ID: 47701 Updated by: fel...@php.net Reported By: paul at paulmcgarry dot com -Status: Bogus +Status: Open Bug Type: Unknown/Other Function Operating System: Linux PHP Version: 5.2.9 New Comment:
My mistake, Paul. Sorry. Previous Comments: ------------------------------------------------------------------------ [2009-03-18 23:37:10] paul at paulmcgarry dot com I mentioned 47020 in the first sentence of my initial report so referring me to it is hardly enlightening or productive and pretty much indicates you didn't bother to read the report at all (we are all no doubt time poor, so I understand the temptation!). If this is bogus then please explain why. Personally I cannot see how a failure mode that potentially exposes private data to the user can not be a genuine issue. ------------------------------------------------------------------------ [2009-03-18 23:25:30] fel...@php.net Please, see bug #47020. Thanks. ------------------------------------------------------------------------ [2009-03-18 12:08:43] scott...@php.net Martin, where exactly is this fix? I looked through the NEWS file and saw no entries. ------------------------------------------------------------------------ [2009-03-18 11:06:36] mmcnicklebugs at googlemail dot com This has been fixed in CVS. -- Martin McNickle ------------------------------------------------------------------------ [2009-03-18 02:37:31] paul at paulmcgarry dot com Description: ------------ This relates to Bug #47020 which I believe has incorrectly set to bogus. I have been using print_r() while processing $errcontext in an error handling function, ie one registered with set_error_handler() It seems that when print_r() hits the memory limit it exposes my entire error context to the user. print_r having a failure mode where it exposes potentially private data to the user is a security issue. If it can't be fixed easily then it should be documented. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47701&edit=1
