Edit report at https://bugs.php.net/bug.php?id=55181&edit=1
ID: 55181 Comment by: public at grik dot net Reported by: f...@php.net Summary: Enhance security by limiting the script extension Status: Closed Type: Feature/Change Request Package: FPM related Operating System: any PHP Version: 5.3.6 Assigned To: fat Block user comment: N Private report: N New Comment: it would be MUCH better if you do the same way it's done with date.timezone: if the setting is not defined, it gives a warning on PHP start now everyone blindly upgrading to a minor release with the same php-fpm.conf are shooting their feet Previous Comments: ------------------------------------------------------------------------ [2012-01-13 08:57:15] laph at gmx dot net This is a massive functionality change, breaking every application that doesn't stick to the ".php" File-Extension when upgrading from 5.3.8 to 5.3.9 since if "security.limit_extensions" is unset, it's limited to ".php". Additionally this new configuration setting is not documented in the FPM-Docs. Please, don't do such changes in minor releases. Or at lease document them properly! ------------------------------------------------------------------------ [2011-10-08 19:52:26] f...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2011-10-08 13:42:08] f...@php.net Automatic comment from SVN on behalf of fat Revision: http://svn.php.net/viewvc/?view=revision&revision=317894 Log: - Backported FR #55181 from 5.4 branch (Enhance security by limiting access to user defined extensions) ------------------------------------------------------------------------ [2011-07-12 19:01:21] f...@php.net Commited on 5.4. Waiting to 5.3.7 to be released to backport this to 5.3. ------------------------------------------------------------------------ [2011-07-12 19:00:39] f...@php.net Automatic comment from SVN on behalf of fat Revision: http://svn.php.net/viewvc/?view=revision&revision=313186 Log: - Implemented FR #55181 (Enhance security by limiting access to user defined extensions) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55181 -- Edit this bug report at https://bugs.php.net/bug.php?id=55181&edit=1
