ID: 10043
Updated by: sniper
Status: Feedback
Bug Type: *Web Server problem
Operating System: WinNT40 sp6
PHP Version: 4.0.4pl1
New Comment:

I meant from:

Previous Comments:

[2001-08-19 03:16:15] [EMAIL PROTECTED]

Does this happen with latest CVS snapshot: 


[2001-03-29 09:10:45] [EMAIL PROTECTED]

I'm aware of the registerglobals.  No, no functions in my code.  It's relatively 
straihgtforward, actually.

if ($submit=='')  {
echo <<<EOT
<html><head><link rel="stylesheet" type="text/css" href="cbox-exp.css"></head>
<FORM method=post action=cutsheet.php >
<BUTTON type="submit" NAME="submit" value="submit">Submit</BUTTON></FORM>
else {
# start!

Here's the top snip of my php.ini:


; About this file ;
; This file controls many aspects of PHP's behavior.  In order for PHP to
; read it, it must be named 'php.ini'.  PHP looks for it in the current
; working directory, in the path designated by the environment variable
; PHPRC, and in the path that was defined in compile time (in that order).
; Under Windows, the compile-time path is the Windows directory.  The
; path in which the php.ini file is looked for can be overriden using
; the -c argument in command line mode.
; The syntax of the file is extremely simple.  Whitespace and Lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").
; Expressions in the INI file are limited to bitwise operators and parentheses:
; |                             bitwise OR
; &                             bitwise AND
; ~                             bitwise NOT
; !                             boolean NOT
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
;   foo =                       ; sets foo to an empty string
;       foo = none              ; sets foo to an empty string
;       foo = "none"    ; sets foo to the string 'none'
; If you use constants in your value, and these constants belong to a dynamically
; loaded extension (either a PHP extension or a Zend extension), you may only
; use these constants *after* the line that loads the extension.
; All the values in the php.ini-dist file correspond to the builtin
; defaults (that is, if no php.ini is used, or if you delete these lines,
; the builtin defaults will be identical).

; Language Options ;

engine                  =       On      ; Enable the PHP scripting language engine 
under Apache
short_open_tag  =       On      ; allow the <? tag.  otherwise, only <?php and 
<script> tags are recognized.
asp_tags                =       Off ; allow ASP-style <% %> tags
precision               =       14      ; number of significant digits displayed in 
floating point numbers
y2k_compliance  =       Off     ; whether to be year 2000 compliant (will cause 
problems with non y2k compliant browsers)
output_buffering        = Off   ; Output buffering allows you to send header lines 
(including cookies)
                                                        ; even after you send body 
content, in the price of slowing PHP's
                                                        ; output layer a bit.
                                                        ; You can enable output 
buffering by in runtime by calling the output
                                                        ; buffering functions, or 
enable output buffering for all files
                                                        ; by setting this directive to 
output_handler          =               ; You can redirect all of the output of your 
scripts to a function,
                                                        ; that can be responsible to 
process or log it.  For example,
                                                        ; if you set the 
output_handler to "ob_gzhandler", than output
                                                        ; will be transparently 
compressed for browsers that support gzip or
                                                        ; deflate encoding.  Setting 
an output handler automatically turns on
                                                        ; output buffering.
implicit_flush          = Off   ; Implicit flush tells PHP to tell the output layer to 
flush itself
                                                        ; automatically after every 
output block.  This is equivalent to
                                                        ; calling the PHP function 
flush() after each and every call to print()
                                                        ; or echo() and each and every 
HTML block.
                                                        ; Turning this option on has 
serious performance implications, and
                                                        ; is generally recommended for 
debugging purposes only.
allow_call_time_pass_reference  = On    ; whether to enable the ability to force 
arguments to be 
passed by reference at function-call time.  This method
                                                                                ; is 
deprecated, and is likely to be unsupported in future
versions of PHP/Zend.  The encouraged method of specifying
which arguments should be passed by reference is in the
function declaration.  You're encouraged to try and
                                                                                ; turn 
this option Off, and make sure your scripts work
properly with it, to ensure they will work with future
versions of the language (you will receive a warning
                                                                                ; each 
time you use this feature, and the argument will
                                                                                ; be 
passed by value instead of by reference).

; Safe Mode
safe_mode               =       Off
safe_mode_exec_dir      =
safe_mode_allowed_env_vars = PHP_                                       ; Setting 
certain environment variables
                 ; may be a potential security breach.
                 ; This directive contains a comma-delimited
                 ; list of prefixes.  In Safe Mode, the
                 ; user may only alter environment
                 ; variables whose names begin with the
                 ; prefixes supplied here.
                 ; By default, users will only be able
                 ; to set environment variables that begin
                 ; with PHP_ (e.g. PHP_FOO=BAR).
                 ; Note:  If this directive is empty, PHP
                 ; will let the user modify ANY environment
                 ; variable!
safe_mode_protected_env_vars = LD_LIBRARY_PATH          ; This directive contains a 
                 ; delimited list of environment variables,
                 ; that the end user won't be able to
                 ; change using putenv().
                 ; These variables will be protected
                 ; even if safe_mode_allowed_env_vars is
                 ; set to allow to change them.

disable_functions       =                                                              
 ; This directive allows you to disable certain
                 ; functions for security reasons.  It receives
                 ; a comma separated list of function names.
                 ; This directive is *NOT* affected by whether
                 ; Safe Mode is turned on or off.

; Colors for Syntax Highlighting mode.  Anything that's acceptable in <font color=???> 
would work.
highlight.string        =       #DD0000
highlight.comment       =       #FF8000
highlight.keyword       =       #007700            =       #FFFFFF
highlight.default       =       #0000BB
highlight.html          =       #000000

; Misc
expose_php      =       On              ; Decides whether PHP may expose the fact that 
it is installed on the
                                                ; server (e.g., by adding its 
signature to the Web server header).
                                                ; It is no security threat in any way, 
but it makes it possible
                                                ; to determine whether you use PHP on 
your server or not.

; Resource Limits ;

max_execution_time = 30     ; Maximum execution time of each script, in seconds
memory_limit = 8M                       ; Maximum amount of memory a script may 
consume (8MB)

; Error handling and logging ;
; error_reporting is a bit-field.  Or each number up to get desired error reporting 
; E_ALL                         - All errors and warnings
; E_ERROR                       - fatal run-time errors
; E_WARNING                     - run-time warnings (non fatal errors)
; E_PARSE                       - compile-time parse errors
; E_NOTICE                      - run-time notices (these are warnings which often 
result from a bug in
;                                         your code, but it's possible that it was 
intentional (e.g., using an
;                                         uninitialized variable and relying on the 
fact it's automatically
;                                         initialized to an empty string)
; E_CORE_ERROR          - fatal errors that occur during PHP's initial startup
; E_CORE_WARNING        - warnings (non fatal errors) that occur during PHP's initial 
; E_COMPILE_ERROR       - fatal compile-time errors
; E_COMPILE_WARNING     - compile-time warnings (non fatal errors)
; E_USER_ERROR          - user-generated error message
; E_USER_WARNING        - user-generated warning message
; E_USER_NOTICE         - user-generated notice message
; Examples:
; error_reporting = E_ALL & ~E_NOTICE                                           ; show 
all errors, except for notices
; error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR        ; show only errors
error_reporting =        E_ALL; display all errors, warnings and notices
display_errors  =       On      ; Print out errors (as a part of the output)
                                                ; For production web sites, you're 
strongly encouraged
                                                ; to turn this feature off, and use 
error logging instead (see below).
                                                ; Keeping display_errors enabled on a 
production web site may reveal
                                                ; security information to end users, 
such as file paths on your Web server,
                                                ; your database schema or other 
display_startup_errors = Off            ; Even when display_errors is on, errors that 
occur during
                                                                        ; PHP's 
startup sequence are not displayed.  It's strongly
                                                                        ; recommended 
to keep display_startup_errors off, except for
                                                                        ; when 
log_errors              =       Off     ; Log errors into a log file (server-specific 
log, stderr, or error_log (below))
                                                ; As stated above, you're strongly 
advised to use error logging in place of
                                                ; error displaying on production web 
track_errors    =       Off     ; Store the last error/warning message in 
$php_errormsg (boolean)
;error_prepend_string = "<font color=ff0000>"   ; string to output before an error 
;error_append_string = "</font>"                ; string to output after an error 
;error_log      =       filename        ; log errors to specified file
;error_log      =       syslog          ; log errors to syslog (Event Log on NT, not 
valid in Windows 95)
warn_plus_overloading   =       Off             ; warn if the + operator is used with 

; Data Handling ;
; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
variables_order         =       "EGPCS" ; This directive describes the order in which 
PHP registers
                                                                ; GET, POST, Cookie, 
Environment and Built-in variables (G, P,
                                                                ; C, E & S 
respectively, often referred to as EGPCS or GPC).
                                                                ; Registration is done 
from left to right, newer values override
                                                                ; older values.
register_globals=On; Whether or not to register the EGPCS variables as global
                                                                ; variables.  You may 
want to turn this off if you don't want
                                                                ; to clutter your 
scripts' global scope with user data.  This makes
                                                                ; most sense when 
coupled with track_vars - in which case you can
                                                                ; access all of the 
GPC variables through the $HTTP_*_VARS[],
                                                                ; variables.
                                                                ; You should do your 
best to write your scripts so that they do
                                                                ; not require 
register_globals to be on;  Using form variables
                                                                ; as globals can 
easily lead to possible security problems, if
                                                                ; the code is not very 
well thought of.
register_argc_argv      =       On              ; This directive tells PHP whether to 
declare the argv&argc
                                                                ; variables (that 
would contain the GET information).  If you
                                                                ; don't use these 
variables, you should turn it off for
                                                                ; increased 
post_max_size           =       8M              ; Maximum size of POST data that PHP 
will accept.
gpc_order                       =       "GPC"   ; This directive is deprecated.  Use 
variables_order instead.

; Magic quotes
magic_quotes_gpc        =       On              ; magic quotes for incoming 
GET/POST/Cookie data
magic_quotes_runtime=   Off             ; magic quotes for runtime-generated data, 
e.g. data from SQL, from exec(), etc.
magic_quotes_sybase     =       Off             ; Use Sybase-style magic quotes 
(escape ' with '' instead of \')

; automatically add files before or after any PHP document
auto_prepend_file       =
auto_append_file        =

; As of 4.0b4, PHP always outputs a character encoding by default in
; the Content-type: header.  To disable sending of the charset, simply
; set it to be empty.
; PHP's built-in default is text/html
default_mimetype = "text/html"
;default_charset = "iso-8859-1"

; Paths and Directories ;
include_path    =                   ; UNIX: "/path1:/path2"  Windows: "\path1;\path2"
doc_root                =                                       ; the root of the php 
pages, used only if nonempty
user_dir                =                                       ; the directory under 
which php opens the script using /~username, used only if nonempty
extension_dir   =       ./                              ; directory in which the 
loadable extensions (modules) reside
enable_dl               = On                            ; Whether or not to enable the 
dl() function.
                                                                        ; The dl() 
function does NOT properly work in multithreaded
                                                                        ; servers, 
such as IIS or Zeus, and is automatically disabled
                                                                        ; on them.

; File Uploads ;
file_uploads    = On                            ; Whether to allow HTTP file uploads
upload_tmp_dir = C:\PHP\uploadtemp  ; temporary directory for HTTP uploaded files 
(will use system default if not specified)
upload_max_filesize = 2M                    ; Maximum allowed size for uploaded files

; Fopen wrappers ;
allow_url_fopen = On                ; Wheter to allow trating URLs like http:... or 
ftp:... like files



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

Edit this bug report at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to