Bug #16588
closed
Inconsistent return values of ini_get() produce false positives for safe_mode detection
0%
Description
Typo3's install tool told me that safe_mode is on, while I was sure that it was off (also verified using phpinfo().
I pinned down the problem - it has to do with doing PHP settings using php_admin_value / php_admin_flag apache configuration directives.
Testcase:
echo "safe_mode status: " . ini_get('safe_mode');
if (ini_get('safe_mode')) { echo " ACTIVE"; }
?>
The result depends on the apache configuration you use to switch off safe_mode
Result with php_admin_flag safe_mode off (or without overriding php.ini settings at all)
safe_mode status: 0 <-- expected
Result with php_admin_value safe_mode off
safe_mode status: off ACTIVE <--- NOT expected
The safe_mode check should check for "on" and true.
- Add php_admin_value safe_mode off to your apache configuration, reload apache
- check safe_mode status in the install tool
(tested using PHP 5.1.2 on SUSE Linux 10.1)
(issue imported from #M4272)
Files
Updated by Chris topher almost 14 years ago
Quoting the PHP manual for ini_get
(See http://php.net/manual/en/function.ini-get.php )
Return Values
Returns the value of the configuration option as a string on success, or an empty string on failure or for null values.
Note: When querying boolean values
A boolean ini value of off will be returned as an empty string or "0" while a boolean ini value of on will be returned as "1". The function can also return the literal string of INI value.
(The last sentence was added as a result of http://bugs.php.net/33443 )
So this problem is still there.
Someone to write a patch?
Updated by Christian Kuhn almost 14 years ago
Attached a patch with a more sophisticated safe_mode detection. Please test.
Updated by Chris topher almost 14 years ago
Hi Christian,
looks good and should fix the problem (on reading).
Some notes:
line 58 of your patch won't work: typo getIniValueBoolea_d_
line 64: Broken comment "Accordi"; @return is missing there
line 193: Why do you set the displayed value to "On"? What does that improve? Nitpicking: Missing space in front of "=". ;-)
line 206: Same as above. Advantage of not showing the real value? Use same syntax as in line 193: Either equals or colon.
Updated by Chris topher almost 14 years ago
Hi Christian,
don't forget (since you already fixed this)...
:-)
Updated by Christian Kuhn almost 14 years ago
Yes, it's on my list of "finalize and make pending" ;)
Updated by Peter Beernink over 13 years ago
Created a new version of the patch based on the current trunk (r8941).
Updated by Peter Beernink over 13 years ago
New version of the patch has been added in accordance with a comment made by Marcus Krause in the core list.
Updated by Helmut Hummel over 13 years ago
Isn't
php_admin_value safe_mode off
just a misconfiguration?
Updated by Peter Beernink over 13 years ago
Yes it is, but as this is reported by several persons, we should not ignore it as a PHP configuration error and don't act to it.
Updated by