Do You PHP はてブロ

Do You PHPはてなからはてブロに移動しました

PHP 5.1.6 / 4.4.4 Critical php_admin* Bypass by ini_restore()

php_admin_value and php_admin_flag Bypass
When using PHP as an Apache module, you can also change the configuration settings using directives in Apache configuration files (e.g. httpd.conf). This options are using by a lot of ISP to set open_basedir, safe_mode and more options.
If you have safe_mode or open_basedir (etc) set in Local Value for selected users and in Master Value is default value, you can restore Master Value to Local Value per ini_restore() function!

ini_restore関数を使うと、PHPオプションのlocal valuehttpd.confや.htaccessで設定した値)がmaster valuephp.iniの値)で上書きされてしまう、ということらしいです。