PHP :: Bug #27284 :: User Password in PHPInfo

Bug #27284	User Password in PHPInfo
Submitted:	2004-02-16 21:50 UTC	Modified:	2004-02-17 02:37 UTC
From:	adam at comsmart dot org	Assigned:
Status:	Not a bug	Package:	PHP options/info functions
PHP Version:	Irrelevant	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 24 - 18 = ?
Subscribe to this entry?

[2004-02-16 21:50 UTC] adam at comsmart dot org

Description:
------------
When you call the phpinfo function, it posts your password on the resulting page. Therefore, you can not include a call to phpinfo on any public page, because people could get into your system. I think that the default call to phpinfo should not output the username/password of the owner of the file.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-02-17 02:37 UTC] helly@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

I assume you mean environment information which you can skip in the output (RTFM). Otherwise the function is never meant to be shown to every user.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 19:01:33 2024 UTC