ID: 43677 Comment by: d at tpyo dot net Reported By: root at net1 dot cc Status: Open Bug Type: Safe Mode/open_basedir Operating System: FreeBSD 6.2 PHP Version: 5.2.5 New Comment:
Thanks Manuel. Patch works perfectly. But I agree, it is a fairly serious issue that undoubtedly affects a lot of users. Previous Comments: ------------------------------------------------------------------------ [2008-01-17 13:40:04] manuel at mausz dot at Err... php as apache module... :) ------------------------------------------------------------------------ [2008-01-17 13:35:48] manuel at mausz dot at Can some dev please take a look at this (or the patch)? This is a serious issue for all users running apache as module and mixing php_admin_value and php_value. It also looks like this is the same as: http://bugs.php.net/bug.php?id=43842 http://bugs.php.net/bug.php?id=43755 http://bugs.php.net/bug.php?id=43207 ------------------------------------------------------------------------ [2008-01-13 03:14:53] root at net1 dot cc I've been using the patched PHP for several hours now, and - confirmed - it's working flawless! This patch really fixes the issue! Thanks once again, Manuel! For FreeBSD users, I've uploaded a modified patch file for deployment with the ports system, for ease of use, and instructions here: http://mirror.net1.cc/projects/php-bug43677-patch/ ------------------------------------------------------------------------ [2008-01-12 21:19:29] root at net1 dot cc I'm gonna test Manuel's patch (thanks!) and report back later if it does fix the problems observed. ------------------------------------------------------------------------ [2008-01-12 18:08:43] manuel at mausz dot at I tracked the problem down. Every altered ini setting gets added to the modified_ini_directives-hashtable in order to restore the original value after the request has been processed. Zend simply forgets to restore the modifiable-level. A patch can be found at http://manuel.mausz.at/coding/patches/php/5.2.5/php5.2.5-restore-ini-level.patch Please note that this patch will break the ini setting ABI. Thus all extensions registering ini settings will have to be recompiled. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/43677 -- Edit this bug report at http://bugs.php.net/?id=43677&edit=1
