clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-05 08:46:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,353 Commits 494 Branches 1,367 Tags 820 MiB
6ccbc0d37d
Commit Graph

821 Commits

Author SHA1 Message Date
Derick Rethans
eba1b6221d - Fixed missing parameter in php_atoi 2000-09-09 23:21:44 +00:00
Stig Venaas
d8a4a9b1dd Added IPv6 support to php_fopen_url_wrap_ftp (EPSV and php_hostconnect()) 2000-09-09 21:29:37 +00:00
Zeev Suraski
b7ecaacd07 More security-related (control) patches: 
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit.  Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
 2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079 Security related updates: 
- Introduce php_open_temporary_file(), in place of tempnam().  Still
  needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
  (was it ever tested?).  Files moved with move_uploaded_file() will not be unlink()'d
  again, to avoid (albeit very unlikely) race conditions.
 2000-09-09 11:41:14 +00:00
Zeev Suraski
3edf46ff73 Implement move_uploaded_file() (untested) 2000-09-08 22:31:21 +00:00
Zeev Suraski
75086e3088 - Implemented is_upload_file() 2000-09-08 21:56:47 +00:00
Zeev Suraski
91c808ecc4 Restore the headers_only test to the centralized SAPI startup. If necessary, it can 
be overriden in the activate() callback.
 2000-09-08 14:43:57 +00:00
Stanislav Malyshev
522aec4443 Never trust snprintf return value 2000-09-08 12:52:05 +00:00
Stanislav Malyshev
6426d1c9ce Fix crash on very long error messages 
Manual for snprintf says:
       If  the output was truncated, the return value is -1, oth-
       erwise it is the number of characters stored, not  includ-
       ing the terminating null.
And that's a blatant lie - in reality, libc 2.1 always returns number of
characters that _would be_ stored. I hate those libc bugs. Now we should go
and check every place we trusted snprintf return value.
 2000-09-08 12:32:29 +00:00
Stanislav Malyshev
df5e0cb0a5 Fix syslog call 2000-09-08 12:07:21 +00:00
Stig Venaas
f68fb8fad2 Better IPv6 checking 2000-09-07 17:56:12 +00:00
Andi Gutmans
204f4adca7 - Smarter detection of MAXPATHLEN 2000-09-07 15:20:29 +00:00
Zeev Suraski
677d4b9913 Send $HTTP_POST_FILES to the right place 2000-09-07 04:12:31 +00:00
Sascha Schumann
4d2515d6be 4.0.3-dev 2000-09-06 16:52:33 +00:00
Daniel Beulshausen
81daa0899e deleted unnecessary defines 
i also plan to let windows build with crypt() support
 2000-09-06 10:00:34 +00:00
Zeev Suraski
bfa301dfd0 Fix ordering 2000-09-06 04:56:22 +00:00
Zeev Suraski
12adebbc3a - Fix leak 
- Remove redundant php_ini code
 2000-09-05 21:18:00 +00:00
Zeev Suraski
4647bbb71a broken logic fixed. I'm getting old 2000-09-05 20:50:41 +00:00
Zeev Suraski
eb32144902 - Remove track_vars - it is now always on 
- Make the various $HTTP_*_VARS[] arrays be defined always,
  even if they're empty
- Fix Win32 build and warnings
 2000-09-05 19:06:29 +00:00
Stig Venaas
d57e56ab4c using emalloc and efree, instead of malloc and free 2000-09-05 17:37:44 +00:00
Stig Venaas
24633f5987 renamed hostconnect() to php_hostconnect() 2000-09-05 16:36:56 +00:00
Stig Venaas
b83427db64 using the new hostconnect() for the http wrapper 2000-09-05 15:59:08 +00:00
Stig Venaas
4a7f22123f hostconnect now supports IPv6 if getaddrinfo exists, and also tries to 
connect to all addresses of a host before giving up. It should also be
thread safe when using getaddrinfo.
 2000-09-05 13:56:11 +00:00
Zeev Suraski
efdd39207c Protect arrays as well. 2000-09-04 22:26:01 +00:00
Sterling Hughes
9f86ff884f @Add a php.ini option session.use_trans_sid to enable/disable trans-sid. (Sterling) 2000-09-04 22:21:10 +00:00
Zeev Suraski
5dca99232e Prevent exploit in [tmp_name] as well 2000-09-04 22:05:00 +00:00
Zeev Suraski
60825fab88 Fix the logic. Tested. 2000-09-04 21:23:41 +00:00
Zeev Suraski
388170ffa5 3rd time's a charm 2000-09-04 20:47:52 +00:00
Zeev Suraski
b47050630b Fix the fix 2000-09-04 20:46:10 +00:00
Zeev Suraski
ed453cc9b4 Fix the file upload security problem with no side effects (untested) 2000-09-04 19:07:50 +00:00
Sascha Schumann
96128460b7 Include "php.h", otherwise we don't have access to the PHP and autoconf 
macros.
 2000-09-04 12:58:08 +00:00
Rasmus Lerdorf
43fefff150 Quick-fix for the file upload security alert 
@Quick-fix for the file upload security alert (Rasmus)
 2000-09-04 05:09:46 +00:00
Andi Gutmans
6bfed632c7 - This shouldn't have been commited. 
There are quite a few modules which are using VIRTUAL_DIR. I don't think
  this should be happening.
 2000-09-04 04:22:47 +00:00
Andi Gutmans
341a0d465a - Found my bug and managed to move the V_* macros to TSRM 2000-09-04 04:18:04 +00:00
Andi Gutmans
e47d4fe249 - Increase buffers of output buffering to 40KB and 10KB increments which 
makes more sense when web pages are typically like 10KB-20KB.
  I think it would be best to change the reallocation algorithm at least to
  redoubling when it's full instead of incrementing and possibly use
  a data structure similar to Zend/zend_static_allocator which uses memory
  blocks and not realloc().
 2000-09-03 19:57:06 +00:00
Andi Gutmans
799a00f19a - Before removing php_virtual_cwd.[ch] #if 0 them to make sure nothing 
is broken by this.
 2000-09-03 19:44:35 +00:00
Stig Venaas
f0962c33a1 Added timeout argument, but not used yet 2000-09-03 19:12:28 +00:00
Andi Gutmans
6c6471b160 - Move to virtual cwd in TSRM 2000-09-03 18:45:02 +00:00
Zeev Suraski
2183e2b0be Make gcc happy 2000-09-03 15:58:50 +00:00
Zeev Suraski
48f13455be Fix init bug 2000-09-03 15:56:54 +00:00
Stig Venaas
7f8917932f Added network.c 2000-09-03 09:34:33 +00:00
Stig Venaas
ad95450fc4 To be included by code using functions in network.c 2000-09-03 09:33:14 +00:00
Stig Venaas
c94933b2fa Network related functions, only for internal use by other PHP code. Tries 
to hide the details of address families/protocols, and to reduce duplication
of code.
 2000-09-03 09:30:41 +00:00
Andi Gutmans
299d1295b6 - Remove another TSRM->Zend dependency 2000-09-02 18:40:41 +00:00
Zeev Suraski
cf8e389799 @- Added support for an optional output handler function for output 
@  buffering.  This enables transparent rendering of XML through XSL,
@  transparent compression, etc. (Zeev)
 2000-09-02 18:03:58 +00:00
Andi Gutmans
97d509cc95 - Get rid of unused code and stop including PHP's win95nt.h 2000-09-02 16:08:24 +00:00
Zeev Suraski
e065c308e9 - Fix dir.c 
- Begin cleanup of php_error_cb()
 2000-09-01 12:06:52 +00:00
Sascha Schumann
df273c9d01 Hopefully last round of fixing varargs use. 
We don't need to create the log message twice, and by doing it only
once we also avoid the orig_args trap.
 2000-09-01 09:54:32 +00:00
Andi Gutmans
27de50012b - Use emalloc() for opened_path now. This was a potential leak before. 
- This patch has potential to break stuff but I tested it as much as I
- could. Fixes should be easy.
 2000-08-31 22:24:20 +00:00
Andi Gutmans
e8e5c9d97e - Remove redundant IS_SLASH 
- Reverse config.w32.h patches
- Use IS_ABSOLUTE_PATH() in one place in fopen-wrappers.c
 2000-08-31 19:49:36 +00:00