|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68018 php_value directive modifies "Changeable" context
Submitted: 2014-09-13 19:54 UTC Modified: -
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: manuel-php at mausz dot at Assigned:
Status: Open Package: FPM related
PHP Version: master-Git-2014-09-13 (Git) OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-09-13 19:54 UTC] manuel-php at mausz dot at
Using php_value directives in PHP-FPM modifies the modifiable member of the ini setting. e.g. php_value[enable_dl] = 0 changes modifiable from PHP_INI_SYSTEM to PHP_INI_USER which will allow changing enable_dl using ini_set().

Also fpm_php_zend_ini_alter_master lacks the modifiable check from zend_alter_ini_entry_ex. So it's possible to overwrite a PHP_INI_SYSTEM setting with a php_value directive.

The attached patch fixes both.


master-fpm-ini-modifiable.patch (last revision 2014-09-13 19:54 UTC by manuel-php at mausz dot at)

Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Apr 23 22:01:31 2024 UTC