|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2001-04-01 14:25 UTC] sniper@php.net
[2001-05-02 18:18 UTC] jmoore@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Wed Apr 24 08:01:29 2024 UTC |
We configured PHP with fopen and all other file-related functions disabled (disable_functions = "fopen") on our Lnux 2.2.16 machine with Apache 1.3.19. If a file with fopen or any other file-related (and disabled) function is run PHP does NOT simply refuse the execution of this function. It runs forever (or until the end of the max_execution_time setting) and allocates more and more memory. This results in a server crash within less than one minute because of memory shortage. If you configure a very short max_execution_time (or stop the execution of the script with your browser manually after one second) the server does not crash immediatelly. However all memory allocated by the httpd process serving the script (many MBs per second!) is NOT released. So only a very short (fraction of a second) second execution of the script by the same httpd process will result in a server crash. Sample script used (with add. syntax errors): <!doctype html public "-//W3C//DTD HTML 4.0 //EN"> <html> <head> <LINK REL=STYLESHEET TYPE="text/css" HREF="format.css"> <title>Heutige Geburtstagsliste</title> </head> <body BGCOLOR="#FFFFFF" link="#7DA6B9" vlink="#7DA6B9" alink="#7DA6B9"> <table border=0> <tr> <td width=15%> </td> <td width=60%> <table border=0 cellspacing="5" cellpadding="2"> <caption align=top> <?php $today = date ("d. F"); echo "<h3>$today</h3>"; ?> </caption> <?php $month = date ("m"); $day = date ("d"); $fr = fopen($month . ".txt", "r"); $hit = 0; while (!feof($fr)) { $buffer = fgets($fr, 1024); if ($buffer != "") { list ($birthday, $name, $email) = split ('[#]', $buffer); if (substr($birthday, 0, 4) == date("dm")) { $hit = 1; echo "<tr bgcolor=\"#94B5C6\">"; echo "<td class=\"text\" width=\"50\">"; printf (substr($birthday, 4, 4)); echo "</td>"; echo "<td class=\"text\" width=\"200\">$name</td>"; echo "<td width=\"200\"><a class=\"link\" href=mailto:$email>$email</a></td></tr>"; } } } if ($hit == 0) { echo "<tr><td colspan=\"3\" class=\"text\">Es sind f?r den heutigen Tag keine Eintr?ge vorhanden!</td></tr>"; } fclose ($fr); ?> </table> </body> </html> php.ini: engine = On short_open_tag = On precision = 5 output_buffering = Off expose_php = Off allow_url_fopen = Off asp_tags = On display_errors = On doc_root = "." open_basedir = "." include_path = "." magic_quotes_gpc = On magic_quotes_runtime = On max_execution_time = 5 memory_limit = 314000 register_globals = On file_uploads = 0 post_max_size = 300K safe_mode = On safe_mode_exec_dir = "." enable_dl = Off ;; EXTENSION LOADING extension_dir = /usr/lib/php4 ;; Global PHP defaults warn_plus_overloading = On ; warn if the + operator is used with strings track_errors = On ; Store the last error/warning message in $php_errormsg (boolean) track_vars = On ; include_path = ".:/usr/share/php" disable_functions="fopen,fpassthru,fputs,fread,fscanf,fseek,fstat,ftell,ftruncate,fwrite"