Edit report at https://bugs.php.net/bug.php?id=18675&edit=1
ID: 18675 Updated by: maar...@php.net Reported by: radu dot rendec at ines dot ro Summary: aborting scripts when user hits "stop" in browser -Status: Open +Status: Wont fix Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues Operating System: any PHP Version: 4.2.2 Block user comment: N Private report: N New Comment: This is no safeguard against buggy code. For instance, for your example: all I have to do to keep your server bussy is to keep open a few connections... B) Previous Comments: ------------------------------------------------------------------------ [2002-07-31 12:23:15] radu dot rendec at ines dot ro The default behavior, as reported in the documentation, is to abort scripts with the ABORTED flag on _when the script tries to output something_. This may lead to a security issue. Suppose that a malicious (or dummy) user of a shared web hosting system makes a dead loop in a script and no output is produced inside that loop. Moreover, the script makes some system calls inside that loop so the time limit counter is slowly incremented (or even not incremented at all). So the time limit protection won't work, and neither the ABORTED flag protection (because no output is made inside the loop). If a remote user tries to access the broken script via the browser and hits the stop button, the script will run on the server for ever, causing serious load. If more users try to access the broken script (or the same user tries to access it more times), the server will have a huge load and will soon be unusable. I suggest the default behavior be to abort the execution of the script as soon as the connection is aborted. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=18675&edit=1
