[PHP-CVS] cvs: php4 /ext/standard basic_functions.c

Thu, 24 Oct 2002 18:08:37 -0700 

iliaa           Thu Oct 24 21:06:47 2002 EDT

  Modified files:              
    /php4/ext/standard  basic_functions.c 
  Log:
  Added a mechanism allowing the disabling of the ability to change 
  certain INI options when safe_mode is enabled.
  
  ATM three options are limited:
  max_execution_time
  memory_limit
  child_terminate
  
  This patch also fixes bug #17287.
  
  
Index: php4/ext/standard/basic_functions.c
diff -u php4/ext/standard/basic_functions.c:1.536 
php4/ext/standard/basic_functions.c:1.537
--- php4/ext/standard/basic_functions.c:1.536   Thu Oct 24 16:04:16 2002
+++ php4/ext/standard/basic_functions.c Thu Oct 24 21:06:46 2002
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: basic_functions.c,v 1.536 2002/10/24 20:04:16 hholzgra Exp $ */
+/* $Id: basic_functions.c,v 1.537 2002/10/25 01:06:46 iliaa Exp $ */
 
 #include "php.h"
 #include "php_streams.h"
@@ -2342,6 +2342,18 @@
                                RETURN_FALSE;
                        }
                }
+       }       
+               
+#define _CHECK_SAFEMODE_INI(ini, var) strncmp(ini, Z_STRVAL_PP(var), sizeof(ini))
+               
+       /* checks that ensure the user does not overwrite certain ini settings when 
+safe_mode is enabled */
+       if (PG(safe_mode)) {
+               if (!_CHECK_SAFEMODE_INI("max_execution_time", varname) ||
+                       !_CHECK_SAFEMODE_INI("memory_limit", varname) ||
+                       !_CHECK_SAFEMODE_INI("child_terminate", varname)) {
+                       zval_dtor(return_value);
+                       RETURN_FALSE;
+               }       
        }       
                
        if (zend_alter_ini_entry(Z_STRVAL_PP(varname), Z_STRLEN_PP(varname)+1, 
Z_STRVAL_PP(new_value), Z_STRLEN_PP(new_value),



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to