pollita Tue Oct 17 21:54:17 2006 UTC Modified files: /php-src/main main.c fopen_wrappers.c fopen_wrappers.h /php-src NEWS Log: Extend open_basedir functionality to allow runtime tightening http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.704&r2=1.705&diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.704 php-src/main/main.c:1.705 --- php-src/main/main.c:1.704 Tue Oct 3 16:28:02 2006 +++ php-src/main/main.c Tue Oct 17 21:54:16 2006 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: main.c,v 1.704 2006/10/03 16:28:02 pollita Exp $ */ +/* $Id: main.c,v 1.705 2006/10/17 21:54:16 pollita Exp $ */ /* {{{ includes */ @@ -339,6 +339,7 @@ #else # define DEFAULT_SENDMAIL_PATH NULL #endif + /* {{{ PHP_INI */ PHP_INI_BEGIN() @@ -392,7 +393,7 @@ STD_PHP_INI_ENTRY("extension_dir", PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY("include_path", PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty, include_path, php_core_globals, core_globals) PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout) - STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_SYSTEM, OnUpdateString, open_basedir, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir, open_basedir, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("file_uploads", "1", PHP_INI_SYSTEM, OnUpdateBool, file_uploads, php_core_globals, core_globals) STD_PHP_INI_ENTRY("upload_max_filesize", "2M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, upload_max_filesize, php_core_globals, core_globals) http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.183&r2=1.184&diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.183 php-src/main/fopen_wrappers.c:1.184 --- php-src/main/fopen_wrappers.c:1.183 Sat Jul 1 11:50:52 2006 +++ php-src/main/fopen_wrappers.c Tue Oct 17 21:54:16 2006 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fopen_wrappers.c,v 1.183 2006/07/01 11:50:52 nlopess Exp $ */ +/* $Id: fopen_wrappers.c,v 1.184 2006/10/17 21:54:16 pollita Exp $ */ /* {{{ includes */ @@ -82,6 +82,64 @@ #endif /* }}} */ +/* {{{ OnUpdateBaseDir +Allows any change to open_basedir setting in during Startup and Shutdown events, +or a tightening during activation/runtime/deactivation */ +PHPAPI ZEND_INI_MH(OnUpdateBaseDir) +{ + char **p, *pathbuf, *ptr, *end; +#ifndef ZTS + char *base = (char *) mh_arg2; +#else + char *base = (char *) ts_resource(*((int *) mh_arg2)); +#endif + + p = (char **) (base+(size_t) mh_arg1); + + if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN) { + /* We're in a PHP_INI_SYSTEM context, no restrictions */ + *p = new_value; + return SUCCESS; + } + + + /* Elsewise, we're in runtime */ + if (!*p || !**p) { + /* open_basedir not set yet, go ahead and give it a value */ + *p = new_value; + return SUCCESS; + } + + /* Shortcut: When we have a open_basedir and someone tries to unset, we know it'll fail */ + if (!new_value || !*new_value) { + return FAILURE; + } + + /* Is the proposed open_basedir at least as restrictive as the current setting? */ + ptr = pathbuf = estrdup(new_value); + while (ptr && *ptr) { + end = strchr(ptr, DEFAULT_DIR_SEPARATOR); + if (end != NULL) { + *end = '\0'; + end++; + } + if (php_check_open_basedir_ex(ptr, 0 TSRMLS_CC) != 0) { + /* At least one portion of this open_basedir is less restrictive than the prior one, FAIL */ + efree(pathbuf); + return FAILURE; + } + ptr = end; + } + efree(pathbuf); + + /* Everything checks out, set it */ + *p = new_value; + + return SUCCESS; +} +/* }}} */ + + /* {{{ php_check_specific_open_basedir When open_basedir is not NULL, check if the given filename is located in open_basedir. Returns -1 if error or not in the open_basedir, else 0 http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.h?r1=1.47&r2=1.48&diff_format=u Index: php-src/main/fopen_wrappers.h diff -u php-src/main/fopen_wrappers.h:1.47 php-src/main/fopen_wrappers.h:1.48 --- php-src/main/fopen_wrappers.h:1.47 Sat Jul 1 11:50:52 2006 +++ php-src/main/fopen_wrappers.h Tue Oct 17 21:54:16 2006 @@ -16,13 +16,14 @@ +----------------------------------------------------------------------+ */ -/* $Id: fopen_wrappers.h,v 1.47 2006/07/01 11:50:52 nlopess Exp $ */ +/* $Id: fopen_wrappers.h,v 1.48 2006/10/17 21:54:16 pollita Exp $ */ #ifndef FOPEN_WRAPPERS_H #define FOPEN_WRAPPERS_H BEGIN_EXTERN_C() #include "php_globals.h" +#include "php_ini.h" PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC); PHPAPI char *expand_filepath(const char *filepath, char *real_path TSRMLS_DC); @@ -35,6 +36,8 @@ PHPAPI int php_is_url(char *path); PHPAPI char *php_strip_url_passwd(char *path); + +PHPAPI ZEND_INI_MH(OnUpdateBaseDir); END_EXTERN_C() #endif http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2128&r2=1.2129&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2128 php-src/NEWS:1.2129 --- php-src/NEWS:1.2128 Mon Oct 9 02:48:06 2006 +++ php-src/NEWS Tue Oct 17 21:54:17 2006 @@ -10,6 +10,7 @@ functions to not call __autoload(). (Dmitry) - Changed opendir/dir/scandir to use default context when no context argument is passed. (Sara) +- Changed open_basedir to allow tightening in runtime contexts. (Sara) - Removed old legacy: . "register_globals" support. (Pierre)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php