ZF-11922: Call ini_set only if necessary

Issue Type:
Improvement
Created:
2011-12-02T14:36:35.000+0000
Last Updated:
2011-12-02T14:47:22.000+0000
Status:
Open
Fix version(s):
    Reporter:
    Thorsten D. (schnoop)
    Assignee:
    Matthew Weier O'Phinney (matthew)
    Tags:
    • Zend_Application
    • Zend_Feed
    • Zend_Gdata
    • Zend_Pdf
    • Zend_Search_Lucene
    • Zend_Soap_Server
    Related issues:
    Attachments:

    Description

    We use the suhosin patch to harden our servers against attacks, and ini_set ist one of our blacklisted methods.

    The Zend Framework is using ini_set in several components, without to check if ini_set is really necessary.

    It would be nice to have a check if a var already has the value that will be set:

    
$trackErrors = ini_get('track_errors');
ini_set('track_errors', '1');

$this->_fileHandle = @fopen($filename, $mode);

if ($this->_fileHandle === false) {
    ini_set('track_errors', $trackErrors);
    require_once 'Zend/Search/Lucene/Exception.php';
    throw new Zend_Search_Lucene_Exception($php_errormsg);
}

ini_set('track_errors', $trackErrors);

    use the following:

    
if ( ( $trackErrors = ini_get('track_errors') ) != 1 ) {
    ini_set('track_errors', '1');
}
$this->_fileHandle = @fopen($filename, $mode);

if ($this->_fileHandle === false) {
    ini_set('track_errors', $trackErrors);
    require_once 'Zend/Search/Lucene/Exception.php';
    throw new Zend_Search_Lucene_Exception($php_errormsg);
}
if ( $trackErrors == 0 ) {
    ini_set('track_errors', $trackErrors);
}

    We have the possibility to set track_errors to 1 in our apache.conf, and suhosin will never kill our application due to usage of ini_set.

    Comments

    Posted by Frank Brückner (frosch) on 2011-12-02T14:47:22.000+0000

    Code tags added.