug.





Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-09-18 16:09 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=cfc6c4d2973c795cb400435a28805a73c02d23e2
Log: Fixed Bug #75212 php_value acts like php_admin_value
 [2017-09-18 16:09 UTC] remi@php.net
-Status: Open +Status: Closed
 [2017-09-18 16:10 UTC] remi@php.net
-Assigned To: +Assigned To: remi
 [2017-09-18 16:11 UTC] remi@php.net
As discussed on the PR, this may raised some unwanted changes in stable branch (if users occasionally have .user.ini files laying around, those suddenly start to take effect).

So this will be fixed in 7.2 only
 [2017-09-18 17:25 UTC] spam2 at rhsoft dot net
> As discussed on the PR, this may raised some unwanted 
> changes in stable branch (if users occasionally have 
> .user.ini files laying around, those suddenly start 
> to take effect)

that's a terrible broken point of view

.user.ini files don't appear magically and users expect them to behave as they are written, thats's the same as 'open_basedir' can't be changed anywhere outside php.ini but is displayed (or at least was) with the local value of the vhost which leaded in my case in unwanted security holes becaus eshell commands was intended to be only allowed by 2 out of some hundret vhosts

frankly you can't call behave as configured a "unwanted change"
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 09:01:32 2024 UTC