Package: php5-common Version: 5.2.6.dfsg.1-1+lenny4 Severity: normal Tags: patch
Hello,
I copied the file provided as
/usr/share/doc/php5-common/examples/php.ini-paranoid
to
/etc/php5/apache2/php.ini
and used that.
The error.log said
PHP: Error parsing /etc/php5/apache2/php.ini on line 95
on apache startup.
Unfortunately, the apache PHP interpreter did operate on .php files in
spite of the parsing error.
Even worse, the security features the file is supposed to provide were
NOT active!
So this is somewhat of a security issue.
(Of course, one can hope an admin who is cautious enough to read the
standard php.ini
and is cautious to replace it with the paranoid one
is also cautious enough to have a look at error.log, and act on the
warning.)
The obvious repair is to add a ";" in front of line 95. I include a
patch that does that.
Regards, and thank you for providing fine software,
Andreas
--- /usr/share/doc/php5-common/examples/php.ini-paranoid 2009-11-22 03:48:28.000000000 +0100 +++ /tmp/php.ini-paranoid 2010-01-10 19:13:35.000000000 +0100 @@ -92,7 +92,7 @@ ; be found by running: ; ; $ diff -u /usr/share/doc/php5-common/examples/php.ini-dist \ - /usr/share/doc/php5-common/examples/php.ini-paranoid |less +; /usr/share/doc/php5-common/examples/php.ini-paranoid |less ; ; ; This is a (not complete) list of some of the changes introduced in this file:
signature.asc
Description: OpenPGP digital signature
