[php-maint] Bug#459040: libapache2-mod-php5: @ fails to hide warnings/errors when error_reporting is locked in httpd.conf
Bj�Wiberg
Bjorn.Wiberg at its.uu.se
Fri Jan 4 10:05:35 UTC 2008
Package: libapache2-mod-php5
Version: 5.2.0-8+etch9
Severity: normal
Summary: @ fails to hide warnings/errors when error_reporting is locked in httpd.conf
Sample script:
<?php
$resource = opendir($_SERVER['DOCUMENT_ROOT'] . '/no/such/dir/');
echo('<BR>');
$resource = @opendir($_SERVER['DOCUMENT_ROOT'] . '/no/such/dir/');
?>
Comments:
The @ should prevent warnings and errors to be shown on the web page.
However, when the error_reporting directive is locked with php_admin_value in httpd.conf, @ fails and warnings/errors are shown on the web page.
This was not so in the previous release of php5 in Debian.
This is probably related to the fact that PHP recently (as of 5.2.5) correctly enforces php_admin_value in httpd.conf, although this side effect may be undesirable. Backporting miss?
Please note that it *is* desirable to lock error_reporting with php_admin_value so that malicious code cannot disable error reporting *completely*.
Result with "php_admin_value error_reporting 6135" in httpd.conf:
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 4
Result with "php_value error_reporting 6135" in httpd.conf:
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2
Expected result:
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2
...for both "php_admin_value error_reporting 6135" and "php_value error_reporting 6135".
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to sv_SE.UTF-8)
Versions of packages libapache2-mod-php5 depends on:
ii apa 2.2.3-4+etch3 Traditional model for Apache HTTPD
ii apa 2.2.3-4+etch3 Next generation, scalable, extenda
ii lib 1.0.3-6 high-quality block-sorting file co
ii lib 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii lib 4.4.20-8 Berkeley v4.4 Database Libraries [
ii lib 1.4.4-7etch4 MIT Kerberos runtime libraries
ii lib 4.17-5etch3 File type determination library us
ii lib 6.7+7.4-2 Perl 5 Compatible Regular Expressi
ii lib 0.9.8c-4etch1 SSL shared libraries
ii lib 2.6.27.dfsg-1 GNOME XML library
ii mim 3.39-1 MIME files 'mime.types' & 'mailcap
ii php 5.2.0-8+etch9 Common files for packages built fr
ii ucf 2.0020 Update Configuration File: preserv
ii zli 1:1.2.3-13 compression library - runtime
libapache2-mod-php5 recommends no packages.
-- no debconf information
More information about the pkg-php-maint
mailing list