Debian Bug report logs -
#459040
libapache2-mod-php5: @ fails to hide warnings/errors when error_reporting is locked in httpd.conf
Reported by: Bj�Wiberg <Bjorn.Wiberg@its.uu.se>
Date: Fri, 4 Jan 2008 10:18:02 UTC
Severity: normal
Found in version php5/5.2.0-8+etch9
Fixed in version 5.2.6.dfsg.1-1+lenny3
Done: Ondřej Surý <ondrej@sury.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#459040; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Bj�Wiberg <Bjorn.Wiberg@its.uu.se>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libapache2-mod-php5
Version: 5.2.0-8+etch9
Severity: normal
Summary: @ fails to hide warnings/errors when error_reporting is locked in httpd.conf
Sample script:
<?php
$resource = opendir($_SERVER['DOCUMENT_ROOT'] . '/no/such/dir/');
echo('<BR>');
$resource = @opendir($_SERVER['DOCUMENT_ROOT'] . '/no/such/dir/');
?>
Comments:
The @ should prevent warnings and errors to be shown on the web page.
However, when the error_reporting directive is locked with php_admin_value in httpd.conf, @ fails and warnings/errors are shown on the web page.
This was not so in the previous release of php5 in Debian.
This is probably related to the fact that PHP recently (as of 5.2.5) correctly enforces php_admin_value in httpd.conf, although this side effect may be undesirable. Backporting miss?
Please note that it *is* desirable to lock error_reporting with php_admin_value so that malicious code cannot disable error reporting *completely*.
Result with "php_admin_value error_reporting 6135" in httpd.conf:
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 4
Result with "php_value error_reporting 6135" in httpd.conf:
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2
Expected result:
Warning: opendir(/var/www/fuscus.its.uu.se/no/such/dir/): failed to open dir: No such file or directory in /var/www/fuscus.its.uu.se/admin/test.php on line 2
...for both "php_admin_value error_reporting 6135" and "php_value error_reporting 6135".
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to sv_SE.UTF-8)
Versions of packages libapache2-mod-php5 depends on:
ii apa 2.2.3-4+etch3 Traditional model for Apache HTTPD
ii apa 2.2.3-4+etch3 Next generation, scalable, extenda
ii lib 1.0.3-6 high-quality block-sorting file co
ii lib 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii lib 4.4.20-8 Berkeley v4.4 Database Libraries [
ii lib 1.4.4-7etch4 MIT Kerberos runtime libraries
ii lib 4.17-5etch3 File type determination library us
ii lib 6.7+7.4-2 Perl 5 Compatible Regular Expressi
ii lib 0.9.8c-4etch1 SSL shared libraries
ii lib 2.6.27.dfsg-1 GNOME XML library
ii mim 3.39-1 MIME files 'mime.types' & 'mailcap
ii php 5.2.0-8+etch9 Common files for packages built fr
ii ucf 2.0020 Update Configuration File: preserv
ii zli 1:1.2.3-13 compression library - runtime
libapache2-mod-php5 recommends no packages.
-- no debconf information
Message sent on
to Bj�Wiberg <Bjorn.Wiberg@its.uu.se>:
Bug#459040.
(Fri, 08 Jan 2010 16:27:21 GMT) (full text, mbox, link).
Message #8 received at 459040-submitter@bugs.debian.org (full text, mbox, reply):
Hi Bjorn,
could you please retest with current stable (lenny) and if it still
fails with unstable?
Ondrej
--
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/
Reply sent
to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility.
(Mon, 11 Jan 2010 09:15:04 GMT) (full text, mbox, link).
Notification sent
to Bj�Wiberg <Bjorn.Wiberg@its.uu.se>:
Bug acknowledged by developer.
(Mon, 11 Jan 2010 09:15:04 GMT) (full text, mbox, link).
Message #13 received at 459040-done@bugs.debian.org (full text, mbox, reply):
Version: 5.2.6.dfsg.1-1+lenny3
>> could you please retest with current stable (lenny) and if it still
>> fails with unstable?
>
> Seems to be OK in Lenny now (libapache2-mod-php5/lenny uptodate
> 5.2.6.dfsg.1-1+lenny4) so I guess this case can be closed.
Closing the bug.
--
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/
Information stored
:
Bug#459040; Package libapache2-mod-php5.
(Mon, 11 Jan 2010 09:18:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Björn Wiberg <Bjorn.Wiberg@uadm.uu.se>:
Extra info received and filed, but not forwarded.
(Mon, 11 Jan 2010 09:18:11 GMT) (full text, mbox, link).
Message #18 received at 459040-quiet@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hello Ondřej!
On Fri, 8 Jan 2010, Ondřej Surý wrote:
> could you please retest with current stable (lenny) and if it still
> fails with unstable?
Seems to be OK in Lenny now (libapache2-mod-php5/lenny uptodate
5.2.6.dfsg.1-1+lenny4) so I guess this case can be closed.
Thank you for your help!
Best regards,
Björn
Message sent on
to Bj�Wiberg <Bjorn.Wiberg@its.uu.se>:
Bug#459040.
(Mon, 11 Jan 2010 09:18:13 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 09 Feb 2010 07:31:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 03:09:07 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.