PHP :: Bug #33723 :: php_value overrides php_admin

Bug #33723

php_value overrides php_admin_value

Submitted:

2005-07-16 13:22 UTC

Modified:

2005-08-01 10:49 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

ezmlm at mail dot ru

Assigned:

dmitry (profile)

Status:

Closed

Package:

Apache related

PHP Version:

5CVS-2005-07-18

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	ezmlm at mail dot ru
New email:
PHP Version:		OS:

New/Additional Comment:

[2005-07-16 13:22 UTC] ezmlm at mail dot ru

Description:
------------
PHP5 for apache 1.3.33 built as DSO allows php_admin_value (php_admin_flag) options marked as PHP_INI_SYSTEM to be reset in .htaccess files by using php_value (php_flag). safe_mode for example.

To demonstrate the problem in php.ini set safe_mode = Off, in httpd.conf, set:
php_admin_value safe_mode on

Get phpinfo to verify that safe_mode is on.

Now create .htaccess file in document_root containing:
php_flag safe_mode off

(or even php_flag safe_mode on)

Get phpinfo again and note that safe_mode was reset to off (php.ini initial value)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-07-20 23:52 UTC] sniper@php.net

Verified: This only happens with Apache 1.3.x.

[2005-07-21 00:09 UTC] sniper@php.net

Note: PHP 4.4.0 works fine, this only happens with PHP 5.

[2005-08-01 10:49 UTC] dmitry@php.net

Fixed in CVS HEAD and PHP_5_0.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 11:01:29 2024 UTC