[php-maint] Bug#459040: libapache2-mod-php5: @ fails to hide warnings/errors when error_reporting is locked in httpd.conf

Bj�Wiberg Bjorn.Wiberg at its.uu.se
Fri Jan 4 10:05:35 UTC 2008 

Package: libapache2-mod-php5
Version: 5.2.0-8+etch9
Severity: normal

Summary: @ fails to hide warnings/errors when error_reporting is locked in httpd.conf


Sample script:

<?php
  $resource = opendir($_SERVER['DOCUMENT_ROOT'] . '/no/such/dir/');
  echo('<BR>');
  $resource = @opendir($_SERVER['DOCUMENT_ROOT'] . '/no/such/dir/');
?>


Comments:

The @ should prevent warnings and errors to be shown on the web page.
However, when the error_reporting directive is locked with php_admin_value in httpd.conf, @ fails and warnings/errors are shown on the web page.
This was not so in the previous release of php5 in Debian.
This is probably related to the fact that PHP recently (as of 5.2.5) correctly enforces php_admin_value in httpd.conf, although this side effect may be undesirable. Backporting miss?

Please note that it *is* desirable to lock error_reporting with php_admin_value so that malicious code cannot disable error reporting *completely*.


Result with "php_admin_value error_reporting 6135" in httpd.conf:

Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 4


Result with "php_value error_reporting 6135" in httpd.conf:

Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2


Expected result:

Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2

...for both "php_admin_value error_reporting 6135" and "php_value error_reporting 6135".


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to sv_SE.UTF-8)

Versions of packages libapache2-mod-php5 depends on:
ii  apa 2.2.3-4+etch3                        Traditional model for Apache HTTPD
ii  apa 2.2.3-4+etch3                        Next generation, scalable, extenda
ii  lib 1.0.3-6                              high-quality block-sorting file co
ii  lib 2.3.6.ds1-13etch4                    GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 4.4.20-8                             Berkeley v4.4 Database Libraries [
ii  lib 1.4.4-7etch4                         MIT Kerberos runtime libraries
ii  lib 4.17-5etch3                          File type determination library us
ii  lib 6.7+7.4-2                            Perl 5 Compatible Regular Expressi
ii  lib 0.9.8c-4etch1                        SSL shared libraries
ii  lib 2.6.27.dfsg-1                        GNOME XML library
ii  mim 3.39-1                               MIME files 'mime.types' & 'mailcap
ii  php 5.2.0-8+etch9                        Common files for packages built fr
ii  ucf 2.0020                               Update Configuration File: preserv
ii  zli 1:1.2.3-13                           compression library - runtime

libapache2-mod-php5 recommends no packages.

-- no debconf information

More information about the pkg-php-maint mailing list