ID: 49065 User updated by: yoram dot b at zend dot com Reported By: yoram dot b at zend dot com Status: Open Bug Type: Dynamic loading Operating System: All PHP Version: 5.3.0 New Comment:
security hole, of course... Previous Comments: ------------------------------------------------------------------------ [2009-07-26 15:23:33] yoram dot b at zend dot com Description: ------------ that is actually easy, in main.c : 1991 php_ini_register_extensions(TSRMLS_C); 1992 zend_startup_modules(TSRMLS_C); 1993 1994 /* disable certain classes and functions as requested by php.ini */ 1995 php_disable_functions(TSRMLS_C); 1996 php_disable_classes(TSRMLS_C); 1997 1998 /* start Zend extensions */ 1999 zend_startup_extensions(); As you can see, zend_extensions are started after php_disable_functions() That might be a security whole, at list when not documented. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49065&edit=1
