Sebastian Bergmann
08659c2dcd
MFH: Bump copyright year, 3 of 3.
2008-12-31 11:15:49 +00:00
Felipe Pena
2c829e5053
- Removed unused variable.
2008-07-24 16:00:34 +00:00
Felipe Pena
dab8b811c2
- Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666.
...
(patch by Christian Hoffmann)
2008-07-21 19:32:21 +00:00
Sebastian Bergmann
d1dded8751
MFH: Bump copyright year, 2 of 2.
2007-12-31 07:17:19 +00:00
Ilia Alshanetsky
86cca4e696
Completed fix for bug #42739 (fixes bug #43276 )
2007-11-15 18:57:14 +00:00
Jani Taskinen
c95f942e9b
- fix typo
2007-10-11 09:33:30 +00:00
Jani Taskinen
6c33a8c758
- Fix ws/cs and wrap the stuff within #if HAVE_BROKEN_GETCWD
2007-10-11 08:26:13 +00:00
Robert Thompson
50250dff8c
Fix for bug 41899, safe mode and relative paths with Solaris's broken getcwd().
2007-10-10 22:52:58 +00:00
Ilia Alshanetsky
f60df047f1
Fixed bug #42739 (mkdir() doesnt like a trailing slash when safe_mode is
...
enabled).
2007-09-23 15:19:21 +00:00
Jani Taskinen
d271071067
MFH: Fixed compile warnings
2007-07-21 01:43:33 +00:00
Hannes Magnusson
b865d176de
Typo
2007-01-12 12:11:18 +00:00
Ilia Alshanetsky
2ae036f038
Fixed bug #40098 (php_fopen_primary_script() not thread safe).
...
Adjusted previous fixes for similar issue to handle sysconf() failures
2007-01-12 01:46:11 +00:00
Ilia Alshanetsky
78ca1de763
Fixed bug #40079 (php_get_current_user() not thread safe).
...
# Original patch from wharmby at uk dot ibm dot com
2007-01-09 23:27:22 +00:00
Sebastian Bergmann
4223aa4d5e
MFH: Bump year.
2007-01-01 09:36:18 +00:00
Antony Dovgal
a7ce772222
fix #39575 (move_uploaded_file() no longer working (safe mode related))
2006-11-22 11:55:36 +00:00
Dmitry Stogov
9fd2b6deb4
Simplify the code base as this getpwd() was used only once
2006-11-10 09:56:16 +00:00
Nuno Lopes
7961207d6b
add const keywords
2006-07-01 11:35:34 +00:00
Antony Dovgal
fbeb246a3a
no need to do TSRMLS_FETCH() twice
2006-06-01 14:06:23 +00:00
foobar
5bd93221a8
bump year and license version
2006-01-01 12:51:34 +00:00
foobar
23e671a51e
- Bumber up year
2005-08-03 14:08:58 +00:00
Stefan Esser
b1bb6f1735
Do not silently truncate
2004-12-01 22:37:33 +00:00
Anantha Kesari H Y
06a4be43a3
NetWare don't have uid for a file so modified the php_checkuid to return 1 for NetWAre
2004-09-29 12:35:13 +00:00
Andi Gutmans
56f8195fe5
- Nuke empty_string. It is a reminanent from the time where RETURN_FALSE()
...
used to return "" and not bool(false). It's not worth keeping it because
STR_FREE() and zval_dtor() always have to check for it and it slows down
the general case. In addition, it seems that empty_string has been abused
quite a lot, and was used not only for setting zval's but generally in
PHP code instead of "", which wasn't the intention. Last but not least,
nuking empty_string should improve stability as I doubt every place
correctly checked if they are not mistakenly erealloc()'ing it or
calling efree() on it.
NOTE: Some code is probably broken. Each extension maintainer should
check and see that my changes are OK. Also, I haven't had time to touch
PECL yet. Will try and do it tomorrow.
2004-07-19 07:19:50 +00:00
Andi Gutmans
dbeb4158d2
- A belated happy holidays and PHP 5
2004-01-08 08:18:22 +00:00
James Cox
f68c7ff249
updating license information in the headers.
2003-06-10 20:04:29 +00:00
Wez Furlong
cfd0466389
Fix for Bug #21310 , based on a patch by jflemer@php.net.
2003-03-17 13:40:45 +00:00
foobar
8e3f23e3c0
ws fixes + missing $Id$ tags, headers added
2003-02-19 08:40:19 +00:00
Ilia Alshanetsky
9b560970f8
Fixed compiler warnings.
2003-01-09 22:33:43 +00:00
Sara Golemon
4d789b593f
Bug #21531 file_exists() and other filestat functions throw errors when in safe mode and file/directory does not exist.
...
Extended php_checkuid function to add "flags" field via rename to php_checkuid_ex with alias for BC in functions that do want safe mode errors thrown.
2003-01-09 21:57:45 +00:00
Sebastian Bergmann
2c5d4b8c23
Bump year.
2002-12-31 15:59:15 +00:00
Ilia Alshanetsky
78e2e69b23
Instead of checking whether realpath exists based on OS. Use the
...
HAVE_REALPATH define, which is set if realpath() is avaliable. This patch
also resolves bug #18868 .
2002-11-06 18:07:23 +00:00
David Reid
cf2e12a01e
Add some more BeOS support.
2002-10-02 23:48:58 +00:00
Marcus Boerger
a1f7bb12f1
use php_error_docref()
2002-08-25 18:45:02 +00:00
Wez Furlong
c2cbae6dd3
Enhance Ilia's recent patch to query the wrapper subsystem to determine
...
if a filename is a URL and thus if safe-mode checks should be skipped.
2002-08-16 09:50:24 +00:00
Ilia Alshanetsky
a643ae656a
Make https:// be exempt from safe_mode checks, just like http:// & ftp:// are.
2002-08-16 03:52:37 +00:00
Yasuo Ohgaki
f4f8726b9e
Accoding to safe_mode.h, php_checkuid() has six modes.
2002-07-17 05:15:17 +00:00
foobar
6f10116237
Fix bug: #18285 , php_checkuid() mangled the passed path.
2002-07-13 00:52:18 +00:00
Stefan Esser
0d3a45299d
SAFE_MODE restriction error message fixed if the file doesn't exist
2002-03-17 21:00:44 +00:00
Stefan Esser
cf4a292c5d
fixed a typo within checkuid
2002-03-14 16:48:18 +00:00
James E. Flemer
6a6b5a6108
(php_checkuid) Added case for root directory when mode is
...
not CHECKUID_ALLOW_ONLY_DIR.
2002-03-03 21:12:49 +00:00
James E. Flemer
ecac9a7e9e
(php_checkuid) Added case for root directory when mode is
...
CHECKUID_ALLOW_ONLY_DIR.
2002-03-03 20:49:04 +00:00
Sebastian Bergmann
90613d2282
Maintain headers.
2002-02-28 08:29:35 +00:00
Sebastian Bergmann
38933514e1
Update headers.
2001-12-11 15:32:16 +00:00
Derick Rethans
78747bd2df
- Don't wrap lines... this is annoying while coding.
2001-09-09 13:29:31 +00:00
Zeev Suraski
1159c84ab7
- TSRMLS_FETCH work
...
- whitespace fixes
2001-08-05 01:43:02 +00:00
Zeev Suraski
bc42c37513
More TSRMLS_FETCH work. Got it under 400 now.
2001-07-31 06:28:05 +00:00
Zeev Suraski
d87cc976e1
Redesigned thread safety mechanism - nua nua
2001-07-28 11:36:37 +00:00
Rasmus Lerdorf
721c562e2a
Fix a couple of build warnings
2001-07-16 04:31:13 +00:00
James E. Flemer
771e3e498f
o Fixed Bug #12121 : chdir and safe_mode
...
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ext/standard/dir.c ] changed php_checkuid() to use
CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR
- [ main/safe_mode.c ] added code for new checkuid mode
o Fixed Bug #12119 : safe mode owner check can be bypassed with symlink
- [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
of symlink before trimming filename
o New Feature: safe_mode_include_dir (php.ini directive)
- Allows bypassing UID/GID checks when including files
from the directory in safe_mode_include_dir and its
subdirectories. (safe_mode must be on, directory must
also be in include_path or full path must be used when
including)
o Fixed Feature: safe_mode_gid (php.ini directive)
- Correctly check (and report) UID/GID bits on directories
o Changed include() fall back to scripts cwd implementation
- CWD added to the (local) search path in php_fopen_with_path()
instead of seperate case. [ main/fopen_wrappers.c ]
2001-07-13 18:21:21 +00:00
Rasmus Lerdorf
89a73df39c
Fix Windows build (I think)
2001-07-09 18:57:19 +00:00