ID: 15153 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open -Bug Type: Documentation problem +Bug Type: Directory function related Operating System: Linux 2.2.20 (Redhat 5.2) PHP Version: 4.1.1 New Comment:
Fixed this in the documentation, but I still think it's an issue that should be fixed in the PHP-source Previous Comments: ------------------------------------------------------------------------ [2002-01-22 14:21:51] [EMAIL PROTECTED] Reclassified as a documentation problem. ------------------------------------------------------------------------ [2002-01-21 16:23:16] [EMAIL PROTECTED] A piece of code that you have at http://www.php.net/manual/en/function.readdir.php leads to system DoS with php-4.1.1, Linux 2.2.20, apache 1.3.22: Example 1. List all files in the current directory <?php $handle=opendir('.'); echo "Directory handle: $handle\n"; echo "Files:\n"; while (false !== ($file = readdir($handle))) { echo "$file\n"; } closedir($handle); ?> When this code is executed, php enters a loop writing this line to the log file an infinite number of times: [date] PHP Warning: Supplied argument is not a valid Directory resource in /path/to/script.php on line 5. Httpd uses all processor time and finally fills the partition in which the log file is located. The problem seems to be the dot in the function call because the script works normally if the dot is replaced with an absolute path name. My apacle 1.3.22 web server includes the following modules: mod_ssl 2.8.5, mod_perl 1.26, php-3.0.18, php-4.1.1. Php-4.1.1 has been compiled as a dynamic module with the following options: --enable-versioning --with-apxs --with-mysql --with-xml --enable-calendar --enable-memory-limit --enable-session --enable-safe-mode --with-openssl --enable-bcmath --with-gd I also tried this with php-4.0.6 and the result is the same. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=15153&edit=1
