[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS php.ini-dist /main main.c php_globals.h /main/streams streams.c

Fri, 16 Jun 2006 07:10:26 -0700 

rasmus          Fri Jun 16 14:09:01 2006 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src    NEWS php.ini-dist 
    /php-src/main       main.c php_globals.h 
    /php-src/main/streams       streams.c 
  Log:
  MFH: Backported allow_url_include from HEAD.  This directive allows 
  separate control of URL handling in includes/requires allowing sites to
  enable allow_url_fopen without enabling remote includes.
  
  
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.2027.2.547.2.87&r2=1.2027.2.547.2.88&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.87 php-src/NEWS:1.2027.2.547.2.88
--- php-src/NEWS:1.2027.2.547.2.87      Fri Jun 16 05:57:18 2006
+++ php-src/NEWS        Fri Jun 16 14:09:00 2006
@@ -43,6 +43,7 @@
   . Added readInnerXML(), readOuterXML(), readString(), setSchema(). (2.6.20+)
   . Changed to passing libxml options when loading reader.
 
+- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus)
 - Added automatic module globals management. (Dmitry)
 - Added RFC2397 (data: stream) support. (Marcus)
 - Added new error mode E_RECOVERABLE_ERROR. (Derick, Marcus, Tony)
http://cvs.php.net/viewcvs.cgi/php-src/php.ini-dist?r1=1.231.2.10.2.2&r2=1.231.2.10.2.3&diff_format=u
Index: php-src/php.ini-dist
diff -u php-src/php.ini-dist:1.231.2.10.2.2 php-src/php.ini-dist:1.231.2.10.2.3
--- php-src/php.ini-dist:1.231.2.10.2.2 Mon Jun  5 16:25:25 2006
+++ php-src/php.ini-dist        Fri Jun 16 14:09:00 2006
@@ -531,6 +531,9 @@
 ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
 allow_url_fopen = On
 
+; Whether to allow include/require to open URLs (like http:// or ftp://) as 
files.
+allow_url_include = Off
+
 ; Define the anonymous ftp password (your email address)
 ;from="[EMAIL PROTECTED]"
 
http://cvs.php.net/viewcvs.cgi/php-src/main/main.c?r1=1.640.2.23.2.8&r2=1.640.2.23.2.9&diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.640.2.23.2.8 php-src/main/main.c:1.640.2.23.2.9
--- php-src/main/main.c:1.640.2.23.2.8  Wed May 31 21:48:43 2006
+++ php-src/main/main.c Fri Jun 16 14:09:00 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: main.c,v 1.640.2.23.2.8 2006/05/31 21:48:43 andrei Exp $ */
+/* $Id: main.c,v 1.640.2.23.2.9 2006/06/16 14:09:00 rasmus Exp $ */
 
 /* {{{ includes
  */
@@ -322,6 +322,7 @@
        PHP_INI_ENTRY("disable_classes",                        "",             
        PHP_INI_SYSTEM,         NULL)
 
        STD_PHP_INI_BOOLEAN("allow_url_fopen",          "1",            
PHP_INI_SYSTEM,         OnUpdateBool,                   allow_url_fopen,        
                php_core_globals,       core_globals)
+       STD_PHP_INI_BOOLEAN("allow_url_include",                "0",            
PHP_INI_SYSTEM,         OnUpdateBool,                   allow_url_include,      
                php_core_globals,       core_globals)
        STD_PHP_INI_BOOLEAN("always_populate_raw_post_data",            "0",    
        PHP_INI_SYSTEM|PHP_INI_PERDIR,          OnUpdateBool,                   
always_populate_raw_post_data,                  php_core_globals,       
core_globals)
        STD_PHP_INI_ENTRY("realpath_cache_size", "16K", PHP_INI_SYSTEM, 
OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals)
        STD_PHP_INI_ENTRY("realpath_cache_ttl", "120", PHP_INI_SYSTEM, 
OnUpdateLong, realpath_cache_ttl, virtual_cwd_globals, cwd_globals)
http://cvs.php.net/viewcvs.cgi/php-src/main/php_globals.h?r1=1.98.2.1&r2=1.98.2.1.2.1&diff_format=u
Index: php-src/main/php_globals.h
diff -u php-src/main/php_globals.h:1.98.2.1 
php-src/main/php_globals.h:1.98.2.1.2.1
--- php-src/main/php_globals.h:1.98.2.1 Sun Jan  1 12:50:17 2006
+++ php-src/main/php_globals.h  Fri Jun 16 14:09:01 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: php_globals.h,v 1.98.2.1 2006/01/01 12:50:17 sniper Exp $ */
+/* $Id: php_globals.h,v 1.98.2.1.2.1 2006/06/16 14:09:01 rasmus Exp $ */
 
 #ifndef PHP_GLOBALS_H
 #define PHP_GLOBALS_H
@@ -150,6 +150,7 @@
 
        char *disable_functions;
        char *disable_classes;
+       zend_bool allow_url_include;
 };
 
 
http://cvs.php.net/viewcvs.cgi/php-src/main/streams/streams.c?r1=1.82.2.6.2.1&r2=1.82.2.6.2.2&diff_format=u
Index: php-src/main/streams/streams.c
diff -u php-src/main/streams/streams.c:1.82.2.6.2.1 
php-src/main/streams/streams.c:1.82.2.6.2.2
--- php-src/main/streams/streams.c:1.82.2.6.2.1 Sun May 14 18:40:12 2006
+++ php-src/main/streams/streams.c      Fri Jun 16 14:09:01 2006
@@ -19,7 +19,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: streams.c,v 1.82.2.6.2.1 2006/05/14 18:40:12 helly Exp $ */
+/* $Id: streams.c,v 1.82.2.6.2.2 2006/06/16 14:09:01 rasmus Exp $ */
 
 #define _GNU_SOURCE
 #include "php.h"
@@ -1605,7 +1605,7 @@
                return &php_plain_files_wrapper;
        }
 
-       if (wrapperpp && (*wrapperpp)->is_url && !PG(allow_url_fopen)) {
+       if ((wrapperpp && (*wrapperpp)->is_url) && (!PG(allow_url_fopen) || 
((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include))) ) {
                if (options & REPORT_ERRORS) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL 
file-access is disabled in the server configuration");
                }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to