Andi Gutmans
acc4a8ed6d
- Package RC2
2000-10-03 17:08:41 +00:00
Andi Gutmans
18f86e7757
- Fix V_CHDIR_FILE() to only chdir() when a directory part is specified.
...
Use this instead of broken php_dirname() in fopen-wrappers.c
2000-10-03 15:05:50 +00:00
Andi Gutmans
d37b140601
- Fix VC++ warning
2000-10-03 14:43:04 +00:00
Andi Gutmans
a37b138d7c
- Darn file is needed for Windows. Maybe it should be called
...
php_version.w32.h?
2000-10-02 15:12:47 +00:00
Andi Gutmans
79a898697d
- Any reason why php_version.h is in the CVS? I'm removing it so if I'm
...
screwing something up scream *now* :)
2000-10-02 15:04:26 +00:00
Andi Gutmans
5819b6d4a6
- Remove unneeded IS_SLASH() definition.
2000-10-01 18:13:41 +00:00
Daniel Beulshausen
01927063d5
move have_snmp to the dsp already
2000-09-30 17:40:52 +00:00
Andi Gutmans
2622eba31d
- Cleanup some output functions
2000-09-30 16:13:48 +00:00
Zeev Suraski
ec4a36ec12
complementary PHP patch
2000-09-27 19:46:47 +00:00
Daniel Beulshausen
8b23529beb
let windows build with trans sid
2000-09-18 17:23:45 +00:00
Stanislav Malyshev
1fbc3945a2
Fix crash
2000-09-18 15:15:27 +00:00
Andi Gutmans
e740042363
- Fix doc_root problem. If you need to limit under which directories the
...
scripts should reside use open_basedir.
2000-09-17 05:52:26 +00:00
Andi Gutmans
0e874a094c
- Use IS_ABSOLUTE_PATH() so that this will work correctly under Windows
2000-09-14 20:47:35 +00:00
Andi Gutmans
962c163cdf
- Time to remove these two.
2000-09-14 20:43:13 +00:00
Andi Gutmans
f5cf7d7eb7
- Windows and UNIX compile fixes
2000-09-11 19:14:42 +00:00
Andi Gutmans
b510fcf96e
- Get rid of stuff which is already done in php.h
...
- More can probably be removed as the code doesn't use lots of sys calls.
2000-09-11 19:11:03 +00:00
Andi Gutmans
824fc6a084
- Move php_open_temporary_file() out of file.c
2000-09-11 18:56:47 +00:00
Stanislav Malyshev
1ccac6ed55
Add additional parameter to parse_str for saving result (thanks to
...
John Bafford <dshadow@zort.net>)
@ Added second parameter for parse_str to save result (John Bafford)
2000-09-11 14:50:26 +00:00
Derick Rethans
eba1b6221d
- Fixed missing parameter in php_atoi
2000-09-09 23:21:44 +00:00
Stig Venaas
d8a4a9b1dd
Added IPv6 support to php_fopen_url_wrap_ftp (EPSV and php_hostconnect())
2000-09-09 21:29:37 +00:00
Zeev Suraski
b7ecaacd07
More security-related (control) patches:
...
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit. Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079
Security related updates:
...
- Introduce php_open_temporary_file(), in place of tempnam(). Still
needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
(was it ever tested?). Files moved with move_uploaded_file() will not be unlink()'d
again, to avoid (albeit very unlikely) race conditions.
2000-09-09 11:41:14 +00:00
Zeev Suraski
3edf46ff73
Implement move_uploaded_file() (untested)
2000-09-08 22:31:21 +00:00
Zeev Suraski
75086e3088
- Implemented is_upload_file()
2000-09-08 21:56:47 +00:00
Zeev Suraski
91c808ecc4
Restore the headers_only test to the centralized SAPI startup. If necessary, it can
...
be overriden in the activate() callback.
2000-09-08 14:43:57 +00:00
Stanislav Malyshev
522aec4443
Never trust snprintf return value
2000-09-08 12:52:05 +00:00
Stanislav Malyshev
6426d1c9ce
Fix crash on very long error messages
...
Manual for snprintf says:
If the output was truncated, the return value is -1, oth-
erwise it is the number of characters stored, not includ-
ing the terminating null.
And that's a blatant lie - in reality, libc 2.1 always returns number of
characters that _would be_ stored. I hate those libc bugs. Now we should go
and check every place we trusted snprintf return value.
2000-09-08 12:32:29 +00:00
Stanislav Malyshev
df5e0cb0a5
Fix syslog call
2000-09-08 12:07:21 +00:00
Stig Venaas
f68fb8fad2
Better IPv6 checking
2000-09-07 17:56:12 +00:00
Andi Gutmans
204f4adca7
- Smarter detection of MAXPATHLEN
2000-09-07 15:20:29 +00:00
Zeev Suraski
677d4b9913
Send $HTTP_POST_FILES to the right place
2000-09-07 04:12:31 +00:00
Sascha Schumann
4d2515d6be
4.0.3-dev
2000-09-06 16:52:33 +00:00
Daniel Beulshausen
81daa0899e
deleted unnecessary defines
...
i also plan to let windows build with crypt() support
2000-09-06 10:00:34 +00:00
Zeev Suraski
bfa301dfd0
Fix ordering
2000-09-06 04:56:22 +00:00
Zeev Suraski
12adebbc3a
- Fix leak
...
- Remove redundant php_ini code
2000-09-05 21:18:00 +00:00
Zeev Suraski
4647bbb71a
broken logic fixed. I'm getting old
2000-09-05 20:50:41 +00:00
Zeev Suraski
eb32144902
- Remove track_vars - it is now always on
...
- Make the various $HTTP_*_VARS[] arrays be defined always,
even if they're empty
- Fix Win32 build and warnings
2000-09-05 19:06:29 +00:00
Stig Venaas
d57e56ab4c
using emalloc and efree, instead of malloc and free
2000-09-05 17:37:44 +00:00
Stig Venaas
24633f5987
renamed hostconnect() to php_hostconnect()
2000-09-05 16:36:56 +00:00
Stig Venaas
b83427db64
using the new hostconnect() for the http wrapper
2000-09-05 15:59:08 +00:00
Stig Venaas
4a7f22123f
hostconnect now supports IPv6 if getaddrinfo exists, and also tries to
...
connect to all addresses of a host before giving up. It should also be
thread safe when using getaddrinfo.
2000-09-05 13:56:11 +00:00
Zeev Suraski
efdd39207c
Protect arrays as well.
2000-09-04 22:26:01 +00:00
Sterling Hughes
9f86ff884f
@Add a php.ini option session.use_trans_sid to enable/disable trans-sid. (Sterling)
2000-09-04 22:21:10 +00:00
Zeev Suraski
5dca99232e
Prevent exploit in [tmp_name] as well
2000-09-04 22:05:00 +00:00
Zeev Suraski
60825fab88
Fix the logic. Tested.
2000-09-04 21:23:41 +00:00
Zeev Suraski
388170ffa5
3rd time's a charm
2000-09-04 20:47:52 +00:00
Zeev Suraski
b47050630b
Fix the fix
2000-09-04 20:46:10 +00:00
Zeev Suraski
ed453cc9b4
Fix the file upload security problem with no side effects (untested)
2000-09-04 19:07:50 +00:00
Sascha Schumann
96128460b7
Include "php.h", otherwise we don't have access to the PHP and autoconf
...
macros.
2000-09-04 12:58:08 +00:00
Rasmus Lerdorf
43fefff150
Quick-fix for the file upload security alert
...
@Quick-fix for the file upload security alert (Rasmus)
2000-09-04 05:09:46 +00:00