stas Fri Aug 3 01:40:06 2007 UTC
Modified files:
/php-src/main main.c php_ini.h
/ZendEngine2 zend_ini.h
/php-src/sapi/apache mod_php.c
/php-src/sapi/apache2handler apache_config.c
/php-src/ext/session mod_files.c session.c
Log:
MF5: fix for access control with .htaccess
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.743&r2=1.744&diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.743 php-src/main/main.c:1.744
--- php-src/main/main.c:1.743 Wed Aug 1 23:54:06 2007
+++ php-src/main/main.c Fri Aug 3 01:40:05 2007
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: main.c,v 1.743 2007/08/01 23:54:06 stas Exp $ */
+/* $Id: main.c,v 1.744 2007/08/03 01:40:05 stas Exp $ */
/* {{{ includes
*/
@@ -416,6 +416,24 @@
}
/* }}} */
+/* {{{ PHP_INI_MH
+ */
+static PHP_INI_MH(OnUpdateErrorLog)
+{
+ /* Only do the safemode/open_basedir check at runtime */
+ if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS)
&&
+ strcmp(new_value, "syslog")) {
+
+ if (PG(open_basedir) && php_check_open_basedir(new_value
TSRMLS_CC)) {
+ return FAILURE;
+ }
+
+ }
+ OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2,
mh_arg3, stage TSRMLS_CC);
+ return SUCCESS;
+}
+/* }}} */
+
/*
* Need to be read from the environment (?):
* PHP_AUTO_PREPEND_FILE
@@ -481,7 +499,7 @@
STD_PHP_INI_ENTRY("default_charset", SAPI_DEFAULT_CHARSET,
PHP_INI_ALL, OnUpdateDefaultCharset, default_charset,
sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY("default_mimetype", SAPI_DEFAULT_MIMETYPE,
PHP_INI_ALL, OnUpdateDefaultMimetype,
default_mimetype, sapi_globals_struct,sapi_globals)
ZEND_INI_ENTRY("unicode.output_encoding", NULL, ZEND_INI_ALL,
OnUpdateOutputEncoding)
- STD_PHP_INI_ENTRY("error_log", NULL,
PHP_INI_ALL, OnUpdateString, error_log,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY("error_log", NULL,
PHP_INI_ALL, OnUpdateErrorLog, error_log,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY("extension_dir",
PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty,
extension_dir, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("include_path",
PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty,
include_path, php_core_globals, core_globals)
PHP_INI_ENTRY("max_execution_time", "30",
PHP_INI_ALL, OnUpdateTimeout)
http://cvs.php.net/viewvc.cgi/php-src/main/php_ini.h?r1=1.49&r2=1.50&diff_format=u
Index: php-src/main/php_ini.h
diff -u php-src/main/php_ini.h:1.49 php-src/main/php_ini.h:1.50
--- php-src/main/php_ini.h:1.49 Mon Jan 1 09:29:35 2007
+++ php-src/main/php_ini.h Fri Aug 3 01:40:05 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_ini.h,v 1.49 2007/01/01 09:29:35 sebastian Exp $ */
+/* $Id: php_ini.h,v 1.50 2007/08/03 01:40:05 stas Exp $ */
#ifndef PHP_INI_H
#define PHP_INI_H
@@ -65,6 +65,7 @@
#define PHP_INI_STAGE_ACTIVATE ZEND_INI_STAGE_ACTIVATE
#define PHP_INI_STAGE_DEACTIVATE ZEND_INI_STAGE_DEACTIVATE
#define PHP_INI_STAGE_RUNTIME ZEND_INI_STAGE_RUNTIME
+#define PHP_INI_STAGE_HTACCESS ZEND_INI_STAGE_HTACCESS
#define php_ini_boolean_displayer_cb zend_ini_boolean_displayer_cb
#define php_ini_color_displayer_cb zend_ini_color_displayer_cb
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.h?r1=1.40&r2=1.41&diff_format=u
Index: ZendEngine2/zend_ini.h
diff -u ZendEngine2/zend_ini.h:1.40 ZendEngine2/zend_ini.h:1.41
--- ZendEngine2/zend_ini.h:1.40 Mon Jan 1 09:29:21 2007
+++ ZendEngine2/zend_ini.h Fri Aug 3 01:40:05 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: zend_ini.h,v 1.40 2007/01/01 09:29:21 sebastian Exp $ */
+/* $Id: zend_ini.h,v 1.41 2007/08/03 01:40:05 stas Exp $ */
#ifndef ZEND_INI_H
#define ZEND_INI_H
@@ -190,6 +190,7 @@
#define ZEND_INI_STAGE_ACTIVATE (1<<2)
#define ZEND_INI_STAGE_DEACTIVATE (1<<3)
#define ZEND_INI_STAGE_RUNTIME (1<<4)
+#define ZEND_INI_STAGE_HTACCESS (1<<5)
/* INI parsing engine */
typedef void (*zend_ini_parser_cb_t)(zval *arg1, zval *arg2, int
callback_type, void *arg);
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php.c?r1=1.3&r2=1.4&diff_format=u
Index: php-src/sapi/apache/mod_php.c
diff -u php-src/sapi/apache/mod_php.c:1.3 php-src/sapi/apache/mod_php.c:1.4
--- php-src/sapi/apache/mod_php.c:1.3 Mon Jun 18 15:57:00 2007
+++ php-src/sapi/apache/mod_php.c Fri Aug 3 01:40:05 2007
@@ -17,7 +17,7 @@
| PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: mod_php.c,v 1.3 2007/06/18 15:57:00 scottmac Exp $ */
+/* $Id: mod_php.c,v 1.4 2007/08/03 01:40:05 stas Exp $ */
#include "php_apache_http.h"
#include "http_conf_globals.h"
@@ -76,6 +76,7 @@
uint key_length;
uint value_length;
int type;
+ char htaccess;
} php_per_dir_entry;
/* some systems are missing these from their header files */
@@ -540,7 +541,7 @@
*/
static int php_apache_alter_ini_entries(php_per_dir_entry *per_dir_entry
TSRMLS_DC)
{
- zend_alter_ini_entry(per_dir_entry->key, per_dir_entry->key_length+1,
per_dir_entry->value, per_dir_entry->value_length, per_dir_entry->type,
PHP_INI_STAGE_ACTIVATE);
+ zend_alter_ini_entry(per_dir_entry->key, per_dir_entry->key_length+1,
per_dir_entry->value, per_dir_entry->value_length, per_dir_entry->type,
data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE);
return 0;
}
/* }}} */
@@ -776,6 +777,7 @@
php_apache_startup(&apache_sapi_module);
}
per_dir_entry.type = mode;
+ per_dir_entry.htaccess = ((cmd->override & (RSRC_CONF|ACCESS_CONF)) ==
0);
if (strcasecmp(arg2, "none") == 0) {
arg2 = "";
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/apache_config.c?r1=1.11&r2=1.12&diff_format=u
Index: php-src/sapi/apache2handler/apache_config.c
diff -u php-src/sapi/apache2handler/apache_config.c:1.11
php-src/sapi/apache2handler/apache_config.c:1.12
--- php-src/sapi/apache2handler/apache_config.c:1.11 Mon Jan 1 09:29:36 2007
+++ php-src/sapi/apache2handler/apache_config.c Fri Aug 3 01:40:05 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: apache_config.c,v 1.11 2007/01/01 09:29:36 sebastian Exp $ */
+/* $Id: apache_config.c,v 1.12 2007/08/03 01:40:05 stas Exp $ */
#define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
@@ -51,6 +51,7 @@
char *value;
size_t value_len;
char status;
+ char htaccess;
} php_dir_entry;
static const char *real_value_hnd(cmd_parms *cmd, void *dummy, const char
*name, const char *value, int status)
@@ -67,7 +68,8 @@
e.value = apr_pstrdup(cmd->pool, value);
e.value_len = strlen(value);
e.status = status;
-
+ e.htaccess = ((cmd->override & (RSRC_CONF|ACCESS_CONF)) == 0);
+
zend_hash_update(&d->config, (char *) name, strlen(name) + 1, &e,
sizeof(e), NULL);
return NULL;
}
@@ -170,7 +172,7 @@
zend_hash_move_forward(&d->config)) {
zend_hash_get_current_data(&d->config, (void **) &data);
phpapdebug((stderr, "APPLYING (%s)(%s)\n", str.s, data->value));
- if (zend_alter_ini_entry(str.s, str_len, data->value,
data->value_len, data->status, PHP_INI_STAGE_ACTIVATE) == FAILURE) {
+ if (zend_alter_ini_entry(str, str_len, data->value,
data->value_len, data->status,
data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
phpapdebug((stderr, "..FAILED\n"));
}
}
http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.112&r2=1.113&diff_format=u
Index: php-src/ext/session/mod_files.c
diff -u php-src/ext/session/mod_files.c:1.112
php-src/ext/session/mod_files.c:1.113
--- php-src/ext/session/mod_files.c:1.112 Tue Jul 10 17:52:32 2007
+++ php-src/ext/session/mod_files.c Fri Aug 3 01:40:05 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mod_files.c,v 1.112 2007/07/10 17:52:32 stas Exp $ */
+/* $Id: mod_files.c,v 1.113 2007/08/03 01:40:05 stas Exp $ */
#include "php.h"
@@ -313,10 +313,6 @@
}
save_path = argv[argc - 1];
- if (PG(open_basedir) && php_check_open_basedir(save_path TSRMLS_CC)) {
- return FAILURE;
- }
-
data = ecalloc(1, sizeof(*data));
data->fd = -1;
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.474&r2=1.475&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.474 php-src/ext/session/session.c:1.475
--- php-src/ext/session/session.c:1.474 Sun Jun 17 14:26:16 2007
+++ php-src/ext/session/session.c Fri Aug 3 01:40:05 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.474 2007/06/17 14:26:16 iliaa Exp $ */
+/* $Id: session.c,v 1.475 2007/08/03 01:40:05 stas Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -542,7 +542,7 @@
static PHP_INI_MH(OnUpdateSaveDir)
{
/* Only do the safemode/open_basedir check at runtime */
- if (stage == PHP_INI_STAGE_RUNTIME) {
+ if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
char *p;
if (memchr(new_value, '\0', new_value_length) != NULL) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
