maxim Thu Nov 21 15:28:11 2002 EDT
Modified files:
/php4/ext/oci8 oci8.c
Log:
Disabled OCIPasswordChange() in safe mode. Possible security risks.
Index: php4/ext/oci8/oci8.c
diff -u php4/ext/oci8/oci8.c:1.188 php4/ext/oci8/oci8.c:1.189
--- php4/ext/oci8/oci8.c:1.188 Fri Nov 15 13:20:59 2002
+++ php4/ext/oci8/oci8.c Thu Nov 21 15:28:11 2002
@@ -20,7 +20,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: oci8.c,v 1.188 2002/11/15 18:20:59 maxim Exp $ */
+/* $Id: oci8.c,v 1.189 2002/11/21 20:28:11 maxim Exp $ */
/* TODO list:
*
@@ -628,7 +628,7 @@
php_info_print_table_start();
php_info_print_table_row(2, "OCI8 Support", "enabled");
- php_info_print_table_row(2, "Revision", "$Revision: 1.188 $");
+ php_info_print_table_row(2, "Revision", "$Revision: 1.189 $");
#ifndef PHP_WIN32
php_info_print_table_row(2, "Oracle Version", PHP_OCI8_VERSION );
php_info_print_table_row(2, "Compile-time ORACLE_HOME", PHP_OCI8_DIR );
@@ -4404,6 +4404,11 @@
zval **conn, **user_param, **pass_old_param, **pass_new_param;
text *user, *pass_old, *pass_new;
oci_connection *connection;
+
+ /* Disalllow in Safe Mode */
+ if (PG(safe_mode)) {
+ RETURN_FALSE;
+ }
if (zend_get_parameters_ex(4, &conn, &user_param, &pass_old_param,
&pass_new_param) == FAILURE) {
WRONG_PARAM_COUNT;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
