I would be very interested in knowing which options, that are accessible
with PHP_INI_ALL or PHP_INI_PERDIR, could be risky to allow on a shared
hosting server.
I would like to allow the users to ini_set(), while disabling the risky
options with php_admin_flag/value!

Stuff like 'memory_limit' and so on come to my mind!

Does anybody have more infos on this?

Regards,
Samy

On Tue, May 29, 2007 10:19 am, Samuel Vogel wrote:
> I would be very interested in knowing which options, that are
> accessible
> with PHP_INI_ALL or PHP_INI_PERDIR, could be risky to allow on a
> shared
> hosting server.

php.ini_recommended is a good starting point, I think...

> I would like to allow the users to ini_set(), while disabling the
> risky
> options with php_admin_flag/value!

I don't think php_admin_* can be over-ridden -- that's kinda the whole
point of that.

> Stuff like 'memory_limit' and so on come to my mind!

If you're going to use memory_limit on shared hosting, PLEASE make it
a reasonable value!

The default php.ini setting doesn't even run some of the larger common
packages out there.

And something like a simple photo album trying to generate thumbnails...

You may want to have a very different default php.ini for the CLI php
and give (some) users SSH access, on request, so they can do
reasonable things like make thumbnails in a background task.

> Does anybody have more infos on this?

I would guess that there are mailing lists and forums dedicated to
webhosting, and that many many many of them would have much better
info the PHP-General, since many hosts are running PHP.

You could also try contacting reputable webhosts you think "do it
right" directly and ask them what they do.

And, finally, you could work backwards by asking your potential
customers what they need.

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

Hello,

>> I would like to allow the users to ini_set(), while disabling the
>> risky
>> options with php_admin_flag/value!
>>
>
> I don't think php_admin_* can be over-ridden -- that's kinda the whole
> point of that.

The Problem is, that i can be overwritten using ini_set()...
I just found that out by testing it and now I don't even have to worry
about what options to disable, because I can't disable any of them

Any thoughts on that?

Regards,
Samy

On Wed, May 30, 2007 2:44 pm, Samuel Vogel wrote:
>>> I would like to allow the users to ini_set(), while disabling the
>>> risky
>>> options with php_admin_flag/value!
>>>
>>
>> I don't think php_admin_* can be over-ridden -- that's kinda the
>> whole
>> point of that.
>
> The Problem is, that i can be overwritten using ini_set()...
> I just found that out by testing it and now I don't even have to worry
> about what options to disable, because I can't disable any of them
>
> Any thoughts on that?

Show us your test code?

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

Hi!
> Show us your test code?
>
/etc/apache2/httpd.conf :
php_admin_value memory_limit 3145728

iniset_test.php :
<?php

$old = ini_set("memory_limit", 20971520);

echo "old: ".$old;

$new = ini_get("memory_limit");

echo "<br>new: ".$new;

?>

The result is the following:
old: 3145728
new: 20971520

On Wed, May 30, 2007 2:59 pm, Samuel Vogel wrote:
> Hi!
>> Show us your test code?
>>
> /etc/apache2/httpd.conf :
> php_admin_value memory_limit 3145728
>
> iniset_test.php :
> <?php
>
> $old = ini_set("memory_limit", 20971520);
>
> echo "old: ".$old;
>
> $new = ini_get("memory_limit");
>
> echo "<br>new: ".$new;
>
> ?>
>
> The result is the following:
> old: 3145728
> new: 20971520

And what happens if you try to allocate 3M of data?

$foo = str_repeat('.', 3145728);

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

> And what happens if you try to allocate 3M of data?
>
> $foo = str_repeat('.', 3145728);
>
Nothing. It does it without any errors. I can allocate up to 20MB (well
a little bit less of course).

Regards,
Samy

On Wed, May 30, 2007 3:34 pm, Samuel Vogel wrote:
>> And what happens if you try to allocate 3M of data?
>>
>> $foo = str_repeat('.', 3145728);
>>
> Nothing. It does it without any errors. I can allocate up to 20MB
> (well
> a little bit less of course).

Check http://bugs.php.net and see if it's a known issue or an
exception to the php_admin_* rule or...

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

There is no bug filed for this. There is only one older bug (
http://bugs.php.net/bug.php?id=38804 ) which makes me think overwriting
with ini_set() shouldn't be possible!

Richard Lynch schrieb:
> On Wed, May 30, 2007 3:34 pm, Samuel Vogel wrote:
>
>>> And what happens if you try to allocate 3M of data?
>>>
>>> $foo = str_repeat('.', 3145728);
>>>
>>>
>> Nothing. It does it without any errors. I can allocate up to 20MB
>> (well
>> a little bit less of course).
>>
>
> Check http://bugs.php.net and see if it's a known issue or an
> exception to the php_admin_* rule or...
>
>

File a bug report then, and see what happens...

But you may want to test with most recent versions if you are not
already on current PHP versions.

On Thu, May 31, 2007 2:46 pm, Samuel Vogel wrote:
> There is no bug filed for this. There is only one older bug (
> http://bugs.php.net/bug.php?id=38804 ) which makes me think
> overwriting
> with ini_set() shouldn't be possible!
>
> Richard Lynch schrieb:
>> On Wed, May 30, 2007 3:34 pm, Samuel Vogel wrote:
>>
>>>> And what happens if you try to allocate 3M of data?
>>>>
>>>> $foo = str_repeat('.', 3145728);
>>>>
>>>>
>>> Nothing. It does it without any errors. I can allocate up to 20MB
>>> (well
>>> a little bit less of course).
>>>
>>
>> Check http://bugs.php.net and see if it's a known issue or an
>> exception to the php_admin_* rule or...
>>
>>
>


--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?