子文件夹中的自定义 php.ini 文件导致 $_SESSIONS 变量出现问题
我有一个包含两个文件的子文件夹。第一个是 email.php,其中包含用户可以向我发送电子邮件的表单。它还具有类似验证码的脚本来防止垃圾邮件,并使用 $_SESSION[foo] 变量。第二个是upload.php,它允许注册用户上传文件。两个文件都运行良好。现在我需要将 upload.php 的 upload_max_filesize 从 2MB 的基础值增加。我的主机不提供对主 php.ini 的访问,但建议我在此子文件夹中创建自定义 php.ini 文件。所以我创建了:
php.ini
upload_max_filesize = 10M ;
post_max_size = 10M ;
我现在收到错误 Warning: include() [function.include]: Filename can not beempty 和 Warning: include() [function.include]: Failed当我在 email.php 上提交表单/验证码时,打开 '' 进行包含 (include_path='.:/usr/lib/php:/usr/local/lib/php') 。
$_SESSION[foo]=$_GET[bar];
else $_SESSION[foo]="foobar.php";
include($_SESSION['foo']);
我发现即使有 else,$_SESSION[foo] 也是空的。经过一番研究,我发现当我运行 phpinfo() 时,session.save_path 是无值(原来是/tmp)。所以现在
php.ini
upload_max_filesize = 10M ;
post_max_size = 10M ;
session.save_path = /home/foobar/tmp ;
但我仍然收到错误。如果我从此文件夹中删除 php.ini 文件,则 email.php 上的表单脚本工作得很好,但我又回到了 upload.php 的 upload_max_filesize = 2MB。任何帮助将不胜感激。
I have a sub-folder with two files. The first is email.php, with a form that user can send me an email. It also has a captcha-like script to prevent spam, and uses $_SESSION[foo] variables. The second is upload.php, which allows registered users to upload files. Both files worked fine. Now I need to increase the upload_max_filesize from the base 2MB for upload.php. My host does not provide access to main php.ini, but recommend that I create a custom php.ini file in this subfolder. So I created:
php.ini
upload_max_filesize = 10M ;
post_max_size = 10M ;
I now get the errors Warning: include() [function.include]: Filename cannot be empty and Warning: include() [function.include]: Failed opening '' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') when I submit the form/captcha on email.php.
$_SESSION[foo]=$_GET[bar];
else $_SESSION[foo]="foobar.php";
include($_SESSION['foo']);
I found that $_SESSION[foo] is empty even with the else. After some research I found that when I ran phpinfo() that session.save_path was no value (the original was /tmp). So now
php.ini
upload_max_filesize = 10M ;
post_max_size = 10M ;
session.save_path = /home/foobar/tmp ;
But I am still getting the error. If I remove the php.ini file from this folder, then the form script on email.php works just fine, but I am back to upload_max_filesize = 2MB for upload.php. Any help would be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是 CGI PHP 设置的问题,其中服务器
php.ini指令不会级联到自定义配置中。我在这里写了很多关于这个的文章 - http://blog.philipbrown.id.au/2009/08/php-suexec-and-custom-php-ini-files/
我对这个片段有点困惑。它不仅无效(没有
if语句,数组索引没有引用),而且非常不安全。This is an issue with CGI PHP setups where the server
php.inidirectives do not cascade into custom configurations.I've written about this extensively here - http://blog.philipbrown.id.au/2009/08/php-suexec-and-custom-php-ini-files/
I'm a bit confused by this snippet. Not only is it invalid (no
ifstatement, array indexes not quoted) but highly insecure.