Added the xsl.security_prefs option to 5_4 and trunk and

mark it as deprecated for BC-reasons Added tests for ini option and combination of both
2024-09-22 10:27:25 +00:00 · 2011-10-10 07:59:19 +00:00 · 2011-10-10 07:59:19 +00:00 · 777a29fce2
commit 777a29fce2
parent 92039e00b0
5 changed files with 22 additions and 10 deletions
--- a/9
+++ b/9
@ -153,6 +153,15 @@ UPGRADE NOTES - PHP 5.3

 - SplObjectStorage now has ArrayAccess support. It is also now possible to
  store associative information with objects in SplObjectStorage.
+  
+=====================
+4.1 New in PHP 5.3.9
+=====================
+
+- Write operations within XSLT (for example with the extension sax:output) are
+  disabled by default. You can define what is forbidden with the INI option
+  xsl.security_prefs. This option will be marked as deprecated in 5.4 again. 
+  Use the method XsltProcess::setSecurityPrefs($options) there.

 =============
 5. Deprecated
--- a/ext/xsl/php_xsl.c
+++ b/ext/xsl/php_xsl.c
@ -180,6 +180,7 @@ PHP_MINIT_FUNCTION(xsl)
 	REGISTER_LONG_CONSTANT("XSL_SECPREF_CREATE_DIRECTORY", XSL_SECPREF_CREATE_DIRECTORY, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_NETWORK",     XSL_SECPREF_READ_NETWORK,     CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_NETWORK",    XSL_SECPREF_WRITE_NETWORK,    CONST_CS | CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("XSL_SECPREF_DEFAULT",          XSL_SECPREF_DEFAULT,          CONST_CS | CONST_PERSISTENT);

 	REGISTER_LONG_CONSTANT("LIBXSLT_VERSION",           LIBXSLT_VERSION,            CONST_CS | CONST_PERSISTENT);
 	REGISTER_STRING_CONSTANT("LIBXSLT_DOTTED_VERSION",  LIBXSLT_DOTTED_VERSION,     CONST_CS | CONST_PERSISTENT);
--- a/ext/xsl/php_xsl.h
+++ b/ext/xsl/php_xsl.h
@ -50,6 +50,8 @@ extern zend_module_entry xsl_module_entry;
 #define XSL_SECPREF_CREATE_DIRECTORY 8
 #define XSL_SECPREF_READ_NETWORK 16
 #define XSL_SECPREF_WRITE_NETWORK 32
+/* Default == disable all write access ==  XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_FILE */
+#define XSL_SECPREF_DEFAULT 44

 typedef struct _xsl_object {
 	zend_object  std;
--- a/ext/xsl/tests/bug54446_with_ini.phpt
+++ b/ext/xsl/tests/bug54446_with_ini.phpt
@ -1,5 +1,5 @@
 --TEST--
-Bug #54446 (Arbitrary file creation via libxslt 'output' extension)
+Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
 --SKIPIF--
 <?php
 if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
--- a/ext/xsl/xsltprocessor.c
+++ b/ext/xsl/xsltprocessor.c
@ -476,7 +476,7 @@ static xmlDocPtr php_xsl_apply_stylesheet(zval *id, xsl_object *intern, xsltStyl
 	zend_object_handlers *std_hnd;
 	FILE *f;
 	int secPrefsError = 0;
-	int secPrefsIni;
+	int secPrefsValue;
 	xsltSecurityPrefsPtr secPrefs = NULL;

 	node = php_libxml_import_node(docp TSRMLS_CC);
@ -535,32 +535,32 @@ static xmlDocPtr php_xsl_apply_stylesheet(zval *id, xsl_object *intern, xsltStyl
 	efree(member);

 	
-	secPrefsIni = INI_INT("xsl.security_prefs");
+	secPrefsValue = INI_INT("xsl.security_prefs");
 	
-	//if securityPrefs is set to NONE, we don't have to do any checks, but otherwise...
-	if (secPrefsIni != XSL_SECPREF_NONE) {
+	/* if securityPrefs is set to NONE, we don't have to do any checks, but otherwise... */
+	if (secPrefsValue != XSL_SECPREF_NONE) {
 		secPrefs = xsltNewSecurityPrefs(); 
-		if (secPrefsIni & XSL_SECPREF_READ_FILE ) { 
+		if (secPrefsValue & XSL_SECPREF_READ_FILE ) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
 		}
-		if (secPrefsIni & XSL_SECPREF_WRITE_FILE ) { 
+		if (secPrefsValue & XSL_SECPREF_WRITE_FILE ) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
 		}
-		if (secPrefsIni & XSL_SECPREF_CREATE_DIRECTORY ) { 
+		if (secPrefsValue & XSL_SECPREF_CREATE_DIRECTORY ) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
 		}
-		if (secPrefsIni & XSL_SECPREF_READ_NETWORK) { 
+		if (secPrefsValue & XSL_SECPREF_READ_NETWORK) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
 		}
-		if (secPrefsIni & XSL_SECPREF_WRITE_NETWORK) { 
+		if (secPrefsValue & XSL_SECPREF_WRITE_NETWORK) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}