Commit Graph

88 Commits

Author SHA1 Message Date
James E. Flemer
771e3e498f o Fixed Bug #12121: chdir and safe_mode
- [ main/safe_mode.h ] added new checkuid mode:
    CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
	fails

  - [ ext/standard/dir.c ] changed php_checkuid() to use
    CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR

  - [ main/safe_mode.c ] added code for new checkuid mode

o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
  - [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
    of symlink before trimming filename

o New Feature: safe_mode_include_dir (php.ini directive)
  - Allows bypassing UID/GID checks when including files
    from the directory in safe_mode_include_dir and its
	subdirectories. (safe_mode must be on, directory must
	also be in include_path or full path must be used when
	including)

o Fixed Feature: safe_mode_gid (php.ini directive)
  - Correctly check (and report) UID/GID bits on directories

o Changed include() fall back to scripts cwd implementation
  - CWD added to the (local) search path in php_fopen_with_path()
    instead of seperate case. [ main/fopen_wrappers.c ]
2001-07-13 18:21:21 +00:00
Rasmus Lerdorf
934e10c7dc Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a gid check instead of a uid check. (James E. Flemer, Rasmus)
2001-07-09 17:36:04 +00:00
Rasmus Lerdorf
649d14ae79 Stick open_basedir in here 2001-07-04 03:53:12 +00:00
Harald Radi
d9c1247c86 added new com entries 2001-06-24 22:40:41 +00:00
Jon Parise
355153b4b2 Include the 'html_errors' directive.
Submitted by: "Daniel Beckham" <danbeck-cvs@dealnews.com>
2001-06-19 20:50:03 +00:00
Daniel Beulshausen
a82f4f76e8 add mbstring & xslt 2001-06-11 15:43:50 +00:00
Rui Hirokawa
f96a2539a7 added options for mbstring extension. 2001-06-10 09:44:31 +00:00
foobar
99cb747f71 Added missing configuration directive: from
which is used by fopen() to be send as the default password
2001-06-01 03:19:53 +00:00
foobar
77a1968ca5 Let's have examples here so maybe people would understand better
how to use this directive.
2001-05-31 21:03:11 +00:00
Sebastian Bergmann
b93a7db239 Fixed bug #10892. 2001-05-22 19:16:51 +00:00
Jon Parise
c3634ff399 Comment out the 'include_path' variable by default.
# Leaving it blank overrides the default include path, which contains the
# PEAR directory.
# The other option is to have the build system generate this file and expand
# @PEAR_INSTALLDIR@ on this line to reflect the system default.
2001-04-06 16:24:55 +00:00
Daniel Beulshausen
26f85bbbe7 add printer ext to php.ini & maintain extensions file 2001-04-05 12:41:25 +00:00
foobar
c34d2b91da Added new configuration directives:
arg_separator.input and arg_separator.output
2001-04-04 20:46:26 +00:00
Sebastian Bergmann
21cb46da23 Added php_dbx.dll. 2001-03-24 21:38:58 +00:00
Harald Radi
21d00778e5 added [com] section 2001-03-20 22:45:10 +00:00
Zeev Suraski
d7e17582da Update .ini's and NEWS 2001-03-07 10:08:19 +00:00
Sebastian Bergmann
9be9e95f06 Jan says: 'Do not load php_gtk.dll through php.ini, only use dl(), otherwise it crashes (atleast on Win32).' Me thinks: 'There should be no crash, but a warning. Anyways, remove it from php.ini-dist, so others do not run into this... :-) 2001-03-03 13:10:13 +00:00
Sebastian Bergmann
f494aff5c3 Whitespace only. 2001-03-03 07:37:18 +00:00
Sebastian Bergmann
e4ef496ee5 Whitespace Fixes. Added another Win32 extension DLL. Removed configuration for non-existent debugger. 2001-03-03 07:31:43 +00:00
Sebastian Bergmann
1dcda7c92b Added some more Win32 extension DLLs. 2001-03-03 06:55:06 +00:00
Colin Viebrock
138ab8eccf While we're fixing the ini files, change these to web-safe colours
... this always bugged me :)
2001-02-01 15:41:02 +00:00
Jon Parise
102752abc2 Massive reformatting. 2001-02-01 06:29:41 +00:00
Daniel Beulshausen
7357ee8fa4 rename php_mssql70.dll to php_mssql.dll, as we have only one mssql extension 2001-01-22 19:15:32 +00:00
Jon Parise
175cf6b08a Make this comment readable. 2001-01-02 21:37:21 +00:00
foobar
b0adbf8aff Added the arg_separator directive. 2000-12-28 09:36:56 +00:00
Frank M. Kromann
ad17d8f0a4 The ODBC extension looks for settings named odbc. and not uodbc. 2000-11-29 22:10:46 +00:00
Daniel Beulshausen
d5af60ca2f update win32 extension section 2000-11-27 11:57:30 +00:00
Frank M. Kromann
67f66b32c0 Adding php.ini value to set default batch size for mssql extension 2000-11-21 03:11:33 +00:00
Zeev Suraski
0f7f5c2c0e - Import Jade Nicoletti's transparent gzip encoding support as an output
handler.  Works quite nicely!
- Fix buglets in output buffering
- Add output_handler INI directive
2000-11-13 18:54:37 +00:00
Frank M. Kromann
1bf216ca57 Adding textlimit and textsize parameters to MSSQL sections 2000-10-23 00:45:23 +00:00
Chris Vandomelen
0e705a5f60 Added new INI entries to default php.ini files. 2000-10-22 23:49:57 +00:00
foobar
adb12b50b5 url_rewriter.tags needs to have " around the parameter to work. 2000-10-18 12:35:53 +00:00
Sascha Schumann
1c85ad029b Enable users to set the HTML tags to rewrite
through a configuration directive
2000-10-16 17:25:36 +00:00
Hartmut Holzgraefe
cae27179ce fopen wrappers cleanup
- comfiguration is now done by an ini parameter
    instead of a compile time option
  - the implementations of the three standard wrappers
    now live in seperate files in ext/standard
  - the compiler is happy again, no more warnings
2000-10-13 00:09:31 +00:00
Sebastian Bergmann
8520f94796 Removed obsolete entries from php.ini. 2000-10-06 05:14:46 +00:00
Hénot David
409e2e7e98 Changed the php.ini examples to match the names in the source code. 2000-09-13 16:12:50 +00:00
Daniel Beulshausen
119ad66740 - a comma sneaked in before the java extension
- added the java configuration section
#can you please add the setting for *nix as well?
2000-09-13 13:27:52 +00:00
Daniel Beulshausen
0f22953a67 added note about odbc support and changed to the appropriate names of the windows extensions 2000-09-13 13:03:01 +00:00
Zeev Suraski
f7054b3561 Thanks, Adam 2000-09-12 20:57:21 +00:00
Zeev Suraski
6c3d7449e1 - Made eval() and several other runtime-evaluated code portions report the
nature and location of errors more accurately (Stas)
2000-09-12 20:48:33 +00:00
Zeev Suraski
b7ecaacd07 More security-related (control) patches:
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit.  Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
2000-09-09 15:02:15 +00:00
Zeev Suraski
eb32144902 - Remove track_vars - it is now always on
- Make the various $HTTP_*_VARS[] arrays be defined always,
  even if they're empty
- Fix Win32 build and warnings
2000-09-05 19:06:29 +00:00
Sterling Hughes
ade2c31625 Add the session.use_trans_sid option to php.ini file. 2000-09-04 22:22:16 +00:00
Zeev Suraski
6a8440fb70 Advise people to use error logging instead of error displaying on production web sites 2000-08-26 14:25:47 +00:00
David Croft
08c6773691 renamed ini section, quoted default host and tabulated.
# it doesn't make sense to have the tab-width set to 4 when we're
# using tabs for alignment in this case, it just makes it look screwy
# in everything but emacs
2000-08-15 09:47:35 +00:00
Rasmus Lerdorf
640501ab19 Remove mysql dll 2000-08-06 02:06:43 +00:00
Hartmut Holzgraefe
b04a02660e changed default sendmail flags from '-t' to '-t -i' (bugid#5374) 2000-08-04 22:42:11 +00:00
John Donagher
e9427bc078 # Added example entries for the pfpro extension to the php.ini templates 2000-07-24 17:58:38 +00:00
Hénot David
15ff1d211b Added extension ii for Ingres II native support.
@- Added extension ii for Ingres II native support. See README in ext/ii
@  directory. (David H)
2000-07-17 21:29:30 +00:00
Zeev Suraski
2c94141b12 Add missing enable_dl 2000-06-26 18:16:54 +00:00