This is another version of my patch, allowing to set multiple dirs.
--
email: [[EMAIL PROTECTED]] gsm: +48 606 787423
echo Ecl.Pl Al. NMP 31 Częstochowa http://www.ecl.pl/
// "I'm willing to sacrifice anything for this cause, even other people's
// lives"
diff -ur main.orig/main.c main/main.c
--- main.orig/main.c Tue May 8 22:11:46 2001
+++ main/main.c Sun Oct 28 20:38:18 2001
@@ -221,6 +221,7 @@
PHP_INI_ENTRY("max_execution_time", "30",
PHP_INI_ALL, OnUpdateTimeout)
STD_PHP_INI_ENTRY("open_basedir", NULL,
PHP_INI_SYSTEM, OnUpdateStringUnempty, open_basedir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY("safe_mode_exec_dir", "1",
PHP_INI_SYSTEM, OnUpdateString, safe_mode_exec_dir,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY("safe_mode_include_dir", "1",
+PHP_INI_SYSTEM, OnUpdateString, safe_mode_include_dir,
+ php_core_globals, core_globals)
STD_PHP_INI_ENTRY("upload_max_filesize", "2M", PHP_INI_ALL,
OnUpdateInt, upload_max_filesize, php_core_globals,
core_globals)
STD_PHP_INI_ENTRY("file_uploads", "1",
PHP_INI_ALL, OnUpdateBool, file_uploads,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY("post_max_size", "8M",
PHP_INI_SYSTEM, OnUpdateInt, post_max_size,
sapi_globals_struct,sapi_globals)
diff -ur main.orig/php_globals.h main/php_globals.h
--- main.orig/php_globals.h Wed Apr 4 22:46:26 2001
+++ main/php_globals.h Sun Oct 28 20:20:35 2001
@@ -74,6 +74,7 @@
char *output_handler;
char *safe_mode_exec_dir;
+ char *safe_mode_include_dir;
long memory_limit;
diff -ur main.orig/safe_mode.c main/safe_mode.c
--- main.orig/safe_mode.c Mon Apr 30 14:43:40 2001
+++ main/safe_mode.c Mon Oct 29 23:03:41 2001
@@ -65,10 +65,20 @@
* If given filepath is a URL, allow - safe mode stuff
* related to URL's is checked in individual functions
*/
- if (!strncasecmp(filename,"http://",7) || !strncasecmp(filename,"ftp://",6)) {
+ if (safe_mode_include_check(filename)) {
return 1;
}
+ /*
+ * Added by [EMAIL PROTECTED] - check if the file is in special
+ * directory where all system includes go [like autoprepend directives]
+ */
+
+ if ( !strncasecmp(filename, PG(safe_mode_include_dir),
+ strlen( PG(safe_mode_include_dir) )) ) {
+ return 1;
+ }
+
if (mode != CHECKUID_ALLOW_ONLY_DIR) {
ret = VCWD_STAT(filename, &sb);
if (ret < 0) {
@@ -163,3 +173,44 @@
return SG(request_info).current_user;
}
+
+/*
+* Added by [EMAIL PROTECTED] - check if the file is in special
+* directory where all system includes go [like autoprepend directives]
+*/
+
+int safe_mode_include_check(const char *filename)
+{
+ char *tmp;
+ int len;
+
+ //propably we need less...
+ tmp = PG(safe_mode_include_dir);
+
+ //support multi dirs [separated by colon - won't work under windows
+
+ while (*tmp) {
+
+
+ if (index(tmp, ':')) {
+ len = index(tmp, ':') - tmp;
+ }
+ else {
+ len = strlen(tmp);
+ }
+
+ if ( !strncasecmp(filename, tmp, len) ) {
+ return 1;
+ }
+
+ tmp = index(tmp, ':');
+ if (tmp) {
+ *tmp++;
+ }
+ else {
+ return 0;
+ }
+
+ }
+
+}
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
