Re: ini_set() security question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/1/07, Samuel Vogel <samy-delux@xxxxxx> wrote:
I just tried it with php 5.2.3. Same behavior!

Do you agree that overwriting the value shouldn't be possible with
ini_set() ?

I will file a bug report!

I don't think it should be allowed.
A comment from the ini_set page [1]:
"If you set something using php_admin_value in httpd.conf it is then
not possible to be set the value at runtime, even if it's NOT
PHP_INI_SYSTEM. "

So, I guess it must be a bug.

Tijnema

[1] http://www.php.net/manual/en/function.ini-set.php#30424

Richard Lynch schrieb:
> File a bug report then, and see what happens...
>
> But you may want to test with most recent versions if you are not
> already on current PHP versions.
>
> On Thu, May 31, 2007 2:46 pm, Samuel Vogel wrote:
>
>> There is no bug filed for this. There is only one older bug (
>> http://bugs.php.net/bug.php?id=38804 ) which makes me think
>> overwriting
>> with ini_set() shouldn't be possible!
>>
>> Richard Lynch schrieb:
>>
>>> On Wed, May 30, 2007 3:34 pm, Samuel Vogel wrote:
>>>
>>>
>>>>> And what happens if you try to allocate 3M of data?
>>>>>
>>>>> $foo = str_repeat('.', 3145728);
>>>>>
>>>>>
>>>>>
>>>> Nothing. It does it without any errors. I can allocate up to 20MB
>>>> (well
>>>> a little bit less of course).
>>>>
>>>>
>>> Check http://bugs.php.net and see if it's a known issue or an
>>> exception to the php_admin_* rule or...
>>>
>>>
>>>
>
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux