|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2016-09-16 11:01 UTC] selivan5 at yandex dot ru
[2016-09-16 13:20 UTC] selivan5 at yandex dot ru
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 21:01:28 2024 UTC |
Description: ------------ If php.ini syntax is incorrect and it can not be loaded, php-fpm starts with default values. This can lead to functional and security problems. For example, "post_max_size" becomes 8m, breaking uploading of large files. "disable_functions", used to restrict potentially dangerous functions, becomes empty. "display_errors" is 1 and visitors will see a full stacktrace on error pages. Test script: --------------- php-fpm.conf: [global] pid = /run/php/php7.0-fpm.pid error_log = /var/log/php7.0-fpm.log include=/etc/php/7.0/fpm/pool.d/*.conf pool.d/www.conf: [www] php_admin_value[error_reporting] = E_ALL & ~E_NOTICE user = www-data group = www-data listen = /run/php/php7.0-fpm.sock listen.owner = www-data listen.group = www-data listen.mode = 0660 php.ini: # This comment breaks ini file (it starts with hash and parenthsis are used) expose_php = Off Now start it: root@xenial:~# /usr/sbin/php-fpm7.0 --fpm-config /etc/php/7.0/fpm/php-fpm.conf --php-ini /etc/php/7.0/fpm/php.ini PHP: syntax error, unexpected '(' in /etc/php/7.0/fpm/php.ini on line 6 [14-Sep-2016 14:24:46] NOTICE: configuration file /etc/php/7.0/fpm/php-fpm.conf test is successful It noticed an error, but started anyway. Run phpinfo() - you will see, that expose_php is "ON" Expected result: ---------------- If php.ini is incorrect, php-fpm should fail with error. Actual result: -------------- If php.ini is incorrect, php-fpm starts using default values.