diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c index 3d4c4de3265..6e8edf21c8a 100644 --- a/ext/oci8/oci8.c +++ b/ext/oci8/oci8.c @@ -1754,6 +1754,13 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled. Enable oci8.privileged_connect to be able to connect as SYSOPER or SYSDBA"); return NULL; } +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) || (PHP_MAJOR_VERSION < 5) + /* Safe mode has been removed in PHP 5.4 */ + if (PG(safe_mode)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled in Safe Mode"); + return NULL; + } +#endif } } @@ -1915,7 +1922,11 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char memcmp(tmp->hash_key, hashed_details.c, hashed_details.len) == 0 && zend_list_addref(connection->rsrc_id) == SUCCESS) { /* do nothing */ } else { +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) connection->rsrc_id = zend_list_insert(connection, le_pconnection TSRMLS_CC); +#else + connection->rsrc_id = zend_list_insert(connection, le_pconnection); +#endif /* Persistent connections: For old close semantics we artificially * bump up the refcount to prevent the non-persistent destructor * from getting called until request shutdown. The refcount is @@ -2059,7 +2070,11 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char new_le.ptr = connection; new_le.type = le_pconnection; connection->used_this_request = 1; +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) connection->rsrc_id = zend_list_insert(connection, le_pconnection TSRMLS_CC); +#else + connection->rsrc_id = zend_list_insert(connection, le_pconnection); +#endif /* Persistent connections: For old close semantics we artificially bump up the refcount to * prevent the non-persistent destructor from getting called until request shutdown. The @@ -2072,13 +2087,21 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char OCI_G(num_persistent)++; OCI_G(num_links)++; } else if (!exclusive) { +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) connection->rsrc_id = zend_list_insert(connection, le_connection TSRMLS_CC); +#else + connection->rsrc_id = zend_list_insert(connection, le_connection); +#endif new_le.ptr = (void *)connection->rsrc_id; new_le.type = le_index_ptr; zend_hash_update(&EG(regular_list), connection->hash_key, strlen(connection->hash_key)+1, (void *)&new_le, sizeof(zend_rsrc_list_entry), NULL); OCI_G(num_links)++; } else { +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) connection->rsrc_id = zend_list_insert(connection, le_connection TSRMLS_CC); +#else + connection->rsrc_id = zend_list_insert(connection, le_connection); +#endif OCI_G(num_links)++; } @@ -2771,7 +2794,11 @@ static php_oci_spool *php_oci_get_spool(char *username, int username_len, char * } spool_le.ptr = session_pool; spool_le.type = le_psessionpool; +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) zend_list_insert(session_pool, le_psessionpool TSRMLS_CC); +#else + zend_list_insert(session_pool, le_psessionpool); +#endif zend_hash_update(&EG(persistent_list), session_pool->spool_hash_key, strlen(session_pool->spool_hash_key)+1,(void *)&spool_le, sizeof(zend_rsrc_list_entry),NULL); } else if (spool_out_le->type == le_psessionpool && strlen(((php_oci_spool *)(spool_out_le->ptr))->spool_hash_key) == spool_hashed_details.len && diff --git a/ext/oci8/oci8_interface.c b/ext/oci8/oci8_interface.c index b1d454e6122..954604bf2b2 100644 --- a/ext/oci8/oci8_interface.c +++ b/ext/oci8/oci8_interface.c @@ -233,21 +233,37 @@ PHP_FUNCTION(oci_lob_import) int filename_len; if (getThis()) { +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &filename, &filename_len) == FAILURE) { +#else + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) { +#endif return; } } else { +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Op", &z_descriptor, oci_lob_class_entry_ptr, &filename, &filename_len) == FAILURE) { +#else + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Os", &z_descriptor, oci_lob_class_entry_ptr, &filename, &filename_len) == FAILURE) { +#endif return; } } +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) || (PHP_MAJOR_VERSION < 5) + /* The "p" parsing parameter handles this case in PHP 5.4+ */ + if (strlen(filename) != filename_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes"); + RETURN_FALSE; + } +#endif + if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property"); RETURN_FALSE; } - + PHP_OCI_ZVAL_TO_DESCRIPTOR(*tmp, descriptor); if (php_oci_lob_import(descriptor, filename TSRMLS_CC)) { @@ -636,12 +652,12 @@ PHP_FUNCTION(oci_lob_erase) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|ll", &offset, &length) == FAILURE) { return; } - + if (ZEND_NUM_ARGS() > 0 && offset < 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset must be greater than or equal to 0"); RETURN_FALSE; } - + if (ZEND_NUM_ARGS() > 1 && length < 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length must be greater than or equal to 0"); RETURN_FALSE; @@ -651,7 +667,7 @@ PHP_FUNCTION(oci_lob_erase) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "O|ll", &z_descriptor, oci_lob_class_entry_ptr, &offset, &length) == FAILURE) { return; } - + if (ZEND_NUM_ARGS() > 1 && offset < 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset must be greater than or equal to 0"); RETURN_FALSE; @@ -662,14 +678,14 @@ PHP_FUNCTION(oci_lob_erase) RETURN_FALSE; } } - + if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property"); RETURN_FALSE; } PHP_OCI_ZVAL_TO_DESCRIPTOR(*tmp, descriptor); - + if (php_oci_lob_erase(descriptor, offset, length, &bytes_erased TSRMLS_CC)) { RETURN_FALSE; } @@ -867,7 +883,11 @@ PHP_FUNCTION(oci_lob_export) ub4 lob_length; if (getThis()) { +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|ll", &filename, &filename_len, &start, &length) == FAILURE) { +#else + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ll", &filename, &filename_len, &start, &length) == FAILURE) { +#endif return; } @@ -881,7 +901,11 @@ PHP_FUNCTION(oci_lob_export) } } else { +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Op|ll", &z_descriptor, oci_lob_class_entry_ptr, &filename, &filename_len, &start, &length) == FAILURE) { +#else + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Os|ll", &z_descriptor, oci_lob_class_entry_ptr, &filename, &filename_len, &start, &length) == FAILURE) { +#endif return; } @@ -895,6 +919,14 @@ PHP_FUNCTION(oci_lob_export) } } +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) || (PHP_MAJOR_VERSION < 5) + /* The "p" parsing parameter handles this case in PHP 5.4+ */ + if (strlen(filename) != filename_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes"); + RETURN_FALSE; + } +#endif + if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property"); RETURN_FALSE; @@ -919,11 +951,22 @@ PHP_FUNCTION(oci_lob_export) RETURN_FALSE; } +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) || (PHP_MAJOR_VERSION < 5) + /* Safe mode has been removed in PHP 5.4 */ + if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } +#endif + if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) stream = php_stream_open_wrapper_ex(filename, "w", REPORT_ERRORS, NULL, NULL); +#else + stream = php_stream_open_wrapper_ex(filename, "w", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL); +#endif block_length = PHP_OCI_LOB_BUFFER_SIZE; if (block_length > length) { @@ -1867,6 +1910,14 @@ PHP_FUNCTION(oci_password_change) int user_len, pass_old_len, pass_new_len, dbname_len; php_oci_connection *connection; +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) || (PHP_MAJOR_VERSION < 5) + /* Safe mode has been removed in PHP 5.4 */ + if (PG(safe_mode)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "is disabled in Safe Mode"); + RETURN_FALSE; + } +#endif + if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &z_connection, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) { PHP_OCI_ZVAL_TO_CONNECTION(z_connection, connection); diff --git a/ext/oci8/oci8_lob.c b/ext/oci8/oci8_lob.c index 795f7afbe62..0169583347d 100644 --- a/ext/oci8/oci8_lob.c +++ b/ext/oci8/oci8_lob.c @@ -724,7 +724,12 @@ int php_oci_lob_import (php_oci_descriptor *descriptor, char *filename TSRMLS_DC char buf[8192]; ub4 offset = 1; +#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 3) || (PHP_MAJOR_VERSION > 5) + /* Safe mode has been removed in PHP 5.4 */ if (php_check_open_basedir(filename TSRMLS_CC)) { +#else + if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { +#endif return 1; } diff --git a/ext/oci8/php_oci8.h b/ext/oci8/php_oci8.h index 068fad3c926..bcb12a7bd86 100644 --- a/ext/oci8/php_oci8.h +++ b/ext/oci8/php_oci8.h @@ -46,7 +46,7 @@ */ #undef PHP_OCI8_VERSION #endif -#define PHP_OCI8_VERSION "1.4.5" +#define PHP_OCI8_VERSION "1.4.6-dev" extern zend_module_entry oci8_module_entry; #define phpext_oci8_ptr &oci8_module_entry