ID: 14883 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed -Bug Type: Documentation problem +Bug Type: Other web server Operating System: Windows NT (all Win32) PHP Version: 4.1.1 New Comment:
Shane has already commited the fix to CVS :) Previous Comments: ------------------------------------------------------------------------ [2002-02-28 20:32:12] [EMAIL PROTECTED] I just would like to make sure if document in source is ok also. Could anyone check it? And I would like to open this report since [EMAIL PROTECTED] is willing to write patch for this :) Could you change Category to Apache problem after checking doc in source? ------------------------------------------------------------------------ [2002-02-28 20:04:08] [EMAIL PROTECTED] Not a doc prob...RTFM http://www.php.net/manual/en/security.cgi-bin.php ------------------------------------------------------------------------ [2002-02-28 19:59:34] [EMAIL PROTECTED] The problem can be avoided by setting doc_root in php.ini. Meanwhile, I've submitted a quick patch to cvs. Working right now on a full patch. Shane ------------------------------------------------------------------------ [2002-02-28 19:54:24] [EMAIL PROTECTED] I think document is updated so that users can set up Apache corretly, right? (Not yet?) ------------------------------------------------------------------------ [2002-02-28 06:28:04] [EMAIL PROTECTED] Actually, this exploit allows anyone to gain root access to the Machine and so the severity should be ugraded to High. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/14883 -- Edit this bug report at http://bugs.php.net/?id=14883&edit=1
