ZF-11922: Call ini_set only if necessary

Description

We use the suhosin patch to harden our servers against attacks, and ini_set ist one of our blacklisted methods.

The Zend Framework is using ini_set in several components, without to check if ini_set is really necessary.

It would be nice to have a check if a var already has the value that will be set:


$trackErrors = ini_get('track_errors');
ini_set('track_errors', '1');

$this->_fileHandle = @fopen($filename, $mode);

if ($this->_fileHandle === false) {
    ini_set('track_errors', $trackErrors);
    require_once 'Zend/Search/Lucene/Exception.php';
    throw new Zend_Search_Lucene_Exception($php_errormsg);
}

ini_set('track_errors', $trackErrors);

use the following:


if ( ( $trackErrors = ini_get('track_errors') ) != 1 ) {
    ini_set('track_errors', '1');
}
$this->_fileHandle = @fopen($filename, $mode);

if ($this->_fileHandle === false) {
    ini_set('track_errors', $trackErrors);
    require_once 'Zend/Search/Lucene/Exception.php';
    throw new Zend_Search_Lucene_Exception($php_errormsg);
}
if ( $trackErrors == 0 ) {
    ini_set('track_errors', $trackErrors);
}

We have the possibility to set track_errors to 1 in our apache.conf, and suhosin will never kill our application due to usage of ini_set.

Comments

Code tags added.