|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #14071 'admin-values' php.ini also for CGI-binary
Submitted: 2001-11-15 13:12 UTC Modified: 2017-10-23 00:25 UTC
Avg. Score:3.3 ± 0.5
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: maddog2k at maddog2k dot nl Assigned: kalle (profile)
Status: Closed Package: PHP options/info functions
PHP Version: 4.0.6 OS: Linux/FreeBSD
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: maddog2k at maddog2k dot nl
New email:
PHP Version: OS:


 [2001-11-15 13:12 UTC] maddog2k at maddog2k dot nl
The problem I ran into while using PHP as CGI-binary under for example Apache instead of mod_php, is that you can't simply allow restrictive overrides of certain values.

If you for example put a 'php.ini' file in a directory, PHP will read that file...completely ignoring the /usr/local/lib/php.ini

Let's say we have a malicious user who wants to upload files of 100MB, he could simply do that by allowing this in his 'own' php.ini (post_max_size). I don't think this is a wanted situation.

The restriction I'm using now (thanks to Mathieu), is by an edited php_ini.c that reads only the php.ini from PHP_CONFIG_FILE_PATH. 

Why not using the same guidelines as with the ini_set() function ? Or an option in the 'default' .ini, to turn this behaviour on...:))


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-10 04:51 UTC] maddog2k at maddog2k dot nl
Guess I'm the only one who'd like this behaviour :)
 [2010-12-03 17:49 UTC]
-Package: Feature/Change Request +Package: PHP options/info functions
 [2017-10-23 00:25 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: kalle
 [2017-10-23 00:25 UTC]
I'm not sure at what point the php-cgi -c option was introduced, but it seems more reasonable to simply supply the CGI SAPI of PHP with a specific php.ini file using php-cgi -c /path/to/php.ini

Please re-open if this still is an issue with PHP7
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Sep 20 06:03:37 2021 UTC