php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33723 php_value overrides php_admin_value
Submitted: 2005-07-16 13:22 UTC Modified: 2005-08-01 10:49 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: ezmlm at mail dot ru Assigned: dmitry
Status: Closed Package: Apache related
PHP Version: 5CVS-2005-07-18 OS: Linux
Private report: No CVE-ID:
 [2005-07-16 13:22 UTC] ezmlm at mail dot ru
Description:
------------
PHP5 for apache 1.3.33 built as DSO allows php_admin_value (php_admin_flag) options marked as PHP_INI_SYSTEM to be reset in .htaccess files by using php_value (php_flag). safe_mode for example.

To demonstrate the problem in php.ini set safe_mode = Off, in httpd.conf, set:
php_admin_value safe_mode on

Get phpinfo to verify that safe_mode is on.

Now create .htaccess file in document_root containing:
php_flag safe_mode off

(or even php_flag safe_mode on)

Get phpinfo again and note that safe_mode was reset to off (php.ini initial value)



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-20 23:52 UTC] sniper@php.net
Verified: This only happens with Apache 1.3.x.

 [2005-07-21 00:09 UTC] sniper@php.net
Note: PHP 4.4.0 works fine, this only happens with PHP 5.

 [2005-08-01 10:49 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_0.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 15:01:54 2014 UTC