php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47296 php_admin_value does not work as expected
Submitted: 2009-02-04 03:28 UTC Modified: 2009-02-12 01:00 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:1 (25.0%)
From: ali dot hamad at dci dot net dot sa Assigned:
Status: No Feedback Package: Apache2 related
PHP Version: 5.2.8 OS: Red Hat Enterprise Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-02-04 03:28 UTC] ali dot hamad at dci dot net dot sa 
Description:
------------
1) my disable_functions in php.ini :

disable_functions = php_uname

2) in httpd.conf , inside the vhost for the user, I have :

<Directory "/home/userName/public_html/">

<IfModule mod_php5.c>
    php_admin_value disable_functions "system"
</IfModule>

</Directory>

3) Here is my code :

<?php
echo "disable_functions=".ini_get('disable_functions');
echo "<br>";
echo "php_uname=".php_uname();
echo "<br>";
?>

4) expected result :
disable_functions=system
php_uname= Linux ...etc.

5) Actual result :
disable_functions=system
php_uname=

notice, no output from php_uname and in the php error log :
[04-Feb-2009 06:08:28] PHP Warning:  php_uname() has been disabled for security reasons in ..etc

I think it is a bug since the ini_get call to disable_functions gave me what supposed to be disabled, system function. However, php_uname, is still disabled even if I overwrite disable_functions setting using the php_admin_value in the user vhost.

Regards,
Ali Hamad.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-04 22:19 UTC] jani@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2009-02-05 04:20 UTC] ali dot hamad at dci dot net dot sa 
Thank you, I will try this later this weekend and will let you know.

Ali,
 [2009-02-12 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-02-26 17:00 UTC] inno dot vation at gmx dot net 
Seeing the same problem under 5.2.6 (opensuse 10.3 newest patches)

1)global -> works
php.ini:
disable_functions= php_uname

2) vhost -> works not
php.ini:
disable_functions=

vhost.conf:
php_admin_value disable_functions "php_uname" 


----

If I proof the variants - both shows me a 

"disable_functions=php_uname" relating to the code from Ali Hamad, but only in the variant 1) it returns an warning.

I suppose that still a bug.

Regards 

Inno
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 23 16:01:35 2024 UTC