php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68018 php_value directive modifies "Changeable" context
Submitted: 2014-09-13 19:54 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: manuel-php at mausz dot at Assigned:
Status: Open Package: FPM related
PHP Version: master-Git-2014-09-13 (Git) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: manuel-php at mausz dot at
New email:
PHP Version: OS:

 

 [2014-09-13 19:54 UTC] manuel-php at mausz dot at 
Description:
------------
Using php_value directives in PHP-FPM modifies the modifiable member of the ini setting. e.g. php_value[enable_dl] = 0 changes modifiable from PHP_INI_SYSTEM to PHP_INI_USER which will allow changing enable_dl using ini_set().

Also fpm_php_zend_ini_alter_master lacks the modifiable check from zend_alter_ini_entry_ex. So it's possible to overwrite a PHP_INI_SYSTEM setting with a php_value directive.

The attached patch fixes both.

Patches

master-fpm-ini-modifiable.patch (last revision 2014-09-13 19:54 UTC by manuel-php at mausz dot at)

Pull Requests
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 19:01:29 2024 UTC