PHP :: Bug #49065 :: "disable_functions" php.ini option does not work on Zend extensions

Bug #49065	"disable_functions" php.ini option does not work on Zend extensions
Submitted:	2009-07-26 15:23 UTC	Modified:	2009-07-29 00:19 UTC
From:	yoram dot b at zend dot com	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5.*, 6SVN (2009-07-26)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	yoram dot b at zend dot com
New email:
PHP Version:		OS:

New Comment:

[2009-07-26 15:23 UTC] yoram dot b at zend dot com

Description:
------------
that is actually easy, in main.c :
1991     php_ini_register_extensions(TSRMLS_C);
1992     zend_startup_modules(TSRMLS_C);
1993
1994     /* disable certain classes and functions as requested by php.ini */
1995     php_disable_functions(TSRMLS_C);
1996     php_disable_classes(TSRMLS_C);
1997
1998     /* start Zend extensions */
1999     zend_startup_extensions();
As you can see, zend_extensions are started after php_disable_functions()

That might be a security whole, at list when not documented.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-07-26 15:25 UTC] yoram dot b at zend dot com

security hole, of course...)

[2009-07-29 00:17 UTC] svn@php.net

Automatic comment from SVN on behalf of stas
Revision: http://svn.php.net/viewvc/?view=revision&revision=286478
Log: fix extension functions disabling (bug #49065)

[2009-07-29 00:18 UTC] svn@php.net

Automatic comment from SVN on behalf of stas
Revision: http://svn.php.net/viewvc/?view=revision&revision=286479
Log: report fix for bug #49065

[2009-07-29 00:19 UTC] stas@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

fixed, thanks

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 09:01:28 2024 UTC