Menu
▾
▴
Re: [webmin-l] phpinfo() problem
|
From: Hamid H. <ha...@mo...> - 2006-02-02 13:58:16
|
Jamie,
I beleive that in some cases this problem happened again also after
Webmin version 1.260 . before this version if you restart the apache
from the webmin the variables passed to the new httpd but in this
version this only happen if you make a new virtual host in your
virutalmin . but if you restart the httpd from the webmin itself the
variables gone ! can you please check into it to see if this problem
already exist or this is only my problem ?!
Jamie Cameron wrote:
> On 9/Jan/2006 08:34 Hamid Hashemi wrote ..
>
>> Hi ,
>>
>> I am using Webmin and Virtualmin for fedora core 4 and installed apache
>> 2.0.54 and php 5.0.4.
>> When I was surfing the hosts and tried one of the hosts info.php which
>> contains phpinfo() function to see if everythings working fine that host
>> on virtualmin or not and saw something interesting in PHP Variables
>> section of phpinfo() !!
>> I saw some $_ENV variables which contains some information about the
>> webmin and virtualmin even some passwords of virtualmin !!!!
>> here is some example about these variables :
>>
>> _ENV["DOCUMENT_REALROOT"] /usr/libexec/webmin
>> _ENV["VIRTUALSERVER_MAILBOXLIMIT"] 20
>> _ENV["VIRTUALSERVER_LOGROTATE"] 1
>> _ENV["VIRTUALSERVER_PREFIX"] xxxxxxxxx ( I changed this !)
>> _ENV["VIRTUALSERVER_IP"] xx.xx.xx.xx ( this too ! )
>> _ENV["QUOTA_SBLOCKS"] 10240
>> _ENV["HTTP_CONTENT_LENGTH"] 436
>> _ENV["VIRTUALSERVER_LIMIT_WEB"] 1
>> _ENV["QUOTA_FILESYS"] /home
>> _ENV["VIRTUALSERVER_GID"] 538
>> _ENV["MINISERV_CONFIG"] /etc/webmin/miniserv.conf
>> _ENV["VIRTUALSERVER_POSTGRES"] /no value/
>> _ENV["VIRTUALSERVER_MAIL"] 1
>> _ENV["QUOTA_HFILES"] 0
>>
>>
>> and a lot of other variables which is really secure ! I don't know from
>> where phpinfo() found these but I need to solve this problem ASAP ! Also
>> I checked the same issue on another server and the same result happened
>> ! any idea ?
>>
>
> This is a bug in Webmin - in some cases, environment variables are being passed
> through to the Apache process. It will be fixed in the next release, but in the short
> term you can resolve it by finding the clean_environment function in web-lib-funcs.pl
> and replacing it with :
>
> # clean_environment()
> # Deletes any environment variables inherited from miniserv so that they
> # won't be passed to programs started by webmin.
> sub clean_environment
> {
> local ($k, $e);
> %UNCLEAN_ENV = %ENV;
> foreach $k (keys %ENV) {
> if ($k =~ /^(HTTP|VIRTUALSERVER|QUOTA|USERADMIN)_/) {
> delete($ENV{$k});
> }
> }
> foreach $e ('WEBMIN_CONFIG', 'SERVER_NAME', 'CONTENT_TYPE', 'REQUEST_URI',
> 'PATH_INFO', 'WEBMIN_VAR', 'REQUEST_METHOD', 'GATEWAY_INTERFACE',
> 'QUERY_STRING', 'REMOTE_USER', 'SERVER_SOFTWARE', 'SERVER_PROTOCOL',
> 'REMOTE_HOST', 'SERVER_PORT', 'DOCUMENT_ROOT', 'SERVER_ROOT',
> 'MINISERV_CONFIG', 'SCRIPT_NAME', 'SERVER_ADMIN', 'CONTENT_LENGTH',
> 'HTTPS', 'FOREIGN_MODULE_NAME', 'FOREIGN_ROOT_DIRECTORY',
> 'SCRIPT_FILENAME', 'PATH_TRANSLATED', 'BASE_REMOTE_USER',
> 'DOCUMENT_REALROOT', 'MINISERV_CONFIG') {
> delete($ENV{$e});
> }
> }
>
> - Jamie
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
>
>
--
Regards
=================================================================
/ Seyyed Hamid Reza / WINDOWS FOR NOW !! /
/ Hashemi Golpayegani / Linux for future , FreeBSD for ever /
/ Morva System Co. / ------------------------------------- /
/ Network Administrator/ ha...@mo... , ICQ# : 42209876 /
================================================================
|
