开发者

PHP Question - Safe mode error when setting timezone

开发者 https://www.devze.com 2023-01-16 03:39 出处:网络
I\'m trying to install a PHP application on my server.But I\'m getting this error: Warnin开发者_如何学Cg: putenv() [function.putenv]:

I'm trying to install a PHP application on my server. But I'm getting this error:

Warnin开发者_如何学Cg: putenv() [function.putenv]: Safe Mode warning: Cannot set environment variable 'PHP_TZ' - it's not in the allowed list in .../public/timezone.inc on line 14

I've located the offending file and section of code (below). How would I fix this code? What is PHP_TZ supposed to do? Why doesn't PHP like it? What can I do instead?

//set the timezone
if ($configdata["timezone"] != "") {
    putenv("PHP_TZ=" . stripslashes($configdata["timezone"]));
    putenv("TZ=" . stripslashes($configdata["timezone"]));

    //for >= PHP 5.1
    if(function_exists("date_default_timezone_set")) {
        date_default_timezone_set($configdata["timezone"]);
    }

I'm on PHP 5.2.10. I tried both 'Europe/Zurich', and 'UTC' for the values for $configdata["timezone"] and got the same error for both.


PHP_TZ stands for PHP Timezone.

Since the version 5.1 you need to set it through the date_default_timezone_set function or from your PHP configuration. From the documentation :

Note:

Since PHP 5.1.0 (when the date/time functions were rewritten), every call to a date/time function will generate a E_NOTICE if the timezone isn't valid, and/or a E_WARNING message if using the system settings or the TZ environment variable.

The easiest fix you could do is the following.

//set the timezone
if ($configdata["timezone"] != "") {
    //for >= PHP 5.1
    if(function_exists("date_default_timezone_set")) {
        date_default_timezone_set($configdata["timezone"]);
    // for PHP < 5.1
    } else {
        putenv("PHP_TZ=" . stripslashes($configdata["timezone"]));
        putenv("TZ=" . stripslashes($configdata["timezone"]));
    }
}


By default you SHOULD be able to set it. See bold section below. It seems your hosting provider disabled it via safe_mode_protected_env_vars.

bool putenv ( string $setting )

Adds setting to the server environment. The environment variable will only exist for the duration of the current request. At the end of the request the environment is restored to its original state.

Setting certain environment variables may be a potential security breach. The safe_mode_allowed_env_vars directive contains a comma-delimited list of prefixes. In Safe Mode, the user may only alter environment variables whose names begin with the prefixes supplied by this directive. By default, users will only be able to set environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). Note: if this directive is empty, PHP will let the user modify ANY environment variable!

The safe_mode_protected_env_vars directive contains a comma-delimited list of environment variables, that the end user won't be able to change using putenv(). These variables will be protected even if safe_mode_allowed_env_vars is set to allow to change them.

HoLyVieR's solution sounds like a good idea.

0

精彩评论

暂无评论...
验证码 换一张
取 消