clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-29 13:56:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,535 Commits 494 Branches 1,367 Tags 788 MiB
3be464e4ec
Commit Graph

831 Commits

Author SHA1 Message Date
Zeev Suraski
ec4a36ec12 complementary PHP patch 2000-09-27 19:46:47 +00:00
Daniel Beulshausen
8b23529beb let windows build with trans sid 2000-09-18 17:23:45 +00:00
Stanislav Malyshev
1fbc3945a2 Fix crash 2000-09-18 15:15:27 +00:00
Andi Gutmans
e740042363 - Fix doc_root problem. If you need to limit under which directories the 
scripts should reside use open_basedir.
 2000-09-17 05:52:26 +00:00
Andi Gutmans
0e874a094c - Use IS_ABSOLUTE_PATH() so that this will work correctly under Windows 2000-09-14 20:47:35 +00:00
Andi Gutmans
962c163cdf - Time to remove these two. 2000-09-14 20:43:13 +00:00
Andi Gutmans
f5cf7d7eb7 - Windows and UNIX compile fixes 2000-09-11 19:14:42 +00:00
Andi Gutmans
b510fcf96e - Get rid of stuff which is already done in php.h 
- More can probably be removed as the code doesn't use lots of sys calls.
 2000-09-11 19:11:03 +00:00
Andi Gutmans
824fc6a084 - Move php_open_temporary_file() out of file.c 2000-09-11 18:56:47 +00:00
Stanislav Malyshev
1ccac6ed55 Add additional parameter to parse_str for saving result (thanks to 
John Bafford <dshadow@zort.net>)
@ Added second parameter for parse_str to save result (John Bafford)
 2000-09-11 14:50:26 +00:00
Derick Rethans
eba1b6221d - Fixed missing parameter in php_atoi 2000-09-09 23:21:44 +00:00
Stig Venaas
d8a4a9b1dd Added IPv6 support to php_fopen_url_wrap_ftp (EPSV and php_hostconnect()) 2000-09-09 21:29:37 +00:00
Zeev Suraski
b7ecaacd07 More security-related (control) patches: 
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit.  Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
 2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079 Security related updates: 
- Introduce php_open_temporary_file(), in place of tempnam().  Still
  needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
  (was it ever tested?).  Files moved with move_uploaded_file() will not be unlink()'d
  again, to avoid (albeit very unlikely) race conditions.
 2000-09-09 11:41:14 +00:00
Zeev Suraski
3edf46ff73 Implement move_uploaded_file() (untested) 2000-09-08 22:31:21 +00:00
Zeev Suraski
75086e3088 - Implemented is_upload_file() 2000-09-08 21:56:47 +00:00
Zeev Suraski
91c808ecc4 Restore the headers_only test to the centralized SAPI startup. If necessary, it can 
be overriden in the activate() callback.
 2000-09-08 14:43:57 +00:00
Stanislav Malyshev
522aec4443 Never trust snprintf return value 2000-09-08 12:52:05 +00:00
Stanislav Malyshev
6426d1c9ce Fix crash on very long error messages 
Manual for snprintf says:
       If  the output was truncated, the return value is -1, oth-
       erwise it is the number of characters stored, not  includ-
       ing the terminating null.
And that's a blatant lie - in reality, libc 2.1 always returns number of
characters that _would be_ stored. I hate those libc bugs. Now we should go
and check every place we trusted snprintf return value.
 2000-09-08 12:32:29 +00:00
Stanislav Malyshev
df5e0cb0a5 Fix syslog call 2000-09-08 12:07:21 +00:00
Stig Venaas
f68fb8fad2 Better IPv6 checking 2000-09-07 17:56:12 +00:00
Andi Gutmans
204f4adca7 - Smarter detection of MAXPATHLEN 2000-09-07 15:20:29 +00:00
Zeev Suraski
677d4b9913 Send $HTTP_POST_FILES to the right place 2000-09-07 04:12:31 +00:00
Sascha Schumann
4d2515d6be 4.0.3-dev 2000-09-06 16:52:33 +00:00
Daniel Beulshausen
81daa0899e deleted unnecessary defines 
i also plan to let windows build with crypt() support
 2000-09-06 10:00:34 +00:00
Zeev Suraski
bfa301dfd0 Fix ordering 2000-09-06 04:56:22 +00:00
Zeev Suraski
12adebbc3a - Fix leak 
- Remove redundant php_ini code
 2000-09-05 21:18:00 +00:00
Zeev Suraski
4647bbb71a broken logic fixed. I'm getting old 2000-09-05 20:50:41 +00:00
Zeev Suraski
eb32144902 - Remove track_vars - it is now always on 
- Make the various $HTTP_*_VARS[] arrays be defined always,
  even if they're empty
- Fix Win32 build and warnings
 2000-09-05 19:06:29 +00:00
Stig Venaas
d57e56ab4c using emalloc and efree, instead of malloc and free 2000-09-05 17:37:44 +00:00
Stig Venaas
24633f5987 renamed hostconnect() to php_hostconnect() 2000-09-05 16:36:56 +00:00
Stig Venaas
b83427db64 using the new hostconnect() for the http wrapper 2000-09-05 15:59:08 +00:00
Stig Venaas
4a7f22123f hostconnect now supports IPv6 if getaddrinfo exists, and also tries to 
connect to all addresses of a host before giving up. It should also be
thread safe when using getaddrinfo.
 2000-09-05 13:56:11 +00:00
Zeev Suraski
efdd39207c Protect arrays as well. 2000-09-04 22:26:01 +00:00
Sterling Hughes
9f86ff884f @Add a php.ini option session.use_trans_sid to enable/disable trans-sid. (Sterling) 2000-09-04 22:21:10 +00:00
Zeev Suraski
5dca99232e Prevent exploit in [tmp_name] as well 2000-09-04 22:05:00 +00:00
Zeev Suraski
60825fab88 Fix the logic. Tested. 2000-09-04 21:23:41 +00:00
Zeev Suraski
388170ffa5 3rd time's a charm 2000-09-04 20:47:52 +00:00
Zeev Suraski
b47050630b Fix the fix 2000-09-04 20:46:10 +00:00
Zeev Suraski
ed453cc9b4 Fix the file upload security problem with no side effects (untested) 2000-09-04 19:07:50 +00:00
Sascha Schumann
96128460b7 Include "php.h", otherwise we don't have access to the PHP and autoconf 
macros.
 2000-09-04 12:58:08 +00:00
Rasmus Lerdorf
43fefff150 Quick-fix for the file upload security alert 
@Quick-fix for the file upload security alert (Rasmus)
 2000-09-04 05:09:46 +00:00
Andi Gutmans
6bfed632c7 - This shouldn't have been commited. 
There are quite a few modules which are using VIRTUAL_DIR. I don't think
  this should be happening.
 2000-09-04 04:22:47 +00:00
Andi Gutmans
341a0d465a - Found my bug and managed to move the V_* macros to TSRM 2000-09-04 04:18:04 +00:00
Andi Gutmans
e47d4fe249 - Increase buffers of output buffering to 40KB and 10KB increments which 
makes more sense when web pages are typically like 10KB-20KB.
  I think it would be best to change the reallocation algorithm at least to
  redoubling when it's full instead of incrementing and possibly use
  a data structure similar to Zend/zend_static_allocator which uses memory
  blocks and not realloc().
 2000-09-03 19:57:06 +00:00
Andi Gutmans
799a00f19a - Before removing php_virtual_cwd.[ch] #if 0 them to make sure nothing 
is broken by this.
 2000-09-03 19:44:35 +00:00
Stig Venaas
f0962c33a1 Added timeout argument, but not used yet 2000-09-03 19:12:28 +00:00
Andi Gutmans
6c6471b160 - Move to virtual cwd in TSRM 2000-09-03 18:45:02 +00:00
Zeev Suraski
2183e2b0be Make gcc happy 2000-09-03 15:58:50 +00:00
Zeev Suraski
48f13455be Fix init bug 2000-09-03 15:56:54 +00:00