TalkPHP - Expose_PHP does not turn to boolean false

TalkPHP (http://www.talkphp.com/forums.php)

- General (http://www.talkphp.com/general/)

- - Expose_PHP does not turn to boolean false (http://www.talkphp.com/general/2852-expose_php-does-not-turn-boolean-false.html)

Orc	05-27-2008 07:01 AM

Expose_PHP does not turn to boolean false

I'm just using ini_set | ini_alter, but it seems expose_php does not want to set to false, by the way, it makes a difference cause I don't like php_logo_guid being shown

delayedinsanity

05-27-2008 02:52 PM

Why? It's not a security risk. However to answer your question, you can't set expose_php with ini_set(). If you're ever in question you can reference "PHP: php.ini directives - Manual" to check which directives can be changed and from where . You'll need to set expose_php directly via the php.ini file.
-m

Kalle

05-27-2008 05:09 PM

expose_php is an php.ini only setting, meaning you may not alter it at runtime =)

Orc	05-27-2008 11:16 PM

That's what I thought, bah, WHY!?!?!?

delayedinsanity

05-27-2008 11:43 PM

Some things just need to be a pain in the ass, otherwise they wouldn't be able to provide examples to go along with the definition of dystopia.

Kalle

05-27-2008 11:57 PM

Most settings has a reason to its INI type (in the manual refered as the PHP_INI_* values), this can be due to design reasons or just general reasons in the language.

My best guess here would be that it wouldn't make much sense either to make it PHP_INI_PERDIR since it would just disable it for one dir and its sub directories. Where the remote user could just go to the root directory and see the expose info.

And insted of putting a htaccess in the root dir (considering it was a PHP_INI_PERDIR) it would make more sense just to change the php.ini value.

Orc	06-01-2008 08:15 AM

I also understand it is not a security threat, I just like to keep my sites backend language a secret. ;)

All times are GMT. The time now is 05:34 AM.