ID: 21218 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Bogus Bug Type: Feature/Change Request Operating System: Red Hat Linux 7.3 PHP Version: 4.3.0 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Thank you for your interest in PHP. Simply make sure that these variables are not exported when the webserver is started. Previous Comments: ------------------------------------------------------------------------ [2002-12-27 14:36:55] [EMAIL PROTECTED] Hm, I didn't even know you could do that. But I don't want to prevent accessing of environment variables, really just prevent access of some, or at the very least be able to only turn _ENV off for phpinfo(). ------------------------------------------------------------------------ [2002-12-27 14:27:51] [EMAIL PROTECTED] On a related note fwiw, even if E is removed from the variables_order directive (so that $_ENV will not exist), one can still use getenv() to access the variables. ------------------------------------------------------------------------ [2002-12-27 13:55:14] [EMAIL PROTECTED] Currently, safe_mode_protected_env_vars can be set to disallow setting of specific environment variables. I propose an option to set a list of environment variables (possibly with wildcards, such as SUDO_*) that are completely hidden from PHP pages, and do not show up in phpinfo() (Since you can disable environment variables, but to hide _ENV globals, you would have to disable variable listing completely, which is not always good enough). Showing certain environment settings are a huge security risk, such as SUDO_UID and SUDO_USER if apache was started using sudo, as well as PWD, PATH, SSH_CONNECTION, etc. Disabling phpinfo() is not always a possibility, since it gives a lot of useful information to users. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=21218&edit=1
