- Added ".htaccess" style user-defined php.ini files support for
CGI/FastCGI.
- Added support for special [PATH=/opt/httpd/www.example.com/] sections
in php.ini. All directives set in these sections will not be able to be
overridden in user-defined ini-files or during runtime in the specified
path.
- Improved php.ini handling:
. Added better error reporting for syntax errors in php.ini files
. Allowed "ini-variables" to be used almost everywhere ini php.ini files
. Allowed using alphanumeric/variable indexes in "array" ini options
. Fixed get_cfg_var() to be able to return "array" ini options
- Fixed bug #27372 (parse error loading browscap.ini at apache startup)
- Fixed bug #42069 (parse_ini_file() allows using some non-alpha numeric
characters)
Local user streams must not be able to open(), URLs if allow_url_include is off
Implemented new function stream_is_local()
[
- stream_wrapper_register() extended with additional optional argument "flags"
of type long. This time only one flag is implemented
- STREAM_IS_URL, that means that userstream wrapper is remote (URL).
By default stream is local.
- stream_is_local() is a new function that accepts stream and tell if this
stream is local or remote (URL)
]
- webdav-specific stuff removed (should be handled using httpd.conf
LIMIT or equivalents)
- always_populate_raw_post_data now working on any method, not just
POST (and webdav methods with allow_webdav_methods), when
Content-Length is greater zero
- raw input data is also available using php://input stream,
this way one doesn't have to care about memory_limit
- input data is now always consumed (although maybe ignored,
this fixes we had withproblems with keep-alive connections
@ raw POST data is now available as php://input stream (hartmut)
maintain current behaviour. If this is turned on then $HTTP_RAW_POST_DATA
is always populated with a copy of the raw post data.
@ - Add config option (always_populate_raw_post_data) which when enabled
@ will always populate $HTTP_RAW_POST_DATA regardless of the post mime
@ type (Rasmus)
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ext/standard/dir.c ] changed php_checkuid() to use
CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR
- [ main/safe_mode.c ] added code for new checkuid mode
o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
- [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
of symlink before trimming filename
o New Feature: safe_mode_include_dir (php.ini directive)
- Allows bypassing UID/GID checks when including files
from the directory in safe_mode_include_dir and its
subdirectories. (safe_mode must be on, directory must
also be in include_path or full path must be used when
including)
o Fixed Feature: safe_mode_gid (php.ini directive)
- Correctly check (and report) UID/GID bits on directories
o Changed include() fall back to scripts cwd implementation
- CWD added to the (local) search path in php_fopen_with_path()
instead of seperate case. [ main/fopen_wrappers.c ]
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a gid check instead of a uid check. (James E. Flemer, Rasmus)
- comfiguration is now done by an ini parameter
instead of a compile time option
- the implementations of the three standard wrappers
now live in seperate files in ext/standard
- the compiler is happy again, no more warnings
