This is another version of my patch, allowing to set multiple dirs.
-- email: [[EMAIL PROTECTED]] gsm: +48 606 787423 echo Ecl.Pl Al. NMP 31 Częstochowa http://www.ecl.pl/ // "I'm willing to sacrifice anything for this cause, even other people's // lives"
diff -ur main.orig/main.c main/main.c --- main.orig/main.c Tue May 8 22:11:46 2001 +++ main/main.c Sun Oct 28 20:38:18 2001 @@ -221,6 +221,7 @@ PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout) STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, open_basedir, php_core_globals, core_globals) STD_PHP_INI_ENTRY("safe_mode_exec_dir", "1", PHP_INI_SYSTEM, OnUpdateString, safe_mode_exec_dir, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("safe_mode_include_dir", "1", +PHP_INI_SYSTEM, OnUpdateString, safe_mode_include_dir, + php_core_globals, core_globals) STD_PHP_INI_ENTRY("upload_max_filesize", "2M", PHP_INI_ALL, OnUpdateInt, upload_max_filesize, php_core_globals, core_globals) STD_PHP_INI_ENTRY("file_uploads", "1", PHP_INI_ALL, OnUpdateBool, file_uploads, php_core_globals, core_globals) STD_PHP_INI_ENTRY("post_max_size", "8M", PHP_INI_SYSTEM, OnUpdateInt, post_max_size, sapi_globals_struct,sapi_globals) diff -ur main.orig/php_globals.h main/php_globals.h --- main.orig/php_globals.h Wed Apr 4 22:46:26 2001 +++ main/php_globals.h Sun Oct 28 20:20:35 2001 @@ -74,6 +74,7 @@ char *output_handler; char *safe_mode_exec_dir; + char *safe_mode_include_dir; long memory_limit; diff -ur main.orig/safe_mode.c main/safe_mode.c --- main.orig/safe_mode.c Mon Apr 30 14:43:40 2001 +++ main/safe_mode.c Mon Oct 29 23:03:41 2001 @@ -65,10 +65,20 @@ * If given filepath is a URL, allow - safe mode stuff * related to URL's is checked in individual functions */ - if (!strncasecmp(filename,"http://",7) || !strncasecmp(filename,"ftp://",6)) { + if (safe_mode_include_check(filename)) { return 1; } + /* + * Added by [EMAIL PROTECTED] - check if the file is in special + * directory where all system includes go [like autoprepend directives] + */ + + if ( !strncasecmp(filename, PG(safe_mode_include_dir), + strlen( PG(safe_mode_include_dir) )) ) { + return 1; + } + if (mode != CHECKUID_ALLOW_ONLY_DIR) { ret = VCWD_STAT(filename, &sb); if (ret < 0) { @@ -163,3 +173,44 @@ return SG(request_info).current_user; } + +/* +* Added by [EMAIL PROTECTED] - check if the file is in special +* directory where all system includes go [like autoprepend directives] +*/ + +int safe_mode_include_check(const char *filename) +{ + char *tmp; + int len; + + //propably we need less... + tmp = PG(safe_mode_include_dir); + + //support multi dirs [separated by colon - won't work under windows + + while (*tmp) { + + + if (index(tmp, ':')) { + len = index(tmp, ':') - tmp; + } + else { + len = strlen(tmp); + } + + if ( !strncasecmp(filename, tmp, len) ) { + return 1; + } + + tmp = index(tmp, ':'); + if (tmp) { + *tmp++; + } + else { + return 0; + } + + } + +}
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]