From: Rasmus Lerdorf Date: Wed, 28 Jan 2004 17:42:20 +0000 (+0000) Subject: If we have a text/html file with the executable bit set, we load up the X-Git-Tag: php-4.3.5RC2~16 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e596539840ecb51a76083d533945da62d7dd62d1;p=php If we have a text/html file with the executable bit set, we load up the current ini, but if php's xbithack option is not set we forgot to restore the previous ini settings potentially leaking ini settings from one request to the next. Closes bug #25753 and a few others. --- diff --git a/sapi/apache/mod_php4.c b/sapi/apache/mod_php4.c index 8c6a4e2b0f..ac313c75d5 100644 --- a/sapi/apache/mod_php4.c +++ b/sapi/apache/mod_php4.c @@ -830,6 +830,9 @@ static int php_xbithack_handler(request_rec * r) } if(!AP(xbithack)) { r->allowed |= (1 << METHODS) - 1; + zend_try { + zend_ini_deactivate(TSRMLS_C); + } zend_end_try(); return DECLINED; } return send_parsed_php(r);