PHP :: Bug #33723 :: php_value overrides php_admin

PHP :: Bug #33723 :: php_value overrides php_admin_value

Bug #33723

php_value overrides php_admin_value

Submitted:

2005-07-16 13:22 UTC

Modified:

2005-08-01 10:49 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

ezmlm at mail dot ru

Assigned:

dmitry (profile)

Status:

Closed

Package:

Apache related

PHP Version:

5CVS-2005-07-18

OS:

Linux

Private report:

CVE-ID:

None

[2005-07-16 13:22 UTC] ezmlm at mail dot ru

Description:
------------
PHP5 for apache 1.3.33 built as DSO allows php_admin_value (php_admin_flag) options marked as PHP_INI_SYSTEM to be reset in .htaccess files by using php_value (php_flag). safe_mode for example.

To demonstrate the problem in php.ini set safe_mode = Off, in httpd.conf, set:
php_admin_value safe_mode on

Get phpinfo to verify that safe_mode is on.

Now create .htaccess file in document_root containing:
php_flag safe_mode off

(or even php_flag safe_mode on)

Get phpinfo again and note that safe_mode was reset to off (php.ini initial value)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-07-20 23:52 UTC] sniper@php.net

Verified: This only happens with Apache 1.3.x.

[2005-07-21 00:09 UTC] sniper@php.net

Note: PHP 4.4.0 works fine, this only happens with PHP 5.