|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20599 DoS PHP/include...
Submitted: 2002-11-23 13:34 UTC Modified: 2002-11-23 14:35 UTC
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: sc2 at gmx dot at Assigned:
Status: Wont fix Package: Scripting Engine problem
PHP Version: 4.2.3 OS: suse
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2002-11-23 13:34 UTC] sc2 at gmx dot at
i just wanna know if it is in any future version of php any variant to stop DoS / with Includes

so that users can make endless lopp with includes

yes i know i can disable the include dir./require..but is there any other that i can make (or php team) so that DoS is not so easy..



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-23 13:36 UTC]
no, we're not going to disallow include/require.

 [2002-11-23 13:36 UTC]
This has been told many times really should have searched the bug database first. 

If you didn't know, you can do the same thing in quite many
ways, not only with include()..

 [2002-11-23 13:51 UTC] sc2 at gmx dot at
ok thanks and sorry for your time

but where is responsible for this?...may a contact apache ..? for hosters it would be easy when apache or php checks if in XX-Times the same include is detect...(yes other ways works too but oftens includes are used (with false scripts etc))
 [2002-11-23 13:53 UTC]
It's really not for PHP to solve all problems of the world.

 [2002-11-23 14:00 UTC] sc2 at gmx dot at
yes thats not but it is a "php" releated problem..
i know it is free etc...
but if anyone of the PHP has the time / ressource...
/ knowledge... it doesnt hurt for php team..if they made a feature for the admins of php..

it is the time,money or just a "presdige"?
be cool, dont be so "aggressiv" in your answers
 [2002-11-23 14:04 UTC]
Official statement:
We don't have any interest in fixing this problem as it would make PHP unnecessary slow; things like this were discussed before on numerous times, I'm sure you can find them in our bug database.

And my answer has nothing to do with prestige, it's more common sense. And if you think this was an aggresive answer you're wrong, I can be much worse :)

 [2002-11-23 14:06 UTC] sc2 at gmx dot at
ok thx , if you mean this is the right way...
 [2002-11-23 14:07 UTC] sc2 at gmx dot at
ps: you can solve it, thx
 [2002-11-23 14:35 UTC]
maybe you dont understand:

This is no Error in PHP.

you can do endless loops in nearly every Programming language - thats not a bug of this language, its responsibility of the Users (the Coders who use this Language).

If you would have read and understand the article you quoted (ok, you posted the URL), you would have seen it isnt a Bug.

If you do not want Users producing endless Loops on your machine, simply dont give them access.

As i see youre from austria, so if your english is not good enough, feel free to contact me, i can explain it in German to you
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Jul 04 04:05:46 2022 UTC