rasmus Fri Jun 16 14:09:01 2006 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS php.ini-dist /php-src/main main.c php_globals.h /php-src/main/streams streams.c Log: MFH: Backported allow_url_include from HEAD. This directive allows separate control of URL handling in includes/requires allowing sites to enable allow_url_fopen without enabling remote includes. http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.2027.2.547.2.87&r2=1.2027.2.547.2.88&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.87 php-src/NEWS:1.2027.2.547.2.88 --- php-src/NEWS:1.2027.2.547.2.87 Fri Jun 16 05:57:18 2006 +++ php-src/NEWS Fri Jun 16 14:09:00 2006 @@ -43,6 +43,7 @@ . Added readInnerXML(), readOuterXML(), readString(), setSchema(). (2.6.20+) . Changed to passing libxml options when loading reader. +- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus) - Added automatic module globals management. (Dmitry) - Added RFC2397 (data: stream) support. (Marcus) - Added new error mode E_RECOVERABLE_ERROR. (Derick, Marcus, Tony) http://cvs.php.net/viewcvs.cgi/php-src/php.ini-dist?r1=1.231.2.10.2.2&r2=1.231.2.10.2.3&diff_format=u Index: php-src/php.ini-dist diff -u php-src/php.ini-dist:1.231.2.10.2.2 php-src/php.ini-dist:1.231.2.10.2.3 --- php-src/php.ini-dist:1.231.2.10.2.2 Mon Jun 5 16:25:25 2006 +++ php-src/php.ini-dist Fri Jun 16 14:09:00 2006 @@ -531,6 +531,9 @@ ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. allow_url_fopen = On +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +allow_url_include = Off + ; Define the anonymous ftp password (your email address) ;from="[EMAIL PROTECTED]" http://cvs.php.net/viewcvs.cgi/php-src/main/main.c?r1=1.640.2.23.2.8&r2=1.640.2.23.2.9&diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.640.2.23.2.8 php-src/main/main.c:1.640.2.23.2.9 --- php-src/main/main.c:1.640.2.23.2.8 Wed May 31 21:48:43 2006 +++ php-src/main/main.c Fri Jun 16 14:09:00 2006 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: main.c,v 1.640.2.23.2.8 2006/05/31 21:48:43 andrei Exp $ */ +/* $Id: main.c,v 1.640.2.23.2.9 2006/06/16 14:09:00 rasmus Exp $ */ /* {{{ includes */ @@ -322,6 +322,7 @@ PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals) STD_PHP_INI_ENTRY("realpath_cache_size", "16K", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals) STD_PHP_INI_ENTRY("realpath_cache_ttl", "120", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_ttl, virtual_cwd_globals, cwd_globals) http://cvs.php.net/viewcvs.cgi/php-src/main/php_globals.h?r1=1.98.2.1&r2=1.98.2.1.2.1&diff_format=u Index: php-src/main/php_globals.h diff -u php-src/main/php_globals.h:1.98.2.1 php-src/main/php_globals.h:1.98.2.1.2.1 --- php-src/main/php_globals.h:1.98.2.1 Sun Jan 1 12:50:17 2006 +++ php-src/main/php_globals.h Fri Jun 16 14:09:01 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_globals.h,v 1.98.2.1 2006/01/01 12:50:17 sniper Exp $ */ +/* $Id: php_globals.h,v 1.98.2.1.2.1 2006/06/16 14:09:01 rasmus Exp $ */ #ifndef PHP_GLOBALS_H #define PHP_GLOBALS_H @@ -150,6 +150,7 @@ char *disable_functions; char *disable_classes; + zend_bool allow_url_include; }; http://cvs.php.net/viewcvs.cgi/php-src/main/streams/streams.c?r1=1.82.2.6.2.1&r2=1.82.2.6.2.2&diff_format=u Index: php-src/main/streams/streams.c diff -u php-src/main/streams/streams.c:1.82.2.6.2.1 php-src/main/streams/streams.c:1.82.2.6.2.2 --- php-src/main/streams/streams.c:1.82.2.6.2.1 Sun May 14 18:40:12 2006 +++ php-src/main/streams/streams.c Fri Jun 16 14:09:01 2006 @@ -19,7 +19,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: streams.c,v 1.82.2.6.2.1 2006/05/14 18:40:12 helly Exp $ */ +/* $Id: streams.c,v 1.82.2.6.2.2 2006/06/16 14:09:01 rasmus Exp $ */ #define _GNU_SOURCE #include "php.h" @@ -1605,7 +1605,7 @@ return &php_plain_files_wrapper; } - if (wrapperpp && (*wrapperpp)->is_url && !PG(allow_url_fopen)) { + if ((wrapperpp && (*wrapperpp)->is_url) && (!PG(allow_url_fopen) || ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include))) ) { if (options & REPORT_ERRORS) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration"); }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php