ID: 36125 User updated by: hugues at duplexstudio dot com Reported By: hugues at duplexstudio dot com Status: Bogus Bug Type: CGI related Operating System: Fedora Core 3 PHP Version: 4.4.2 New Comment:
So if it's not a bug why the php.ini file must be in the same folder then the file.phtml ? Tanks Previous Comments: ------------------------------------------------------------------------ [2006-01-22 19:16:34] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php If you allow cgi one might run anything - no PHP problem ------------------------------------------------------------------------ [2006-01-22 18:48:01] [EMAIL PROTECTED] >I found a way to execute php code with a different >php.ini file if .htaccess is enable. So what's the problem? ------------------------------------------------------------------------ [2006-01-22 18:37:40] hugues at duplexstudio dot com Description: ------------ Force CGI Redirect is compile by default in Linux Apache system for security reason. I found a way to execute php code with a different php.ini file if .htaccess is enable. Reproduce code: --------------- In apache I have enable cgi-script and .htaccess Maybe it's in newest version. In the root folder of my web site I created a .htaccess file with AddHandler cgi-script .phtml In my /myrootfolder/file.phtml I add #!/usr/bin/php -c /myrootfolder/php.ini I chmod +x the file.phtml. I create /myrootfolder/php.ini and set cgi.force_redirect = 0 and now I can run the file.phtml file The php.ini file and file.phtml must be in the same folder to work. Expected result: ---------------- If this is not a security issue, I expect that the php.ini file could be anywhere on the server if the user could access it. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=36125&edit=1
