[PHP-DEV] PHP 4.0 Bug #3991 Updated: admin_values (like safe mode) can be overridden From: Bug Database (php-dev <email protected>)
Date: 03/31/00

ID: 3991
User Update by: djm <email protected>
Status: Open
Bug Type: Misbehaving function
Description: admin_values (like safe mode) can be overridden

After adding some debugging code, I have a better understanding of what's going on. The values in the .htaccess file are not being used, but they are overwriting in the hash table the values from the httpd.conf, so the compiled-in defaults are taking effect.
In sapi/apache/mod_php4.c, php_apache_alter_ini_entries calls php_alter_ini_entry, which does return -1 for the values that aren't settable from a .htaccess file, because they have modify_type PHP_INI_PERDIR (2). But the values set in the httpd.conf (with modify_type PHP_INI_SYSTEM (4)) have disappeared.
In the mod_php4.c hash table merging code, php_merge_dir and copy_per_dir_entry shouldn't overwrite a global setting with a disallowed per-directory one.
Better yet, php_apache_value_handler_ex shouldn't enter disallowed values into the per-dir hash table in the first place (it should check mode first).
Here's a diff that seems to fix the problem, and includes some debugging code to help demonstrate it:

--- sapi/apache/mod_php4.c 2000/03/31 01:55:50 1.1.1.1
+++ sapi/apache/mod_php4.c 2000/03/31 07:10:39
@@ -394,7 +394,13 @@

 static int php_apache_alter_ini_entries(php_per_dir_entry *per_dir_entry)
 {
- php_alter_ini_entry(per_dir_entry->key, per_dir_entry->key_length+1, per_dir_entry->value, per_dir_entry->value_length+1, per_dir_entry->type, PHP_INI_STAGE_ACTIVATE);
+ int i;
+ char msg[8192];
+ snprintf(msg, 8192, "altering ini entry %s=%s type=%d", per_dir_entry->key, per_dir_entry->value, per_dir_entry->type);
+ php_apache_log_message(msg);
+ i = php_alter_ini_entry(per_dir_entry->key, per_dir_entry->key_length+1, per_dir_entry->value, per_dir_entry->value_length+1, per_dir_entry->type, PHP_INI_STAGE_ACTIVATE);
+ snprintf(msg, 8192, " => %d", i);
+ php_apache_log_message(msg);
        return 0;
 }

@@ -560,6 +566,7 @@
 CONST_PREFIX char *php_apache_value_handler_ex(cmd_parms *cmd, HashTable *conf, char *arg1, char *arg2, int mode)
 {
        php_per_dir_entry per_dir_entry;
+ php_ini_entry *ini_entry;

        if (!apache_php_initialized) {
                sapi_startup(&sapi_module);
@@ -574,6 +581,14 @@

        per_dir_entry.key_length = strlen(arg1);
        per_dir_entry.value_length = strlen(arg2);
+
+ ini_entry = get_ini_entry(arg1, per_dir_entry.key_length + 1);
+ if (ini_entry && !(ini_entry->modifyable & mode)) {
+ char msg[8192];
+ snprintf(msg, 8192, "setting %s to %s in %d is not permitted", arg1, arg2, mode);
+ php_apache_log_message(msg);
+ return NULL;
+ }

        per_dir_entry.key = (char *) malloc(per_dir_entry.key_length+1);
        memcpy(per_dir_entry.key, arg1, per_dir_entry.key_length);

Full Bug description available at: http://bugs.php.net/version4/?id=3991 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>