mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-15 16:38:54 +00:00
ca35bb0ee6
We add a warning to all parameters which may be affected, and also document the new ini option which prevents RCE. We intentionally keep the wording backwards (“unless … is disabled”) to also cater to older PHP version which do not implement the ini option. Cf. <https://bugs.php.net/bug.php?id=77153>. git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@346027 c90b9560-bf6c-de11-be94-00142212c4b1
85 lines
2.1 KiB
XML
85 lines
2.1 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!-- $Revision$ -->
|
|
|
|
<section xml:id="imap.configuration" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
|
|
&reftitle.runtime;
|
|
&extension.runtime;
|
|
|
|
<para>
|
|
<table>
|
|
<title>IMAP &ConfigureOptions;</title>
|
|
<tgroup cols="4">
|
|
<thead>
|
|
<row>
|
|
<entry>&Name;</entry>
|
|
<entry>&Default;</entry>
|
|
<entry>&Changeable;</entry>
|
|
<entry>&Changelog;</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><link linkend="ini.imap.enable-insecure-rsh">imap.enable_insecure_rsh</link></entry>
|
|
<entry>"0"</entry>
|
|
<entry>PHP_INI_SYSTEM</entry>
|
|
<entry>Available as of PHP 7.1.25, 7.2.13 and 7.3.0. Formerly, it was implicitly enabled.</entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
|
|
&ini.php.constants;
|
|
|
|
</para>
|
|
|
|
&ini.descriptions.title;
|
|
|
|
<para>
|
|
<variablelist>
|
|
|
|
<varlistentry xml:id="ini.imap.enable-insecure-rsh">
|
|
<term>
|
|
<parameter>imap.enable_insecure_rsh</parameter>
|
|
<type>boolean</type>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Establishing a connection to a server may invoke <command>rsh</command> or
|
|
<command>ssh</command> commands, unless this &php.ini; option is disabled.
|
|
</para>
|
|
<warning>
|
|
<simpara>
|
|
Neither <acronym>PHP</acronym> nor the <acronym>IMAP</acronym> library filter
|
|
mailbox names before passing them to <command>rsh</command> or <command>ssh</command>
|
|
commands, thus passing untrusted data to this function without disabling this
|
|
&php.ini; option is <emphasis>insecure</emphasis>.
|
|
</simpara>
|
|
</warning>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
</para>
|
|
</section>
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:t
|
|
indent-tabs-mode:nil
|
|
sgml-parent-document:nil
|
|
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:nil
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
vim600: syn=xml fen fdm=syntax fdl=2 si
|
|
vim: et tw=78 syn=sgml
|
|
vi: ts=1 sw=1
|
|
-->
|
|
|