archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 06:58:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

MF5: fix for access control with .htaccess

Browse source
This commit is contained in:
Stanislav Malyshev 2007-08-03 01:40:05 +00:00
parent c54e9706fd
commit d4cc7daba2
7 changed files with 29 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Zend/zend_ini.h
View file

@ -190,6 +190,7 @@ END_EXTERN_C()
#define ZEND_INI_STAGE_ACTIVATE (1<<2) #define ZEND_INI_STAGE_ACTIVATE (1<<2)
#define ZEND_INI_STAGE_DEACTIVATE (1<<3) #define ZEND_INI_STAGE_DEACTIVATE (1<<3)
#define ZEND_INI_STAGE_RUNTIME (1<<4) #define ZEND_INI_STAGE_RUNTIME (1<<4)
#define ZEND_INI_STAGE_HTACCESS (1<<5)
/* INI parsing engine */ /* INI parsing engine */
typedef void (*zend_ini_parser_cb_t)(zval *arg1, zval *arg2, int callback_type, void *arg); typedef void (*zend_ini_parser_cb_t)(zval *arg1, zval *arg2, int callback_type, void *arg);

4
ext/session/mod_files.c
View file

@ -313,10 +313,6 @@ PS_OPEN_FUNC(files)
} }
save_path = argv[argc - 1]; save_path = argv[argc - 1];
if (PG(open_basedir) && php_check_open_basedir(save_path TSRMLS_CC)) {
return FAILURE;
}
data = ecalloc(1, sizeof(*data)); data = ecalloc(1, sizeof(*data));
data->fd = -1; data->fd = -1;

2
ext/session/session.c
View file

@ -542,7 +542,7 @@ static PHP_INI_MH(OnUpdateSerializer)
static PHP_INI_MH(OnUpdateSaveDir) static PHP_INI_MH(OnUpdateSaveDir)
{ {
/* Only do the safemode/open_basedir check at runtime */ /* Only do the safemode/open_basedir check at runtime */
if (stage == PHP_INI_STAGE_RUNTIME) { if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
char *p; char *p;
if (memchr(new_value, '\0', new_value_length) != NULL) { if (memchr(new_value, '\0', new_value_length) != NULL) {

20
main/main.c
View file

@ -416,6 +416,24 @@ static PHP_INI_DISP(display_errors_mode)
} }
/* }}} */ /* }}} */
/* {{{ PHP_INI_MH
*/
static PHP_INI_MH(OnUpdateErrorLog)
{
/* Only do the safemode/open_basedir check at runtime */
if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) &&
strcmp(new_value, "syslog")) {
if (PG(open_basedir) && php_check_open_basedir(new_value TSRMLS_CC)) {
return FAILURE;
}
}
OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
return SUCCESS;
}
/* }}} */
/* /*
* Need to be read from the environment (?): * Need to be read from the environment (?):
* PHP_AUTO_PREPEND_FILE * PHP_AUTO_PREPEND_FILE
@ -481,7 +499,7 @@ PHP_INI_BEGIN()
STD_PHP_INI_ENTRY("default_charset", SAPI_DEFAULT_CHARSET, PHP_INI_ALL, OnUpdateDefaultCharset, default_charset, sapi_globals_struct,sapi_globals) STD_PHP_INI_ENTRY("default_charset", SAPI_DEFAULT_CHARSET, PHP_INI_ALL, OnUpdateDefaultCharset, default_charset, sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY("default_mimetype", SAPI_DEFAULT_MIMETYPE, PHP_INI_ALL, OnUpdateDefaultMimetype, default_mimetype, sapi_globals_struct,sapi_globals) STD_PHP_INI_ENTRY("default_mimetype", SAPI_DEFAULT_MIMETYPE, PHP_INI_ALL, OnUpdateDefaultMimetype, default_mimetype, sapi_globals_struct,sapi_globals)
ZEND_INI_ENTRY("unicode.output_encoding", NULL, ZEND_INI_ALL, OnUpdateOutputEncoding) ZEND_INI_ENTRY("unicode.output_encoding", NULL, ZEND_INI_ALL, OnUpdateOutputEncoding)
STD_PHP_INI_ENTRY("error_log", NULL, PHP_INI_ALL, OnUpdateString, error_log, php_core_globals, core_globals) STD_PHP_INI_ENTRY("error_log", NULL, PHP_INI_ALL, OnUpdateErrorLog, error_log, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("extension_dir", PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY("extension_dir", PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("include_path", PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty, include_path, php_core_globals, core_globals) STD_PHP_INI_ENTRY("include_path", PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty, include_path, php_core_globals, core_globals)
PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout) PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout)

1
main/php_ini.h
View file

@ -65,6 +65,7 @@ END_EXTERN_C()
#define PHP_INI_STAGE_ACTIVATE ZEND_INI_STAGE_ACTIVATE #define PHP_INI_STAGE_ACTIVATE ZEND_INI_STAGE_ACTIVATE
#define PHP_INI_STAGE_DEACTIVATE ZEND_INI_STAGE_DEACTIVATE #define PHP_INI_STAGE_DEACTIVATE ZEND_INI_STAGE_DEACTIVATE
#define PHP_INI_STAGE_RUNTIME ZEND_INI_STAGE_RUNTIME #define PHP_INI_STAGE_RUNTIME ZEND_INI_STAGE_RUNTIME
#define PHP_INI_STAGE_HTACCESS ZEND_INI_STAGE_HTACCESS
#define php_ini_boolean_displayer_cb zend_ini_boolean_displayer_cb #define php_ini_boolean_displayer_cb zend_ini_boolean_displayer_cb
#define php_ini_color_displayer_cb zend_ini_color_displayer_cb #define php_ini_color_displayer_cb zend_ini_color_displayer_cb

4
sapi/apache/mod_php.c
View file

@ -76,6 +76,7 @@ typedef struct _php_per_dir_entry {
uint key_length; uint key_length;
uint value_length; uint value_length;
int type; int type;
char htaccess;
} php_per_dir_entry; } php_per_dir_entry;
/* some systems are missing these from their header files */ /* some systems are missing these from their header files */
@ -540,7 +541,7 @@ static void init_request_info(TSRMLS_D)
*/ */
static int php_apache_alter_ini_entries(php_per_dir_entry *per_dir_entry TSRMLS_DC) static int php_apache_alter_ini_entries(php_per_dir_entry *per_dir_entry TSRMLS_DC)
{ {
zend_alter_ini_entry(per_dir_entry->key, per_dir_entry->key_length+1, per_dir_entry->value, per_dir_entry->value_length, per_dir_entry->type, PHP_INI_STAGE_ACTIVATE); zend_alter_ini_entry(per_dir_entry->key, per_dir_entry->key_length+1, per_dir_entry->value, per_dir_entry->value_length, per_dir_entry->type, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE);
return 0; return 0;
} }
/* }}} */ /* }}} */
@ -776,6 +777,7 @@ static CONST_PREFIX char *php_apache_value_handler_ex(cmd_parms *cmd, HashTable
php_apache_startup(&apache_sapi_module); php_apache_startup(&apache_sapi_module);
} }
per_dir_entry.type = mode; per_dir_entry.type = mode;
per_dir_entry.htaccess = ((cmd->override & (RSRC_CONF|ACCESS_CONF)) == 0);
if (strcasecmp(arg2, "none") == 0) { if (strcasecmp(arg2, "none") == 0) {
arg2 = ""; arg2 = "";

6
sapi/apache2handler/apache_config.c
View file

@ -51,6 +51,7 @@ typedef struct {
char *value; char *value;
size_t value_len; size_t value_len;
char status; char status;
char htaccess;
} php_dir_entry; } php_dir_entry;
static const char *real_value_hnd(cmd_parms *cmd, void *dummy, const char *name, const char *value, int status) static const char *real_value_hnd(cmd_parms *cmd, void *dummy, const char *name, const char *value, int status)
@ -67,7 +68,8 @@ static const char *real_value_hnd(cmd_parms *cmd, void *dummy, const char *name,
e.value = apr_pstrdup(cmd->pool, value); e.value = apr_pstrdup(cmd->pool, value);
e.value_len = strlen(value); e.value_len = strlen(value);
e.status = status; e.status = status;
e.htaccess = ((cmd->override & (RSRC_CONF|ACCESS_CONF)) == 0);
zend_hash_update(&d->config, (char *) name, strlen(name) + 1, &e, sizeof(e), NULL); zend_hash_update(&d->config, (char *) name, strlen(name) + 1, &e, sizeof(e), NULL);
return NULL; return NULL;
} }
@ -170,7 +172,7 @@ void apply_config(void *dummy)
zend_hash_move_forward(&d->config)) { zend_hash_move_forward(&d->config)) {
zend_hash_get_current_data(&d->config, (void **) &data); zend_hash_get_current_data(&d->config, (void **) &data);
phpapdebug((stderr, "APPLYING (%s)(%s)\n", str.s, data->value)); phpapdebug((stderr, "APPLYING (%s)(%s)\n", str.s, data->value));
if (zend_alter_ini_entry(str.s, str_len, data->value, data->value_len, data->status, PHP_INI_STAGE_ACTIVATE) == FAILURE) { if (zend_alter_ini_entry(str, str_len, data->value, data->value_len, data->status, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
phpapdebug((stderr, "..FAILED\n")); phpapdebug((stderr, "..FAILED\n"));
} }
} }