#1  
Old 21st October 2010, 18:59
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 14 Times in 8 Posts
Default Aditional php.ini

Hi, i think i found a bug or a miss beavior.

Why the change to php.ini as to be inside cp ?
And not like other panels that just place multiple php.ini, inside user dir.

And if is possible to parce multiple php.ini extension dir.
Now is working but if i load a dl('something.so') the other extensions fail (mysqli for example) to load (because they are in default php extension folder ).

The php.ini inside user folder is very easy to implement, the extension i dont know but is a strange beavior, the second php.ini shoud run when the fist php.ini are allready loaded (if can be done).

The other part is php ini_set('something',1) is not working too.Last ispconfig version and fast-gci.

Thanks.
Reply With Quote
Sponsored Links
  #2  
Old 21st October 2010, 19:33
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Not sure what you did, the function works perfectly on my server.

Quote:
The php.ini inside user folder is very easy to implement, the extension i dont know but is a strange beavior, the second php.ini shoud run when the fist php.ini are allready loaded (if can be done).
The php.ini inside the user folder is very easy to be exploited and can be easily used to take over your server.

ISPConfig uses a optional php.ini file for every website which is in a separate and safe folder. You can set the any kind of php.ini variables directly in the php.ini field on the options tab of the website.

Quote:
The other part is php ini_set('something',1) is not working too.Last ispconfig version and fast-gci.
If this is allowed or not depends if you allow the ini_set in your php.ini or not.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 21st October 2010, 23:08
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 14 Times in 8 Posts
Thumbs up

Quote:
Originally Posted by till View Post
Not sure what you did, the function works perfectly on my server.



The php.ini inside the user folder is very easy to be exploited and can be easily used to take over your server.
Ok

ISPConfig uses a optional php.ini file for every website which is in a separate and safe folder. You can set the any kind of php.ini variables directly in the php.ini field on the options tab of the website.
ok


If this is allowed or not depends if you allow the ini_set in your php.ini or not.
IN SITES->PHP.ini try load a php extension that is on your site folder (the simple hello php extension).
This will change the default extension folder and all other php extensions will not load.

I want to load normal default server extensions;
...\php5\default_dir\mysqli.so -> Normal Beavior

And some adicional extensions to load at runtime:

like : \clients\....\web\ioncube.so

Now i(a site owner) can only load, mysqli.so OR ioncube.so

Do you know any workout for that ? Did i make my question clear ?

Ok, Thanks.
Reply With Quote
  #4  
Old 22nd October 2010, 00:09
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

From the security standpoint you should not allow your site owners to load any binary extensions that you have not approved and uploaded to the global extension directory. If you want to offer your customers ioncube and zend decoders, then you should put them into the global extension directory.

Regarding the dl() function, as far as I know you have to specify the complete path to the extension if it is not in the global extension directory. E.g. if you allow dl() function calls for your customers and the extension is in website root directory of web3, then try something like dl('/var/www/clients/client1/web3/abcd.so')

You should see the php documentation for details, it is described there where dl searches for extensions:

http://de3.php.net/manual/en/function.dl.php
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Site Directives and Custom php.ini GoremanX Installation/Configuration 14 1st May 2010 19:31
Where do I find php.ini? alkosmurf General 3 20th January 2010 01:17
ISPConfig php.ini ? Code5 Installation/Configuration 1 22nd July 2008 09:44
need to change toggle settings of php.ini file in SSH bpstyle Installation/Configuration 4 13th February 2007 12:33
php.ini ?!! gabykh Installation/Configuration 3 28th July 2006 21:15


All times are GMT +2. The time now is 17:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.