Expose_PHP does not turn to boolean false

Orc · 05-27-2008, 07:01 AM

I'm just using ini_set | ini_alter, but it seems expose_php does not want to set to false, by the way, it makes a difference cause I don't like php_logo_guid being shown

delayedinsanity · 05-27-2008, 02:52 PM

Why? It's not a security risk. However to answer your question, you can't set expose_php with ini_set(). If you're ever in question you can reference "PHP: php.ini directives - Manual" to check which directives can be changed and from where . You'll need to set expose_php directly via the php.ini file.
-m

Kalle · 05-27-2008, 05:09 PM

expose_php is an php.ini only setting, meaning you may not alter it at runtime =)

Orc · 05-27-2008, 11:16 PM

That's what I thought, bah, WHY!?!?!?

delayedinsanity · 05-27-2008, 11:43 PM

Some things just need to be a pain in the ass, otherwise they wouldn't be able to provide examples to go along with the definition of dystopia.

Kalle · 05-27-2008, 11:57 PM

Most settings has a reason to its INI type (in the manual refered as the PHP_INI_* values), this can be due to design reasons or just general reasons in the language.

My best guess here would be that it wouldn't make much sense either to make it PHP_INI_PERDIR since it would just disable it for one dir and its sub directories. Where the remote user could just go to the root directory and see the expose info.

And insted of putting a htaccess in the root dir (considering it was a PHP_INI_PERDIR) it would make more sense just to change the php.ini value.

Orc · 06-01-2008, 08:15 AM

I also understand it is not a security threat, I just like to keep my sites backend language a secret. ;)