After the sigsetjmp change, this is patch #2 in an effort to get some
sanity restored to signal handling in PHP.
This patch does two things. First, it makes it possible to reset the
timeout without resetting the signal handlers. This is important for
cases where an extension may have deferred signals in its MINIT in order
to implement critical sections. It also lays the groundwork for cleaning
up our signal handling and perhaps eventually implementing our own
signal deferring mechanism so we can have true critical sections.
The second thing this does is to make it possible to terminate the current
child process (only for Apache1 at the moment) on a timeout. There are
a number of extensions that are unhappy about being longjmp'ed out of
and when this happens on a timeout they are left in an inconsistent state.
By turning on exit_on_timeout you can now force the process to terminate
on a timeout which will clean up any hanging locks and/or memory left
hanging after the longjmp.
- Added ".htaccess" style user-defined php.ini files support for
CGI/FastCGI.
- Added support for special [PATH=/opt/httpd/www.example.com/] sections
in php.ini. All directives set in these sections will not be able to be
overridden in user-defined ini-files or during runtime in the specified
path.
- Improved php.ini handling:
. Added better error reporting for syntax errors in php.ini files
. Allowed "ini-variables" to be used almost everywhere ini php.ini files
. Allowed using alphanumeric/variable indexes in "array" ini options
. Fixed get_cfg_var() to be able to return "array" ini options
- Fixed bug #27372 (parse error loading browscap.ini at apache startup)
- Fixed bug #42069 (parse_ini_file() allows using some non-alpha numeric
characters)
Local user streams must not be able to open(), URLs if allow_url_include is off
Implemented new function stream_is_local()
[
- stream_wrapper_register() extended with additional optional argument "flags"
of type long. This time only one flag is implemented
- STREAM_IS_URL, that means that userstream wrapper is remote (URL).
By default stream is local.
- stream_is_local() is a new function that accepts stream and tell if this
stream is local or remote (URL)
]
- webdav-specific stuff removed (should be handled using httpd.conf
LIMIT or equivalents)
- always_populate_raw_post_data now working on any method, not just
POST (and webdav methods with allow_webdav_methods), when
Content-Length is greater zero
- raw input data is also available using php://input stream,
this way one doesn't have to care about memory_limit
- input data is now always consumed (although maybe ignored,
this fixes we had withproblems with keep-alive connections
@ raw POST data is now available as php://input stream (hartmut)
maintain current behaviour. If this is turned on then $HTTP_RAW_POST_DATA
is always populated with a copy of the raw post data.
@ - Add config option (always_populate_raw_post_data) which when enabled
@ will always populate $HTTP_RAW_POST_DATA regardless of the post mime
@ type (Rasmus)
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ext/standard/dir.c ] changed php_checkuid() to use
CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR
- [ main/safe_mode.c ] added code for new checkuid mode
o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
- [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
of symlink before trimming filename
o New Feature: safe_mode_include_dir (php.ini directive)
- Allows bypassing UID/GID checks when including files
from the directory in safe_mode_include_dir and its
subdirectories. (safe_mode must be on, directory must
also be in include_path or full path must be used when
including)
o Fixed Feature: safe_mode_gid (php.ini directive)
- Correctly check (and report) UID/GID bits on directories
o Changed include() fall back to scripts cwd implementation
- CWD added to the (local) search path in php_fopen_with_path()
instead of seperate case. [ main/fopen_wrappers.c ]
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a gid check instead of a uid check. (James E. Flemer, Rasmus)