Dunno if this has been mentioned or fixed in the latest release (I'm using PHP version 4.1.1) -- but, a script will not timeout until the sleep() function has finished it's duration -- for example:
In my script, if I set "set_time_limit(30)" -- then later in the script I call a "sleep(45)" -- the script will not timeout until 45 seconds later, from the point at which the sleep() function was called. Now, being a conscious programmer -- I'd probably never set my sleep() function to exceed my default or defined timeout setting. However, the sleep value can be set via a $var -- and depending on what functions are performed -- I can see how, when a programmer wants his script to timeout within a certain amount of time and then it doesn't; can cause a problem -- in-fact, I can foree some sort of sleep-attack whereby a malicious hacker figures out that a particular script on a particular website has a dynamic $var for the sleep() function -- then s/he writes a script which calls the page many times --- "injecting" the $var (say for example: http://www.whateverweb.goo/home.php?t=65536, where $t is the time $var in the script; sleep($t);" Effectively; in this case, the scripts won't timeout for 18 some hours. Filling up memory fast. Just FYI. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
