php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #14071 'admin-values' php.ini also for CGI-binary
Submitted: 2001-11-15 13:12 UTC Modified: 2017-10-23 00:25 UTC
Votes:3
Avg. Score:3.3 ± 0.5
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: maddog2k at maddog2k dot nl Assigned: kalle (profile)
Status: Closed Package: PHP options/info functions
PHP Version: 4.0.6 OS: Linux/FreeBSD
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: maddog2k at maddog2k dot nl
New email:
PHP Version: OS:

 

 [2001-11-15 13:12 UTC] maddog2k at maddog2k dot nl
The problem I ran into while using PHP as CGI-binary under for example Apache instead of mod_php, is that you can't simply allow restrictive overrides of certain values.

If you for example put a 'php.ini' file in a directory, PHP will read that file...completely ignoring the /usr/local/lib/php.ini

Let's say we have a malicious user who wants to upload files of 100MB, he could simply do that by allowing this in his 'own' php.ini (post_max_size). I don't think this is a wanted situation.

The restriction I'm using now (thanks to Mathieu), is by an edited php_ini.c that reads only the php.ini from PHP_CONFIG_FILE_PATH. 

Why not using the same guidelines as with the ini_set() function ? Or an option in the 'default' .ini, to turn this behaviour on...:))

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-10 04:51 UTC] maddog2k at maddog2k dot nl
Guess I'm the only one who'd like this behaviour :)
 [2010-12-03 17:49 UTC] jani@php.net
-Package: Feature/Change Request +Package: PHP options/info functions
 [2017-10-23 00:25 UTC] kalle@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: kalle
 [2017-10-23 00:25 UTC] kalle@php.net
I'm not sure at what point the php-cgi -c option was introduced, but it seems more reasonable to simply supply the CGI SAPI of PHP with a specific php.ini file using php-cgi -c /path/to/php.ini

Please re-open if this still is an issue with PHP7
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Jan 25 05:01:24 2020 UTC