php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #10354 disable_functions doe not work when set from httpd.conf
Submitted: 2001-04-16 19:30 UTC Modified: 2004-08-06 01:05 UTC
Votes:5
Avg. Score:4.8 ± 0.4
Reproduced:5 of 5 (100.0%)
Same Version:2 (40.0%)
Same OS:3 (60.0%)
From: valerio at wnet dot it Assigned:
Status: Not a bug Package: PHP options/info functions
PHP Version: 4.0 Latest CVS ( OS: Linux 2.4.2 i386
Private report: No CVE-ID: None
View Developer Edit
 [2001-04-16 19:30 UTC] valerio at wnet dot it 
I think that disable_functions is not working properly when called from httpd.conf with:

php_admin_value disable_functions phpinfo

while it works nice when called from php.ini.
If i run a script with just 

<?
phpinfo();
?>

obviously in a dir which is affected by the directive,
the function works ignoring the directive, and gives this results (cut down to just the line of interest):

			 local value        master value
[...]    
disable_functions        phpinfo             system
[...]

I have disabled "system" from php.ini, just to test...it didn't work also not setting anything in php.ini.
I tried also with safe mode on but no results.
The only functions thatare correctly disabled are the ones set from php.ini.
The same behaviour in php 4.0.6-dev i downloaded today from the CVS...
Am I missing something or this is a bug?
Thanks in advance.

Valerio Morettini

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-26 21:29 UTC] yohgaki@php.net 
The version of PHP that this bug was reported in is too old. Please
try to reproduce this bug in the latest version of PHP (available
from http://www.php.net/downloads.php

If you are still able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
 [2004-08-05 23:25 UTC] majkls at tiscali dot cz 
It not working with php version 4.3.6 too. I have Apache 2.0.49/worker on Linux 2.4.26.
The problem:
phpinfo():
-----------------
local value     master value
leak ini_set    exec popen ini_set
fsockopen ..    leak fsockopen...
-----------------
there is part of configuration httpd.conf:

<Directory ~ "/home/(www|admin|192|212|_|158|168|99)/web/stats">
<IfModule mod_php4.c>
 php_admin_flag safe_mode off
 php_admin_value disable_functions "passthru set_time_limit error_log ini_alter ini_set dl pfsockopen openlog syslog readlink symlink link leak fsockopen"
</IfModule>
</Directory>

but if I run my script, I get this:
<font color=ff0000><br />
<b>Warning</b>:  exec() has been disabled for security reasons in <b>/home/admin/web/stats/ping.php</b> on line <b>19</b><br />
</font>

Please reopen this bug.

Thanks

Majkls
 [2004-08-06 01:05 UTC] rasmus@php.net 
The documentation states very clearly:

  "This directive must be set in php.ini For example, you cannot set this in httpd.conf."

This is not a bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 28 08:01:28 2024 UTC