rasmus Wed Jan 28 12:42:21 2004 EDT
Modified files: (Branch: PHP_4_3)
/php-src/sapi/apache mod_php4.c
Log:
If we have a text/html file with the executable bit set, we load up the
current ini, but if php's xbithack option is not set we forgot to restore
the previous ini settings potentially leaking ini settings from one request
to the next. Closes bug #25753 and a few others.
http://cvs.php.net/diff.php/php-src/sapi/apache/mod_php4.c?r1=1.146.2.12&r2=1.146.2.13&ty=u
Index: php-src/sapi/apache/mod_php4.c
diff -u php-src/sapi/apache/mod_php4.c:1.146.2.12
php-src/sapi/apache/mod_php4.c:1.146.2.13
--- php-src/sapi/apache/mod_php4.c:1.146.2.12 Tue Jun 3 01:41:49 2003
+++ php-src/sapi/apache/mod_php4.c Wed Jan 28 12:42:20 2004
@@ -17,7 +17,7 @@
| PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: mod_php4.c,v 1.146.2.12 2003/06/03 05:41:49 rasmus Exp $ */
+/* $Id: mod_php4.c,v 1.146.2.13 2004/01/28 17:42:20 rasmus Exp $ */
#include "php_apache_http.h"
#include "http_conf_globals.h"
@@ -830,6 +830,9 @@
}
if(!AP(xbithack)) {
r->allowed |= (1 << METHODS) - 1;
+ zend_try {
+ zend_ini_deactivate(TSRMLS_C);
+ } zend_end_try();
return DECLINED;
}
return send_parsed_php(r);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
