ID: 49065 Updated by: j...@php.net Reported By: yoram dot b at zend dot com Status: Verified Bug Type: Scripting Engine problem Operating System: * PHP Version: 5.*, 6SVN (2009-07-26) New Comment:
FYI: The person who committed the code is Zeev. AFAIK, he has something to do with Zend. It's _ZEND_ extensions you're talking about.. Previous Comments: ------------------------------------------------------------------------ [2009-07-28 08:32:27] yoram dot b at zend dot com This is PHP code, it has nothing to do with Zend, only with zend...) ------------------------------------------------------------------------ [2009-07-26 19:06:55] j...@php.net Indeed. Maybe someone at Zend had a reason for that? Try asking around. :) ------------------------------------------------------------------------ [2009-07-26 15:25:44] yoram dot b at zend dot com security hole, of course...) ------------------------------------------------------------------------ [2009-07-26 15:23:33] yoram dot b at zend dot com Description: ------------ that is actually easy, in main.c : 1991 php_ini_register_extensions(TSRMLS_C); 1992 zend_startup_modules(TSRMLS_C); 1993 1994 /* disable certain classes and functions as requested by php.ini */ 1995 php_disable_functions(TSRMLS_C); 1996 php_disable_classes(TSRMLS_C); 1997 1998 /* start Zend extensions */ 1999 zend_startup_extensions(); As you can see, zend_extensions are started after php_disable_functions() That might be a security whole, at list when not documented. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49065&edit=1
