pollita Tue Oct 17 21:54:17 2006 UTC
Modified files:
/php-src/main main.c fopen_wrappers.c fopen_wrappers.h
/php-src NEWS
Log:
Extend open_basedir functionality to allow runtime tightening
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.704&r2=1.705&diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.704 php-src/main/main.c:1.705
--- php-src/main/main.c:1.704 Tue Oct 3 16:28:02 2006
+++ php-src/main/main.c Tue Oct 17 21:54:16 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: main.c,v 1.704 2006/10/03 16:28:02 pollita Exp $ */
+/* $Id: main.c,v 1.705 2006/10/17 21:54:16 pollita Exp $ */
/* {{{ includes
*/
@@ -339,6 +339,7 @@
#else
# define DEFAULT_SENDMAIL_PATH NULL
#endif
+
/* {{{ PHP_INI
*/
PHP_INI_BEGIN()
@@ -392,7 +393,7 @@
STD_PHP_INI_ENTRY("extension_dir",
PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty,
extension_dir, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("include_path",
PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty,
include_path, php_core_globals, core_globals)
PHP_INI_ENTRY("max_execution_time", "30",
PHP_INI_ALL, OnUpdateTimeout)
- STD_PHP_INI_ENTRY("open_basedir", NULL,
PHP_INI_SYSTEM, OnUpdateString, open_basedir,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY("open_basedir", NULL,
PHP_INI_ALL, OnUpdateBaseDir, open_basedir,
php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("file_uploads", "1",
PHP_INI_SYSTEM, OnUpdateBool, file_uploads,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY("upload_max_filesize", "2M",
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong,
upload_max_filesize, php_core_globals, core_globals)
http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.183&r2=1.184&diff_format=u
Index: php-src/main/fopen_wrappers.c
diff -u php-src/main/fopen_wrappers.c:1.183 php-src/main/fopen_wrappers.c:1.184
--- php-src/main/fopen_wrappers.c:1.183 Sat Jul 1 11:50:52 2006
+++ php-src/main/fopen_wrappers.c Tue Oct 17 21:54:16 2006
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: fopen_wrappers.c,v 1.183 2006/07/01 11:50:52 nlopess Exp $ */
+/* $Id: fopen_wrappers.c,v 1.184 2006/10/17 21:54:16 pollita Exp $ */
/* {{{ includes
*/
@@ -82,6 +82,64 @@
#endif
/* }}} */
+/* {{{ OnUpdateBaseDir
+Allows any change to open_basedir setting in during Startup and Shutdown
events,
+or a tightening during activation/runtime/deactivation */
+PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
+{
+ char **p, *pathbuf, *ptr, *end;
+#ifndef ZTS
+ char *base = (char *) mh_arg2;
+#else
+ char *base = (char *) ts_resource(*((int *) mh_arg2));
+#endif
+
+ p = (char **) (base+(size_t) mh_arg1);
+
+ if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN) {
+ /* We're in a PHP_INI_SYSTEM context, no restrictions */
+ *p = new_value;
+ return SUCCESS;
+ }
+
+
+ /* Elsewise, we're in runtime */
+ if (!*p || !**p) {
+ /* open_basedir not set yet, go ahead and give it a value */
+ *p = new_value;
+ return SUCCESS;
+ }
+
+ /* Shortcut: When we have a open_basedir and someone tries to unset, we
know it'll fail */
+ if (!new_value || !*new_value) {
+ return FAILURE;
+ }
+
+ /* Is the proposed open_basedir at least as restrictive as the current
setting? */
+ ptr = pathbuf = estrdup(new_value);
+ while (ptr && *ptr) {
+ end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+ if (end != NULL) {
+ *end = '\0';
+ end++;
+ }
+ if (php_check_open_basedir_ex(ptr, 0 TSRMLS_CC) != 0) {
+ /* At least one portion of this open_basedir is less
restrictive than the prior one, FAIL */
+ efree(pathbuf);
+ return FAILURE;
+ }
+ ptr = end;
+ }
+ efree(pathbuf);
+
+ /* Everything checks out, set it */
+ *p = new_value;
+
+ return SUCCESS;
+}
+/* }}} */
+
+
/* {{{ php_check_specific_open_basedir
When open_basedir is not NULL, check if the given filename is located in
open_basedir. Returns -1 if error or not in the open_basedir, else 0
http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.h?r1=1.47&r2=1.48&diff_format=u
Index: php-src/main/fopen_wrappers.h
diff -u php-src/main/fopen_wrappers.h:1.47 php-src/main/fopen_wrappers.h:1.48
--- php-src/main/fopen_wrappers.h:1.47 Sat Jul 1 11:50:52 2006
+++ php-src/main/fopen_wrappers.h Tue Oct 17 21:54:16 2006
@@ -16,13 +16,14 @@
+----------------------------------------------------------------------+
*/
-/* $Id: fopen_wrappers.h,v 1.47 2006/07/01 11:50:52 nlopess Exp $ */
+/* $Id: fopen_wrappers.h,v 1.48 2006/10/17 21:54:16 pollita Exp $ */
#ifndef FOPEN_WRAPPERS_H
#define FOPEN_WRAPPERS_H
BEGIN_EXTERN_C()
#include "php_globals.h"
+#include "php_ini.h"
PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC);
PHPAPI char *expand_filepath(const char *filepath, char *real_path TSRMLS_DC);
@@ -35,6 +36,8 @@
PHPAPI int php_is_url(char *path);
PHPAPI char *php_strip_url_passwd(char *path);
+
+PHPAPI ZEND_INI_MH(OnUpdateBaseDir);
END_EXTERN_C()
#endif
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2128&r2=1.2129&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2128 php-src/NEWS:1.2129
--- php-src/NEWS:1.2128 Mon Oct 9 02:48:06 2006
+++ php-src/NEWS Tue Oct 17 21:54:17 2006
@@ -10,6 +10,7 @@
functions to not call __autoload(). (Dmitry)
- Changed opendir/dir/scandir to use default context
when no context argument is passed. (Sara)
+- Changed open_basedir to allow tightening in runtime contexts. (Sara)
- Removed old legacy:
. "register_globals" support. (Pierre)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
