Commit Graph

187 Commits

Author SHA1 Message Date
Rui Hirokawa
fbbeaec630 fixed: output encoding translation by mb_output_handler() in ext/mbstring was not usable when Content-Type is set by header(). 2002-07-27 13:58:16 +00:00
foobar
c7a68b78a7 - Fixed bug: #18268. If pcre is build as shared extension, we can't use
php_pcre_replace() here.
- Cleaned up a bit.
2002-07-13 00:15:22 +00:00
Sascha Schumann
fee236fb80 fix typo 2002-07-03 10:47:16 +00:00
Sascha Schumann
9c876ea01a Add sapi_header_op interface which supersedes the sapi_add_header and _ex
calls.

Revert the change to the sapi_add_header_ex interface.

Fix various bugs:

1.  header("HTTP/1.0 306 foo");
    header("Location: absolute-uri");

    did not work in combination with several SAPI modules, because
    http_status_line was never properly reset.  And thus, all SAPI
    modules which looked at http_status_line ignored the changed
    http_response_code.

2.  The CGI SAPI did not send out the HTTP status line at all, if
    http_status_line had not been set explicitly by calling
    header("HTTP/1.0 200 foo");
2002-07-03 10:42:31 +00:00
Derick Rethans
6869cb3f5a - Added a new parameter to the header() function which overrides the HTTP
response code.
@- Added a new parameter to the header() function which overrides the HTTP
@  response code. (Derick)
2002-06-21 09:31:21 +00:00
Stefan Esser
028b25362b fix: appending the default charset to text/ content types never worked
fix: removed double free
2002-06-18 15:04:58 +00:00
Stefan Esser
28ad564c29 keep fingers away from already freed memory. 2002-06-18 12:57:09 +00:00
Sander Roobol
0c1718c614 Patch by Michael Sisolak <msisolak@yahoo.com> to make header() honor the
replace parameter. Closes #16458.
2002-06-18 10:16:36 +00:00
Stefan Esser
3acaa30c1c fix for bug #14776 2002-01-14 13:36:54 +00:00
Stefan Esser
a06a627394 fixed: fix for my broken patch. 2001-12-16 23:21:52 +00:00
Stefan Esser
4d2343d7af whitespace. 2001-12-16 21:47:37 +00:00
Stefan Esser
8022bb9b40 fixed: WWW-Authenticate -> header_line got only freed when safe_mode was activ
fixed: WWW-Authenticate -> content of header_line was changed after it was freed
2001-12-16 21:40:20 +00:00
Stefan Esser
b29bcc8618 fixed: bufferoverflow in sapi_add_header_ex triggerable by header("WWW-Authenticate: Basic foobar"); 2001-12-16 14:47:18 +00:00
Sebastian Bergmann
38933514e1 Update headers. 2001-12-11 15:32:16 +00:00
foobar
18f7a8ca61 Added missing CVS Id tag. 2001-11-24 23:38:08 +00:00
Rasmus Lerdorf
db75202426 Let's suppress this warning if always_populate is enabled 2001-10-24 20:10:30 +00:00
Rasmus Lerdorf
42ec547950 Ok, now actually make it work - maybe... 2001-10-23 20:48:30 +00:00
Rasmus Lerdorf
71d341e2c0 @- $HTTP_RAW_POST_DATA was not populated on a missing content-type even when
@  always_populate_raw_post_data was on - fixed. (Rasmus)
$HTTP_RAW_POST_DATA was not populated on a missing content-type even when
always_populate_raw_post_data was on - fixed. (Rasmus)
2001-10-23 19:34:29 +00:00
Rasmus Lerdorf
8064e685be Check if PCRE support is compiled in and only use the pcre functions if
it is.  Otherwise just set the realm to the safe mode user id if it isn't.
2001-10-21 17:41:15 +00:00
Rasmus Lerdorf
02e25f0a1e # Butt-ugly looking code here, but I need regular expressions to do this.
Re-instated safe-mode realm mangling as it was in php 2 and 3 albeit
in a somewhat more robust way.
@ Re-instated safe-mode realm mangling (Rasmus)
2001-10-20 22:01:56 +00:00
Derick Rethans
78747bd2df - Don't wrap lines... this is annoying while coding. 2001-09-09 13:29:31 +00:00
foobar
8d8e26577d Cleanup. 2001-09-07 00:58:23 +00:00
foobar
e46decaa32 First step for chunkifying the HTTP uploads. 2001-09-03 02:31:56 +00:00
Daniel Beulshausen
0dab84d065 fix SAPI_POST_* exports 2001-08-15 18:01:48 +00:00
Sascha Schumann
8aef193056 more tsrm cleanup 2001-08-05 15:29:47 +00:00
Zeev Suraski
bc42c37513 More TSRMLS_FETCH work. Got it under 400 now. 2001-07-31 06:28:05 +00:00
Zeev Suraski
d76cf1da18 More TSRMLS_FETCH work 2001-07-31 04:53:54 +00:00
Zeev Suraski
d87cc976e1 Redesigned thread safety mechanism - nua nua 2001-07-28 11:36:37 +00:00
Zeev Suraski
fe6f8712a4 - Get rid of ELS_*(), and use TSRMLS_*() instead.
- Move to the new ts_allocate_id() API
This patch is *bound* to break some files, as I must have had typos somewhere.
If you use any uncommon extension, please try to build it...
2001-07-27 10:16:41 +00:00
Zeev Suraski
536a53356d Get rid of the redundant global startup code 2001-07-24 20:30:37 +00:00
Rasmus Lerdorf
9bc97ac865 Add always_populate_raw_post_data ini directive and default it to 0 to
maintain current behaviour.  If this is turned on then $HTTP_RAW_POST_DATA
is always populated with a copy of the raw post data.
@ - Add config option (always_populate_raw_post_data) which when enabled
@   will always populate $HTTP_RAW_POST_DATA regardless of the post mime
@   type (Rasmus)
2001-07-17 16:46:07 +00:00
Rasmus Lerdorf
81e2cf03ac Fix folding and clean up some extensions 2001-06-06 13:06:12 +00:00
Rasmus Lerdorf
25c3a3a39d vim-6 does folding - clean up a bunch of missing folding tags plus
some misguided RINIT and RSHUTDOWN calls in a few fringe extensions
2001-06-05 13:12:10 +00:00
Andi Gutmans
4c823e8a89 - Change macros from V_ to VCWD_ because of AIX name clash 2001-04-30 12:45:02 +00:00
Daniel Beulshausen
1b279d3477 get rid of MS's _popen/_pclose 2001-04-27 16:41:53 +00:00
foobar
e76703ae6a Fix possible crash if content-type is not set. 2001-03-18 08:00:10 +00:00
Zeev Suraski
d3572f74bb These functions are not necessary - that's what sapi_register_post_entry()
and sapi_unregister_post_entry() are for...

Also, please maintain K&R code layout, it's very messy to have different
styles intermixed in the same codebase, and especially in the same files!
2001-03-18 02:32:04 +00:00
Andi Gutmans
eb6ba01d1c - Fix copyright notices with 2001 2001-02-26 06:11:02 +00:00
Zeev Suraski
bd0ac7fe14 Many patches. I hope I remember them all:
- Make sapi_module available to external modules (PHPAPI)
- Make the php.ini path reported in phpinfo() always point to
  real full path of the php.ini file
- Optimized the ISAPI module not to read unnecessary server
  variables and read necessary variables at most once.
2001-01-02 22:49:31 +00:00
Jason Greene
d8bc7084ee Added the capability to specify a different HTTP Redirection response code
before the Location Header.

Ex. header("HTTP/1.1 307 Temporary Redirect");
    header("Location: URL");
2000-11-29 01:22:49 +00:00
Zeev Suraski
0f7f5c2c0e - Import Jade Nicoletti's transparent gzip encoding support as an output
handler.  Works quite nicely!
- Fix buglets in output buffering
- Add output_handler INI directive
2000-11-13 18:54:37 +00:00
Sascha Schumann
2b060b3bf3 Add sapi_add_header_ex, which lets you specify whether you want
to add or replace a header.
2000-10-26 18:18:21 +00:00
Frank M. Kromann
222d004714 Changing datatype to remove compiler warning 2000-10-20 19:10:27 +00:00
Hartmut Holzgraefe
545ae277bc post handler registration done right
(never use emalloc in an extension MINIT function)
2000-10-13 12:13:35 +00:00
Hartmut Holzgraefe
22e48a814a @ - POST handler for Adobe FDF format (Hartmut)
the FDF handler is now working and totaly living
in the fdf extension, no more special code in
main is needed
2000-10-11 22:44:15 +00:00
Zeev Suraski
b7ecaacd07 More security-related (control) patches:
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit.  Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079 Security related updates:
- Introduce php_open_temporary_file(), in place of tempnam().  Still
  needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
  (was it ever tested?).  Files moved with move_uploaded_file() will not be unlink()'d
  again, to avoid (albeit very unlikely) race conditions.
2000-09-09 11:41:14 +00:00
Zeev Suraski
3edf46ff73 Implement move_uploaded_file() (untested) 2000-09-08 22:31:21 +00:00
Zeev Suraski
75086e3088 - Implemented is_upload_file() 2000-09-08 21:56:47 +00:00
Zeev Suraski
91c808ecc4 Restore the headers_only test to the centralized SAPI startup. If necessary, it can
be overriden in the activate() callback.
2000-09-08 14:43:57 +00:00
Andi Gutmans
6bfed632c7 - This shouldn't have been commited.
There are quite a few modules which are using VIRTUAL_DIR. I don't think
  this should be happening.
2000-09-04 04:22:47 +00:00
Andi Gutmans
341a0d465a - Found my bug and managed to move the V_* macros to TSRM 2000-09-04 04:18:04 +00:00
Sascha Schumann
35a9a1878e Fix strlcpy use at this place. 2000-08-27 09:48:03 +00:00
Sascha Schumann
b2cecd9d8b newtype has a length of newlen+1, 'len' refers to the length of *mimetype
here.
2000-08-27 09:32:23 +00:00
Sascha Schumann
320105bcd8 Use size_t as parameter type in the getenv member of struct sapi_module 2000-08-20 14:20:21 +00:00
Zeev Suraski
f112b68668 Avoid an endless loop situation in case of an error situation while sending headers 2000-08-19 16:38:19 +00:00
Rasmus Lerdorf
ff0a08f508 Leave this initialization in 2000-08-02 22:53:55 +00:00
Rasmus Lerdorf
76a2d2538c Heads up! I have moved the headers_only and response_code checks out of
SAPI and down into the individual SAPI modules.  I have made the
appropriate changes in all the SAPI modules, but please verify these.
The reason for this change is that Apache sometimes will feed PHP
a request_method of GET but have r->header_only set to true.  This happens
in an ErrorDocument redirect.  In this same scenario we want to preserve
the status code as well instead of just overwriting it with a 200 and
losing this information.  For now the other sapi modules act exactly as
before since they probably do not make this distinction, and they may
not even have a valid response code this early in the request.
@ Fix HEAD request bug on an Apache ErrorDocument redirect and preserve
@ the status code across the redirect as well.  (Rasmus)
2000-08-02 22:48:45 +00:00
Zeev Suraski
168ccfc133 Disable the hash_apply() protection on hashes that persist across requests - it's unsafe
because we may be aborted at any point
@- Fixed a possible data corruption in case of a huge amount of aborted requests (Zeev)
2000-07-11 14:29:38 +00:00
Uwe Steinmann
68f35d5539 - fixed handling of fdf data (application/vnd.fdf) 2000-07-05 08:57:37 +00:00
Rasmus Lerdorf
2b61d55b1d This is documented to not be case sensitive and it is not case sensitive
in PHP 3, so let's not make it case sensitive.
@Make the special Header("http/...") response be case insensitive like 3.0 (Rasmus)
2000-07-01 18:06:11 +00:00
Andi Gutmans
d8a75cf7e5 - COMPILE_ERROR should only be used in Zend 2000-06-23 13:05:06 +00:00
Zeev Suraski
e043439ff6 Update the license with the new clause 6 2000-05-18 15:34:45 +00:00
Hartmut Holzgraefe
5c5ccc9844 no more broken scripts by erroneously terminating header()'s argument
with a CR-LF
2000-04-28 16:47:19 +00:00
Zeev Suraski
3220bb570e - Fix an invalid trick (it was valid when header() was using
zend_get_parameters(), but it became invalid when someone switched it
  to zend_get_parameters_ex(), and I decided to remove it anyway).
- Remove a redundant function call
2000-04-28 13:03:13 +00:00
Andi Gutmans
e40268d07c - Add missing V_STAT() 2000-04-20 16:38:08 +00:00
Andi Gutmans
de0d354736 - Create dtor function 2000-04-02 20:26:06 +00:00
Andi Gutmans
6a2da70f94 - Virtual cwd compiles now (need to uncomment #define in php.h for it to
be enbaled right now).
  It seems to work very basic stuff
2000-04-02 19:04:59 +00:00
Zeev Suraski
53586378b0 @- Fix a problem when dealing with large POST blocks in CGI mode 2000-04-01 01:11:39 +00:00
Sascha Schumann
f72bcaa648 kill warning 2000-03-30 17:55:50 +00:00
Andi Gutmans
1bcdb436c1 - Note quite sure why this wasn't done. 2000-03-16 21:23:24 +00:00
Sam Ruby
64df92e053 Fix traps due to sapi_global not being initialized when ZTS is set
Don't trap if php.ini can't be read
2000-03-05 21:37:47 +00:00
Zeev Suraski
88b31ecb28 @- The string None is now recognized as a keyword by the php.ini processor, and
@  can be used to denote an empty string (Zeev)
- Added None keyword support to the INI parser
- Removed specialized "none" code
2000-02-26 14:29:27 +00:00
Thies C. Arntzen
ae08e0500e (sapi_send_headers) fix leak 2000-02-26 14:21:10 +00:00
Zeev Suraski
a508bec819 - From CODING_STANDARDS:
[6] NEVER USE strncat().  If you're absolutely sure you know what you're doing,
      check its man page again, and only then, consider using it, and even then,
      try avoiding it.
  strncat() is your enemy!
- Fix several SAPI services, get rid of the default_content_type (it's always
  composed of the mime type and charset now).
- Win32 works again
2000-02-26 05:03:41 +00:00
Sam Ruby
937db8cc80 Build failure on Win32:
error C2198: 'sapi_apply_default_charset' : too few actual parameters
2000-02-25 23:12:51 +00:00
Stig Bakken
d23e5d837a @- Implemented default_charset and default_mimetype config directives (Stig)
Implemented default_charset and default_mimetype configuration directives.
Started implementing ticks in PHP.
2000-02-25 21:27:03 +00:00
Thies C. Arntzen
83d20ab305 fix obvious crash.
stig, in sgi-mode i still "only" get:

(haven't touched my .ini file in ages - and don't plan to)

X-Powered-By: PHP/4.0b5-dev
Content-type: iso-8859-1   <<< where is text/html?
2000-02-25 10:10:43 +00:00
Stig Bakken
ba03c9f2aa started implementing directives for default mimetype/charset 2000-02-24 22:00:47 +00:00
Zeev Suraski
9b621d1c8f Get the license right... (this won't make it to RC1 of B4) 2000-02-19 23:21:46 +00:00
Zeev Suraski
ae22fe4c52 - Update .dsp's
- Fix a possible crash bug in failed file open error message
- Fix SAPI initialization issue that could lead to a crash
2000-02-18 01:52:11 +00:00
Zeev Suraski
4549b969f9 Fix duplicate freeing 2000-02-17 20:46:13 +00:00
Zeev Suraski
a6393de6f7 Make POST handling the way it should be. RFC1867, and any future POST handlers we might
have in the future now obey to the variables_order directive, and there's a real way modular
way to handle POST content.
This is all untested, BEFORE_SAPI_POST_PATCH_17_FEB_2000 tagged before submission
@- Made multipart/form-data content obey to the variables_order directive (Zeev)
2000-02-17 20:23:59 +00:00
Zeev Suraski
a5c143f415 - Update .dsp's
- Fix auth_user issue
2000-02-16 16:46:01 +00:00
Zeev Suraski
e9dcdb8f97 @- Improved ISAPI module - it should no longer be necessary to set PHP as
@  an ISAPI filter, only as an ISAPI extension, unless you wish to perform
@  authentication using PHP.  This didn't yet get enough testing, but it
@  should work (Zeev)
- Fixed auth_user/auth_password memory leak (I didn't have time to test it under
  Apache, feedback welcome!)
2000-02-15 23:31:10 +00:00
Zeev Suraski
80bdd19e03 Fine tune Andi's patch 2000-02-11 15:59:30 +00:00
Zeev Suraski
49e98c3ddd request_info.c is dead! long live SAPI
@- Finished the server abstraction layer;  All of the PHP code is now shared
@  across different servers (Apache, CGI, IIS, etc.), except for thin
@  interface modules (Zeev)
2000-02-10 20:13:08 +00:00
Zeev Suraski
9709f7ec73 The last patch wasn't that good, fix 2000-02-10 19:29:21 +00:00
Zeev Suraski
25b5cb9599 More protection... 2000-02-10 19:28:05 +00:00
Zeev Suraski
42765d50e0 Only activate if we're inside an actual request 2000-02-10 19:22:36 +00:00
Zeev Suraski
41f6bca92f More cleanup! 2000-02-10 18:19:04 +00:00
Zeev Suraski
0fd89aa20d More cleanup - move getenv() to SAPI 2000-02-10 17:55:01 +00:00
Zeev Suraski
7d926a0e0c More cleanup... 2000-02-10 17:26:57 +00:00
Andi Gutmans
f452c7762f - Introduce PHP_WIN32 2000-02-10 17:14:05 +00:00
Zeev Suraski
073b148167 More abstraction 2000-02-10 16:44:59 +00:00
Zeev Suraski
8055da9830 Use the new state functions
@- If header information is sent after output has already been sent, the warning
@  message will now state the filename and line number at which the first output
@  was made (Zeev)
2000-02-04 14:54:30 +00:00
Zeev Suraski
972631be71 - Added flush() support to SAPI
- Got rid of the old flush() implemenetation in favour of the new one
- Added implicit_flush() support to the output buffering layer.
@- Added implicit_flush() to control whether flush() should be called
@  implicitly after any output (Zeev)
2000-01-13 17:37:25 +00:00
Sascha Schumann
304d60c8f3 Move reentrancy initialisation/destruction into SAPI.
These calls only do something, if reentrancy emulation is required.
2000-01-05 19:25:19 +00:00
Sascha Schumann
43ae2bffbb Happy Y2K patch! Happy new year (or the new millennium, depending on whether
you start counting at 0 or 1).
2000-01-01 01:32:05 +00:00
Evan Klinger
497b3fe2c5 Fix for #2994 1999-12-19 02:04:20 +00:00