From e596539840ecb51a76083d533945da62d7dd62d1 Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Wed, 28 Jan 2004 17:42:20 +0000 Subject: [PATCH] If we have a text/html file with the executable bit set, we load up the current ini, but if php's xbithack option is not set we forgot to restore the previous ini settings potentially leaking ini settings from one request to the next. Closes bug #25753 and a few others. --- sapi/apache/mod_php4.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sapi/apache/mod_php4.c b/sapi/apache/mod_php4.c index 8c6a4e2b0f..ac313c75d5 100644 --- a/sapi/apache/mod_php4.c +++ b/sapi/apache/mod_php4.c @@ -830,6 +830,9 @@ static int php_xbithack_handler(request_rec * r) } if(!AP(xbithack)) { r->allowed |= (1 << METHODS) - 1; + zend_try { + zend_ini_deactivate(TSRMLS_C); + } zend_end_try(); return DECLINED; } return send_parsed_php(r); -- 2.50.1