- webdav-specific stuff removed (should be handled using httpd.conf
LIMIT or equivalents)
- always_populate_raw_post_data now working on any method, not just
POST (and webdav methods with allow_webdav_methods), when
Content-Length is greater zero
- raw input data is also available using php://input stream,
this way one doesn't have to care about memory_limit
- input data is now always consumed (although maybe ignored,
this fixes we had withproblems with keep-alive connections
@ raw POST data is now available as php://input stream (hartmut)
maintain current behaviour. If this is turned on then $HTTP_RAW_POST_DATA
is always populated with a copy of the raw post data.
@ - Add config option (always_populate_raw_post_data) which when enabled
@ will always populate $HTTP_RAW_POST_DATA regardless of the post mime
@ type (Rasmus)
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ext/standard/dir.c ] changed php_checkuid() to use
CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR
- [ main/safe_mode.c ] added code for new checkuid mode
o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
- [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
of symlink before trimming filename
o New Feature: safe_mode_include_dir (php.ini directive)
- Allows bypassing UID/GID checks when including files
from the directory in safe_mode_include_dir and its
subdirectories. (safe_mode must be on, directory must
also be in include_path or full path must be used when
including)
o Fixed Feature: safe_mode_gid (php.ini directive)
- Correctly check (and report) UID/GID bits on directories
o Changed include() fall back to scripts cwd implementation
- CWD added to the (local) search path in php_fopen_with_path()
instead of seperate case. [ main/fopen_wrappers.c ]
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a gid check instead of a uid check. (James E. Flemer, Rasmus)
- comfiguration is now done by an ini parameter
instead of a compile time option
- the implementations of the three standard wrappers
now live in seperate files in ext/standard
- the compiler is happy again, no more warnings
Draft 3 of IEEE 1003.1 200x, "2.2 The Compilation Environment"
All identifiers that begin with an underscore and either an uppercase
letter or another underscore are always reserved for any use by the
implementation.
in shutdown function.
(php_array_walk) Print a warning if the walk function doesn't exist.
Split shutdown function call into a separate function that's called with
zend_hash_apply() instead of as destructor to keep hash consistent.
This fixes bug #3419.
- Added $HTTP_ENV_VARS[] and $HTTP_SERVER_VARS[] support, which similarly
to $HTTP_GET_VARS[], contain environment and server variables. Setting
register_globals to Off will now also prevent registration of the
environment and server variables into the global scope (Zeev)
- Renamed gpc_globals to register_globals (Zeev)
- Introduced variables_order that deprecates gpc_order, and allows control
over the server and environment variables, in addition to GET/POST/Cookies
(Zeev)