Bug #607
If a client changes advanced PHP settings, then the website gives a blank page
| Status: | Closed | Start date: | 06/28/2011 | |
|---|---|---|---|---|
| Priority: | Urgent | Due date: | ||
| Assignee: |  Mustafa Ramadhan |
% Done: | 100% |
|
| Category: | - | Spent time: | 1.00 hour | |
| Target version: | 6.1.7 | Estimated time: | 1.00 hour | |
| Affected version: | 6.1.6 | Operating System: | ||
| Resolution: | Resolved | Architecture: | ||
| Reproduceable: |
Description
Two of my clients reported that when they change advanced PHP settings, their websites don't open after that. They see a blank page instead. If I as admin change anything in their PHP settings, the websites are up and running again.
They also can't change memory limit, upload filesize, etc., which might not be a bug, but it used to be there.
History
Updated by Mustafa Ramadhan 11 months ago
All setting for 'Advanced PHP Config' was save in .htaccess in domain root directory in '<Ifmodule mod_php4.c></Ifmodule>' and '<Ifmodule mod_php5.c></Ifmodule>'.
Updated by Apostol Raykov 11 months ago
I use suPHP on the server and the settings in .htaccess are irrelevant. Something else is wrong.
Updated by Mustafa Ramadhan 11 months ago
Related to #435 and #590.
Updated by William Leonard 11 months ago
Can you give specific examples of the settings that break it? Also can you create a new user and replicate this issue?
Updated by William Leonard 11 months ago
- Priority changed from Normal to Urgent
- Target version set to 6.1.7
Actually I was able to see the problem as well. It looks like when the user submits it, the values aren't parsed correctly. It does set the setting the user sets, but anything else that the user was not able to set is bad. Here is a diff:
Notice all the bad settings are settings that the user is not allowed to change anymore
diff php.ini php.bad 1083c1083 < upload_max_filesize = 2M --- > upload_max_filesize = __lx__upload_max_filesize 1085c1085 < output_buffering = on --- > output_buffering = off 1088c1088 < post_max_size = 8M --- > post_max_size = __lx__post_max_size_flag 1092,1095c1092,1095 < max_execution_time = 30 < max_input_time = 60 < memory_limit = 32M < post_max_size = 8M --- > max_execution_time = __lx__max_execution_time_flag > max_input_time = __lx__max_input_time_flag > memory_limit = __lx__memory_limit_flag > post_max_size = __lx__post_max_size_flag 1104c1104 < disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source --- > disable_functions = __lx__disable_functions
Updated by Mustafa Ramadhan 11 months ago
Look inside /usr/local/lxlabs/kloxo/httpdocs/htmllib/lib/pserver/phpinilib.php
function getExtraList()
{
global $login;
$list[] = 'sendmail_from';
$list[] = 'enable_dl_flag' ;
$list[] = 'output_buffering_flag' ;
$list[] = 'register_long_arrays_flag' ;
$list[] = 'allow_url_fopen_flag';
$list[] = 'allow_url_include_flag';
$list[] = 'register_argc_argv_flag' ;
$list[] = 'magic_quotes_gpc_flag' ;
$list[] = 'mysql_allow_persistent_flag' ;
if ($login->isAdmin()) {
$list[] = 'disable_functions';
$list[] = 'max_execution_time_flag';
$list[] = 'max_input_time_flag';
$list[] = 'memory_limit_flag';
$list[] = 'post_max_size_flag';
$list[] = "upload_max_filesize";
}
$list[] = 'file_uploads_flag' ;
$list[] = 'magic_quotes_runtime_flag' ;
$list[] = 'magic_quotes_sybase_flag' ;
$list[] = 'cgi_force_redirect_flag' ;
$list[] = 'safe_mode_flag' ;
//$list[] = 'session_autostart_flag' ;
$list[] = 'session_save_path_flag' ;
return $list;
}
Parameters like 'disable_functions' only could edited by admin. No effect if edited by client.
Updated by René Nieuwburg 11 months ago
Yes, that is my mistake. I should have taken measures what to do with the unsubmitted parameters the non-admin users. The idea was a bit too simplistic. For now the work around is to change this:
if ($login->isAdmin()) {
$list[] = 'disable_functions';
$list[] = 'max_execution_time_flag';
$list[] = 'max_input_time_flag';
$list[] = 'memory_limit_flag';
$list[] = 'post_max_size_flag';
$list[] = "upload_max_filesize";
}into
$list[] = 'disable_functions';
$list[] = 'max_execution_time_flag';
$list[] = 'max_input_time_flag';
$list[] = 'memory_limit_flag';
$list[] = 'post_max_size_flag';
$list[] = "upload_max_filesize";I guess that everybody agrees that the domain account user should not be able to change the limits I excluded for them, right?
Updated by René Nieuwburg 11 months ago
Because this is pretty urgent, you can apply a patch to this file. Since attachments still don't work here for me (I am apparently the only one suffering this) you will need to use this link to get the patch straight from SVN.
Updated by René Nieuwburg 11 months ago
- % Done changed from 0 to 100
- Estimated time set to 1.00
- Resolution set to Resolved
r532 and r533
Updated by René Nieuwburg 11 months ago
- Status changed from New to Closed
Updated by Danny Terweij 9 months ago
- Status changed from Closed to Reopened
- % Done changed from 100 to 0
See r570
Updated by Mustafa Ramadhan 9 months ago
- Assignee set to Mustafa Ramadhan
- % Done changed from 0 to 100
Still the same when rollback (r570).
Updated by Danny Terweij 8 months ago
- Status changed from Reopened to Closed