Commit Graph

44 Commits

Author SHA1 Message Date
Stefan Esser
0d3a45299d SAFE_MODE restriction error message fixed if the file doesn't exist 2002-03-17 21:00:44 +00:00
Stefan Esser
cf4a292c5d fixed a typo within checkuid 2002-03-14 16:48:18 +00:00
James E. Flemer
6a6b5a6108 (php_checkuid) Added case for root directory when mode is
not CHECKUID_ALLOW_ONLY_DIR.
2002-03-03 21:12:49 +00:00
James E. Flemer
ecac9a7e9e (php_checkuid) Added case for root directory when mode is
CHECKUID_ALLOW_ONLY_DIR.
2002-03-03 20:49:04 +00:00
Sebastian Bergmann
90613d2282 Maintain headers. 2002-02-28 08:29:35 +00:00
Sebastian Bergmann
38933514e1 Update headers. 2001-12-11 15:32:16 +00:00
Derick Rethans
78747bd2df - Don't wrap lines... this is annoying while coding. 2001-09-09 13:29:31 +00:00
Zeev Suraski
1159c84ab7 - TSRMLS_FETCH work
- whitespace fixes
2001-08-05 01:43:02 +00:00
Zeev Suraski
bc42c37513 More TSRMLS_FETCH work. Got it under 400 now. 2001-07-31 06:28:05 +00:00
Zeev Suraski
d87cc976e1 Redesigned thread safety mechanism - nua nua 2001-07-28 11:36:37 +00:00
Rasmus Lerdorf
721c562e2a Fix a couple of build warnings 2001-07-16 04:31:13 +00:00
James E. Flemer
771e3e498f o Fixed Bug #12121: chdir and safe_mode
- [ main/safe_mode.h ] added new checkuid mode:
    CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
	fails

  - [ ext/standard/dir.c ] changed php_checkuid() to use
    CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR

  - [ main/safe_mode.c ] added code for new checkuid mode

o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
  - [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
    of symlink before trimming filename

o New Feature: safe_mode_include_dir (php.ini directive)
  - Allows bypassing UID/GID checks when including files
    from the directory in safe_mode_include_dir and its
	subdirectories. (safe_mode must be on, directory must
	also be in include_path or full path must be used when
	including)

o Fixed Feature: safe_mode_gid (php.ini directive)
  - Correctly check (and report) UID/GID bits on directories

o Changed include() fall back to scripts cwd implementation
  - CWD added to the (local) search path in php_fopen_with_path()
    instead of seperate case. [ main/fopen_wrappers.c ]
2001-07-13 18:21:21 +00:00
Rasmus Lerdorf
89a73df39c Fix Windows build (I think) 2001-07-09 18:57:19 +00:00
Rasmus Lerdorf
934e10c7dc Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a gid check instead of a uid check. (James E. Flemer, Rasmus)
2001-07-09 17:36:04 +00:00
Rasmus Lerdorf
81e2cf03ac Fix folding and clean up some extensions 2001-06-06 13:06:12 +00:00
Rasmus Lerdorf
25c3a3a39d vim-6 does folding - clean up a bunch of missing folding tags plus
some misguided RINIT and RSHUTDOWN calls in a few fringe extensions
2001-06-05 13:12:10 +00:00
Andi Gutmans
4c823e8a89 - Change macros from V_ to VCWD_ because of AIX name clash 2001-04-30 12:45:02 +00:00
Andi Gutmans
eb6ba01d1c - Fix copyright notices with 2001 2001-02-26 06:11:02 +00:00
Andi Gutmans
033190cbcf - Fix warning
PR:
Submitted by:
Reviewed by:
Obtained from:
2001-02-12 15:47:38 +00:00
Thies C. Arntzen
0719e7e006 @- Allow access to uploaded files in safe_mode. Beware that you can only
@  read the file. If you copy it to new location the copy will not have the
@  right UID and you script won't be able to access that copy. (Thies)
2001-01-09 11:58:57 +00:00
Andi Gutmans
86a1cace27 - Make all places use MAXPATHLEN in the same way. It includes the
terminating NULL.
2000-12-16 20:52:43 +00:00
Andi Gutmans
6139a2c8ce - Define the different possible modes for readibility and use in the rest
- of PHP
2000-11-01 18:05:27 +00:00
Andi Gutmans
8907e17bde - In function declerations the opening { should be on a new line 2000-11-01 17:31:53 +00:00
Zeev Suraski
6614e8edb4 - I wrote a long msg but the commit didn't go through.
- So here is the short version:
- a) Start moving to binary opens in Windows
- b) Give checkuid_mode() a small face lift including the fopen-wrappers.c
- The mode to this function should at least be a #define but that is for
- another day. Anyway this whole stuff should be given more face lifts in
- the future.
2000-06-25 17:02:59 +00:00
Zeev Suraski
e043439ff6 Update the license with the new clause 6 2000-05-18 15:34:45 +00:00
Andi Gutmans
e40268d07c - Add missing V_STAT() 2000-04-20 16:38:08 +00:00
Andi Gutmans
1665cba750 - Change PHP_ to V_ (directory & file functions) 2000-04-15 14:20:01 +00:00
Andi Gutmans
f9547241d5 - Fix another bug in session.c
- Start using the new PHP_GETCWD() and co. macros
2000-03-30 22:38:50 +00:00
Zeev Suraski
9b621d1c8f Get the license right... (this won't make it to RC1 of B4) 2000-02-19 23:21:46 +00:00
Zeev Suraski
49e98c3ddd request_info.c is dead! long live SAPI
@- Finished the server abstraction layer;  All of the PHP code is now shared
@  across different servers (Apache, CGI, IIS, etc.), except for thin
@  interface modules (Zeev)
2000-02-10 20:13:08 +00:00
Zeev Suraski
41f6bca92f More cleanup! 2000-02-10 18:19:04 +00:00
Zeev Suraski
7d926a0e0c More cleanup... 2000-02-10 17:26:57 +00:00
Rasmus Lerdorf
e8b74e56c9 # Fix silly typo 2000-01-08 14:36:12 +00:00
Sascha Schumann
43ae2bffbb Happy Y2K patch! Happy new year (or the new millennium, depending on whether
you start counting at 0 or 1).
2000-01-01 01:32:05 +00:00
Zeev Suraski
a3c6514332 More php3_ annihilation 1999-12-17 19:51:39 +00:00
Zeev Suraski
02d3b39420 More php3_ annihilation 1999-12-17 19:16:50 +00:00
Zeev Suraski
3cb1eb0471 Removed '3' from key functions in PHP (maintained compatibility through
php3_compat.h)
1999-08-02 19:17:14 +00:00
Zeev Suraski
c5724cbd14 License update 1999-07-16 13:13:16 +00:00
Zeev Suraski
d4f24f19ad * Get rid of another request_info element (filename)
* CGI through Apache should work now
1999-06-26 19:14:26 +00:00
Zeev Suraski
3cd0af11ee * Get the Apache module to compile again
* Get rid of php3_rqst, use SG(server_context) instead (there's still Apache-specific code,
  but it nuked a global)
1999-04-26 17:26:37 +00:00
Zeev Suraski
0818d96c97 A lot of cleanups... Removed old thread-safe code and other redundant code and files 1999-04-24 00:12:00 +00:00
Zeev Suraski
6f7c0edee3 Remove tls.[ch] 1999-04-23 20:06:01 +00:00
Stig Bakken
257de2bade First commit of re-structuring phase one. We have started using automake in
sub-directories and started to move extension code into ext/<name>.  For now,
I have moved the "standard" extension (which is quite a mix of everything
right now) and the GD extension into their own subdirs in ext/.
The configure script now also runs configure in the libzend directory
automatically and makes sure php4 and libzend use the same config.cache file.
To avoid running configure in libzend, use the --no-recursion option.
"make" in php4 also builds libzend now.
The Apache module doesn't compile right now, but a fix for that is
coming up.
1999-04-17 00:37:12 +00:00
Zeev Suraski
aceaabceff PHP 4.0 1999-04-07 21:05:13 +00:00