clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

MFH: Backported allow_url_include from HEAD. This directive allows

Browse Source 
separate control of URL handling in includes/requires allowing sites to
enable allow_url_fopen without enabling remote includes.
This commit is contained in:
Rasmus Lerdorf 2006-06-16 14:09:01 +00:00
parent 6320ee11cf
commit 6bfeea9eb9
5 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -43,6 +43,7 @@ PHP NEWS
. Added readInnerXML(), readOuterXML(), readString(), setSchema(). (2.6.20+)
. Changed to passing libxml options when loading reader.
- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus)
- Added automatic module globals management. (Dmitry)
- Added RFC2397 (data: stream) support. (Marcus)
- Added new error mode E_RECOVERABLE_ERROR. (Derick, Marcus, Tony)

1
main/main.c
View File

@ -322,6 +322,7 @@ PHP_INI_BEGIN()
PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)
STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("realpath_cache_size", "16K", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals)
STD_PHP_INI_ENTRY("realpath_cache_ttl", "120", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_ttl, virtual_cwd_globals, cwd_globals)

1
main/php_globals.h
View File

@ -150,6 +150,7 @@ struct _php_core_globals {
char *disable_functions;
char *disable_classes;
zend_bool allow_url_include;
};

2
main/streams/streams.c
View File

@ -1605,7 +1605,7 @@ PHPAPI php_stream_wrapper *php_stream_locate_url_wrapper(const char *path, char
return &php_plain_files_wrapper;
}
if (wrapperpp && (*wrapperpp)->is_url && !PG(allow_url_fopen)) {
if ((wrapperpp && (*wrapperpp)->is_url) && (!PG(allow_url_fopen) || ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include))) ) {
if (options & REPORT_ERRORS) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration");
}

3
php.ini-dist
View File

@ -531,6 +531,9 @@ upload_max_filesize = 2M
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
allow_url_fopen = On
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
allow_url_include = Off
; Define the anonymous ftp password (your email address)
;from="john@doe.com"