ID: 10043 Updated by: sniper Reported By: [EMAIL PROTECTED] Status: Feedback Bug Type: *Web Server problem Operating System: WinNT40 sp6 PHP Version: 4.0.4pl1 New Comment: I meant from: http://www.zend.com/snapshots/ Previous Comments: ------------------------------------------------------------------------ [2001-08-19 03:16:15] [EMAIL PROTECTED] Does this happen with latest CVS snapshot: http://snaps.php.net/ ------------------------------------------------------------------------ [2001-03-29 09:10:45] [EMAIL PROTECTED] I'm aware of the registerglobals. No, no functions in my code. It's relatively straihgtforward, actually. <? if ($submit=='') { echo <<<EOT <html><head><link rel="stylesheet" type="text/css" href="cbox-exp.css"></head> <FORM method=post action=cutsheet.php > ...snip... <BUTTON type="submit" NAME="submit" value="submit">Submit</BUTTON></FORM> </body> </html> EOT; } else { # # start! # ...snip... } ?> Here's the top snip of my php.ini: [PHP] ;;;;;;;;;;;;;;;;;;; ; About this file ; ;;;;;;;;;;;;;;;;;;; ; This file controls many aspects of PHP's behavior. In order for PHP to ; read it, it must be named 'php.ini'. PHP looks for it in the current ; working directory, in the path designated by the environment variable ; PHPRC, and in the path that was defined in compile time (in that order). ; Under Windows, the compile-time path is the Windows directory. The ; path in which the php.ini file is looked for can be overriden using ; the -c argument in command line mode. ; ; The syntax of the file is extremely simple. Whitespace and Lines ; beginning with a semicolon are silently ignored (as you probably guessed). ; Section headers (e.g. [Foo]) are also silently ignored, even though ; they might mean something in the future. ; ; Directives are specified using the following syntax: ; directive = value ; Directive names are *case sensitive* - foo=bar is different from FOO=bar. ; ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression ; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo"). ; ; Expressions in the INI file are limited to bitwise operators and parentheses: ; | bitwise OR ; & bitwise AND ; ~ bitwise NOT ; ! boolean NOT ; ; Boolean flags can be turned on using the values 1, On, True or Yes. ; They can be turned off using the values 0, Off, False or No. ; ; An empty string can be denoted by simply not writing anything after the equal ; sign, or by using the None keyword: ; ; foo = ; sets foo to an empty string ; foo = none ; sets foo to an empty string ; foo = "none" ; sets foo to the string 'none' ; ; If you use constants in your value, and these constants belong to a dynamically ; loaded extension (either a PHP extension or a Zend extension), you may only ; use these constants *after* the line that loads the extension. ; ; All the values in the php.ini-dist file correspond to the builtin ; defaults (that is, if no php.ini is used, or if you delete these lines, ; the builtin defaults will be identical). ;;;;;;;;;;;;;;;;;;;; ; Language Options ; ;;;;;;;;;;;;;;;;;;;; engine = On ; Enable the PHP scripting language engine under Apache short_open_tag = On ; allow the <? tag. otherwise, only <?php and <script> tags are recognized. asp_tags = Off ; allow ASP-style <% %> tags precision = 14 ; number of significant digits displayed in floating point numbers y2k_compliance = Off ; whether to be year 2000 compliant (will cause problems with non y2k compliant browsers) output_buffering = Off ; Output buffering allows you to send header lines (including cookies) ; even after you send body content, in the price of slowing PHP's ; output layer a bit. ; You can enable output buffering by in runtime by calling the output ; buffering functions, or enable output buffering for all files ; by setting this directive to On. output_handler = ; You can redirect all of the output of your scripts to a function, ; that can be responsible to process or log it. For example, ; if you set the output_handler to "ob_gzhandler", than output ; will be transparently compressed for browsers that support gzip or ; deflate encoding. Setting an output handler automatically turns on ; output buffering. implicit_flush = Off ; Implicit flush tells PHP to tell the output layer to flush itself ; automatically after every output block. This is equivalent to ; calling the PHP function flush() after each and every call to print() ; or echo() and each and every HTML block. ; Turning this option on has serious performance implications, and ; is generally recommended for debugging purposes only. allow_call_time_pass_reference = On ; whether to enable the ability to force arguments to be ; passed by reference at function-call time. This method ; is deprecated, and is likely to be unsupported in future ; versions of PHP/Zend. The encouraged method of specifying ; which arguments should be passed by reference is in the ; function declaration. You're encouraged to try and ; turn this option Off, and make sure your scripts work ; properly with it, to ensure they will work with future ; versions of the language (you will receive a warning ; each time you use this feature, and the argument will ; be passed by value instead of by reference). ; Safe Mode safe_mode = Off safe_mode_exec_dir = safe_mode_allowed_env_vars = PHP_ ; Setting certain environment variables ; may be a potential security breach. ; This directive contains a comma-delimited ; list of prefixes. In Safe Mode, the ; user may only alter environment ; variables whose names begin with the ; prefixes supplied here. ; By default, users will only be able ; to set environment variables that begin ; with PHP_ (e.g. PHP_FOO=BAR). ; Note: If this directive is empty, PHP ; will let the user modify ANY environment ; variable! safe_mode_protected_env_vars = LD_LIBRARY_PATH ; This directive contains a comma- ; delimited list of environment variables, ; that the end user won't be able to ; change using putenv(). ; These variables will be protected ; even if safe_mode_allowed_env_vars is ; set to allow to change them. disable_functions = ; This directive allows you to disable certain ; functions for security reasons. It receives ; a comma separated list of function names. ; This directive is *NOT* affected by whether ; Safe Mode is turned on or off. ; Colors for Syntax Highlighting mode. Anything that's acceptable in <font color=???> would work. highlight.string = #DD0000 highlight.comment = #FF8000 highlight.keyword = #007700 highlight.bg = #FFFFFF highlight.default = #0000BB highlight.html = #000000 ; Misc expose_php = On ; Decides whether PHP may expose the fact that it is installed on the ; server (e.g., by adding its signature to the Web server header). ; It is no security threat in any way, but it makes it possible ; to determine whether you use PHP on your server or not. ;;;;;;;;;;;;;;;;;;; ; Resource Limits ; ;;;;;;;;;;;;;;;;;;; max_execution_time = 30 ; Maximum execution time of each script, in seconds memory_limit = 8M ; Maximum amount of memory a script may consume (8MB) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; error_reporting is a bit-field. Or each number up to get desired error reporting level ; E_ALL - All errors and warnings ; E_ERROR - fatal run-time errors ; E_WARNING - run-time warnings (non fatal errors) ; E_PARSE - compile-time parse errors ; E_NOTICE - run-time notices (these are warnings which often result from a bug in ; your code, but it's possible that it was intentional (e.g., using an ; uninitialized variable and relying on the fact it's automatically ; initialized to an empty string) ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ; E_CORE_WARNING - warnings (non fatal errors) that occur during PHP's initial startup ; E_COMPILE_ERROR - fatal compile-time errors ; E_COMPILE_WARNING - compile-time warnings (non fatal errors) ; E_USER_ERROR - user-generated error message ; E_USER_WARNING - user-generated warning message ; E_USER_NOTICE - user-generated notice message ; Examples: ; error_reporting = E_ALL & ~E_NOTICE ; show all errors, except for notices ; error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR ; show only errors error_reporting = E_ALL; display all errors, warnings and notices display_errors = On ; Print out errors (as a part of the output) ; For production web sites, you're strongly encouraged ; to turn this feature off, and use error logging instead (see below). ; Keeping display_errors enabled on a production web site may reveal ; security information to end users, such as file paths on your Web server, ; your database schema or other information. display_startup_errors = Off ; Even when display_errors is on, errors that occur during ; PHP's startup sequence are not displayed. It's strongly ; recommended to keep display_startup_errors off, except for ; when debugging. log_errors = Off ; Log errors into a log file (server-specific log, stderr, or error_log (below)) ; As stated above, you're strongly advised to use error logging in place of ; error displaying on production web sites. track_errors = Off ; Store the last error/warning message in $php_errormsg (boolean) ;error_prepend_string = "<font color=ff0000>" ; string to output before an error message ;error_append_string = "</font>" ; string to output after an error message ;error_log = filename ; log errors to specified file ;error_log = syslog ; log errors to syslog (Event Log on NT, not valid in Windows 95) warn_plus_overloading = Off ; warn if the + operator is used with strings ;;;;;;;;;;;;;;;;; ; Data Handling ; ;;;;;;;;;;;;;;;;; ; Note - track_vars is ALWAYS enabled as of PHP 4.0.3 variables_order = "EGPCS" ; This directive describes the order in which PHP registers ; GET, POST, Cookie, Environment and Built-in variables (G, P, ; C, E & S respectively, often referred to as EGPCS or GPC). ; Registration is done from left to right, newer values override ; older values. register_globals=On; Whether or not to register the EGPCS variables as global ; variables. You may want to turn this off if you don't want ; to clutter your scripts' global scope with user data. This makes ; most sense when coupled with track_vars - in which case you can ; access all of the GPC variables through the $HTTP_*_VARS[], ; variables. ; You should do your best to write your scripts so that they do ; not require register_globals to be on; Using form variables ; as globals can easily lead to possible security problems, if ; the code is not very well thought of. register_argc_argv = On ; This directive tells PHP whether to declare the argv&argc ; variables (that would contain the GET information). If you ; don't use these variables, you should turn it off for ; increased performance post_max_size = 8M ; Maximum size of POST data that PHP will accept. gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead. ; Magic quotes magic_quotes_gpc = On ; magic quotes for incoming GET/POST/Cookie data magic_quotes_runtime= Off ; magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_sybase = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \') ; automatically add files before or after any PHP document auto_prepend_file = auto_append_file = ; As of 4.0b4, PHP always outputs a character encoding by default in ; the Content-type: header. To disable sending of the charset, simply ; set it to be empty. ; PHP's built-in default is text/html default_mimetype = "text/html" ;default_charset = "iso-8859-1" ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; include_path = ; UNIX: "/path1:/path2" Windows: "\path1;\path2" doc_root = ; the root of the php pages, used only if nonempty user_dir = ; the directory under which php opens the script using /~username, used only if nonempty extension_dir = ./ ; directory in which the loadable extensions (modules) reside enable_dl = On ; Whether or not to enable the dl() function. ; The dl() function does NOT properly work in multithreaded ; servers, such as IIS or Zeus, and is automatically disabled ; on them. ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; file_uploads = On ; Whether to allow HTTP file uploads upload_tmp_dir = C:\PHP\uploadtemp ; temporary directory for HTTP uploaded files (will use system default if not specified) upload_max_filesize = 2M ; Maximum allowed size for uploaded files ;;;;;;;;;;;;;;;;;; ; Fopen wrappers ; ;;;;;;;;;;;;;;;;;; allow_url_fopen = On ; Wheter to allow trating URLs like http:... or ftp:... like files ...snip... ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/?id=10043 Edit this bug report at http://bugs.php.net/?id=10043&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
