PHP :: Bug #33723 :: php_value overrides php_admin

Bug #33723

php_value overrides php_admin_value

Submitted:

2005-07-16 13:22 UTC

Modified:

2005-08-01 10:49 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

ezmlm at mail dot ru

Assigned:

dmitry (profile)

Status:

Closed

Package:

Apache related

PHP Version:

5CVS-2005-07-18

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ezmlm at mail dot ru
New email:
PHP Version:		OS:

New Comment:

[2005-07-16 13:22 UTC] ezmlm at mail dot ru

Description:
------------
PHP5 for apache 1.3.33 built as DSO allows php_admin_value (php_admin_flag) options marked as PHP_INI_SYSTEM to be reset in .htaccess files by using php_value (php_flag). safe_mode for example.

To demonstrate the problem in php.ini set safe_mode = Off, in httpd.conf, set:
php_admin_value safe_mode on

Get phpinfo to verify that safe_mode is on.

Now create .htaccess file in document_root containing:
php_flag safe_mode off

(or even php_flag safe_mode on)

Get phpinfo again and note that safe_mode was reset to off (php.ini initial value)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-07-20 23:52 UTC] sniper@php.net

Verified: This only happens with Apache 1.3.x.

[2005-07-21 00:09 UTC] sniper@php.net

Note: PHP 4.4.0 works fine, this only happens with PHP 5.

[2005-08-01 10:49 UTC] dmitry@php.net

Fixed in CVS HEAD and PHP_5_0.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 15:01:30 2024 UTC