php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75212 php_value acts like php_admin_value
Submitted: 2017-09-15 14:09 UTC Modified: 2017-09-18 16:10 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: FPM related
PHP Version: Irrelevant OS: GNU/Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: remi@php.net
New email:
PHP Version: OS:

 

 [2017-09-15 14:09 UTC] remi@php.net
Description:
------------
If pool configuration contains a php_admin_value directive, it is protected and cannot be modified in .user.init: OK.

If pool configuration contains a php_value directive, it is also protected and cannot be modified in .user.init: looks like a bug.





Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-09-18 16:09 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=cfc6c4d2973c795cb400435a28805a73c02d23e2
Log: Fixed Bug #75212 php_value acts like php_admin_value
 [2017-09-18 16:09 UTC] remi@php.net
-Status: Open +Status: Closed
 [2017-09-18 16:10 UTC] remi@php.net
-Assigned To: +Assigned To: remi
 [2017-09-18 16:11 UTC] remi@php.net
As discussed on the PR, this may raised some unwanted changes in stable branch (if users occasionally have .user.ini files laying around, those suddenly start to take effect).

So this will be fixed in 7.2 only
 [2017-09-18 17:25 UTC] spam2 at rhsoft dot net
> As discussed on the PR, this may raised some unwanted 
> changes in stable branch (if users occasionally have 
> .user.ini files laying around, those suddenly start 
> to take effect)

that's a terrible broken point of view

.user.ini files don't appear magically and users expect them to behave as they are written, thats's the same as 'open_basedir' can't be changed anywhere outside php.ini but is displayed (or at least was) with the local value of the vhost which leaded in my case in unwanted security holes becaus eshell commands was intended to be only allowed by 2 out of some hundret vhosts

frankly you can't call behave as configured a "unwanted change"
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Jan 20 06:03:34 2022 UTC