php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33723 php_value overrides php_admin_value
Submitted: 2005-07-16 13:22 UTC Modified: 2005-08-01 10:49 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: ezmlm at mail dot ru Assigned: dmitry (profile)
Status: Closed Package: Apache related
PHP Version: 5CVS-2005-07-18 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ezmlm at mail dot ru
New email:
PHP Version: OS:

 

 [2005-07-16 13:22 UTC] ezmlm at mail dot ru 
Description:
------------
PHP5 for apache 1.3.33 built as DSO allows php_admin_value (php_admin_flag) options marked as PHP_INI_SYSTEM to be reset in .htaccess files by using php_value (php_flag). safe_mode for example.

To demonstrate the problem in php.ini set safe_mode = Off, in httpd.conf, set:
php_admin_value safe_mode on

Get phpinfo to verify that safe_mode is on.

Now create .htaccess file in document_root containing:
php_flag safe_mode off

(or even php_flag safe_mode on)

Get phpinfo again and note that safe_mode was reset to off (php.ini initial value)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-20 23:52 UTC] sniper@php.net 
Verified: This only happens with Apache 1.3.x.
 [2005-07-21 00:09 UTC] sniper@php.net 
Note: PHP 4.4.0 works fine, this only happens with PHP 5.
 [2005-08-01 10:49 UTC] dmitry@php.net 
Fixed in CVS HEAD and PHP_5_0.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 07:01:29 2024 UTC