archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Removed safe_mode

Browse source 
* Removed ini options, safe_mode*
 * Removed --enable-safe-mode --with-exec-dir configure options on Unix
 * Updated extensions, SAPI's and core
 * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
This commit is contained in:
Kalle Sommer Nielsen 2010-04-26 23:53:30 +00:00
parent 3c78ad763e
commit dd8e59da8f
123 changed files with 418 additions and 1461 deletions
Download patch file Download diff file Expand all files Collapse all files

8
INSTALL
View file

@ -1584,15 +1584,11 @@ Running PHP as an Apache module
Example 6-2. Apache configuration example
<IfModule mod_php5.c>
php_value include_path ".:/usr/local/lib/php"
php_admin_flag safe_mode on
php_admin_flag engine on
</IfModule>
<IfModule mod_php4.c>
php_value include_path ".:/usr/local/lib/php"
php_admin_flag safe_mode on
</IfModule>
<IfModule mod_php3.c>
php3_include_path ".:/usr/local/lib/php"
php3_safe_mode on
php_admin_flag engine on
</IfModule>
Caution

4
Makefile.gcov
View file

@ -13,13 +13,13 @@ lcov-test: all
TEST_PHP_EXECUTABLE=$(PHP_EXECUTABLE) \
TEST_PHP_SRCDIR=$(top_srcdir) \
CC="$(CC)" \
$(PHP_EXECUTABLE) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \
$(PHP_EXECUTABLE) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \
elif test ! -z "$(SAPI_CLI_PATH)" && test -x "$(SAPI_CLI_PATH)"; then \
NO_INTERACTION=1 \
TEST_PHP_EXECUTABLE=$(top_builddir)/$(SAPI_CLI_PATH) \
TEST_PHP_SRCDIR=$(top_srcdir) \
CC="$(CC)" \
$(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \
$(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \
else \
echo "ERROR: Cannot run tests without CLI sapi."; \
fi

2
Makefile.global
View file

@ -79,7 +79,7 @@ PHP_TEST_SHARED_EXTENSIONS = ` \
. $$i; $(top_srcdir)/build/shtool echo -n -- " -d $(ZEND_EXT_TYPE)=$(top_builddir)/modules/$$dlname"; \
done; \
fi`
PHP_DEPRECATED_DIRECTIVES_REGEX = '^(safe_mode|magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*='
PHP_DEPRECATED_DIRECTIVES_REGEX = '^(magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*='
test: all
-@if test ! -z "$(PHP_EXECUTABLE)" && test -x "$(PHP_EXECUTABLE)"; then \

3
NEWS
View file

@ -35,12 +35,13 @@
is present at compile time. (Rasmus)
- Removed legacy features:
. allow_call_time_pass_reference. (Pierrick)
. define_syslog_variables ini option and its associated function. (Kalle)
. highlight.bg ini option. (Kalle)
. import_request_variables(). (Kalle)
. register_globals. (Kalle)
. allow_call_time_pass_reference. (Pierrick)
. register_long_arrays ini option. (Kalle)
. Safe mode. (Kalle)
. Session bug compatibility mode (session.bug_compat42 and
session.bug_compat_warn ini options). (Kalle)
. session_is_registered(), session_register() and session_unregister()

24
configure.in
View file

@ -820,28 +820,6 @@ AC_MSG_RESULT([$PHP_CONFIG_FILE_SCAN_DIR])
test -n "$DEBUG_CFLAGS" && CFLAGS="$CFLAGS $DEBUG_CFLAGS"
PHP_ARG_ENABLE(safe-mode, whether to enable safe mode by default,
[ --enable-safe-mode Enable safe mode by default], no, no)
if test "$PHP_SAFE_MODE" = "yes"; then
AC_DEFINE(PHP_SAFE_MODE,1,[ ])
else
AC_DEFINE(PHP_SAFE_MODE,0,[ ])
fi
AC_MSG_CHECKING([for safe mode exec dir])
PHP_ARG_WITH(exec-dir,,
[ --with-exec-dir[=DIR] Only allow executables in DIR under safe-mode
[/usr/local/php/bin]], no, no)
if test "$PHP_EXEC_DIR" != "no" && test "$PHP_EXEC_DIR" != "yes" ; then
AC_DEFINE_UNQUOTED(PHP_SAFE_MODE_EXEC_DIR, "$PHP_EXEC_DIR", [ ])
AC_MSG_RESULT([$PHP_EXEC_DIR])
else
AC_DEFINE(PHP_SAFE_MODE_EXEC_DIR, "/usr/local/php/bin", [ ])
AC_MSG_RESULT([/usr/local/php/bin])
fi
PHP_ARG_ENABLE(sigchild, whether to enable PHP's own SIGCHLD handler,
[ --enable-sigchild Enable PHP's own SIGCHLD handler], no, no)
@ -1410,7 +1388,7 @@ PHP_INSTALL_HEADERS([Zend/ TSRM/ include/ main/ main/streams/])
PHP_ADD_SOURCES(TSRM, TSRM.c tsrm_strtok_r.c tsrm_virtual_cwd.c)
PHP_ADD_SOURCES(main, main.c snprintf.c spprintf.c php_sprintf.c \
safe_mode.c fopen_wrappers.c alloca.c php_scandir.c \
fopen_wrappers.c alloca.c php_scandir.c \
php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
network.c php_open_temporary_file.c php_logos.c \

6
ext/bz2/bz2.c
View file

@ -219,7 +219,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
path_copy = path;
#endif
if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) {
if (php_check_open_basedir(path_copy TSRMLS_CC)) {
return NULL;
}
@ -233,7 +233,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
if (bz_file == NULL) {
/* that didn't work, so try and get something from the network/wrapper */
stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
if (stream) {
int fd;
@ -386,7 +386,7 @@ static PHP_FUNCTION(bzopen)
stream = php_stream_bz2open(NULL,
Z_STRVAL_PP(file),
mode,
ENFORCE_SAFE_MODE | REPORT_ERRORS,
REPORT_ERRORS,
NULL);
} else if (Z_TYPE_PP(file) == IS_RESOURCE) {
/* If it is a resource, than its a stream resource */

6
ext/com_dotnet/com_persist.c
View file

@ -386,8 +386,7 @@ CPH_METHOD(SaveToFile)
RETURN_FALSE;
}
if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
php_check_open_basedir(fullpath TSRMLS_CC)) {
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
RETURN_FALSE;
}
@ -449,8 +448,7 @@ CPH_METHOD(LoadFromFile)
RETURN_FALSE;
}
if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
php_check_open_basedir(fullpath TSRMLS_CC)) {
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
RETURN_FALSE;
}

26
ext/curl/interface.c
View file

@ -10,7 +10,7 @@
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
| license@php.net so we can mail you 6 copy immediately. |
+----------------------------------------------------------------------+
| Author: Sterling Hughes <sterling@php.net> |
+----------------------------------------------------------------------+
@ -169,8 +169,8 @@ static int php_curl_option_url(php_curl *ch, const char *url, const int len TSRM
#if LIBCURL_VERSION_NUM < 0x071100
char *copystr = NULL;
#endif
/* Disable file:// if open_basedir or safe_mode are used */
if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
/* Disable file:// if open_basedir are used */
if (PG(open_basedir) && *PG(open_basedir)) {
#if LIBCURL_VERSION_NUM >= 0x071304
error = curl_easy_setopt(ch->cp, CURLOPT_PROTOCOLS, CURLPROTO_ALL & ~CURLPROTO_FILE);
#else
@ -1664,8 +1664,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
convert_to_long_ex(zvalue);
#if LIBCURL_VERSION_NUM >= 0x71304
if ((option == CURLOPT_PROTOCOLS || option == CURLOPT_REDIR_PROTOCOLS) &&
((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when in safe_mode or an open_basedir is set");
(PG(open_basedir) && *PG(open_basedir)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when an open_basedir is set");
RETVAL_FALSE;
return 1;
}
@ -1674,9 +1674,9 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
break;
case CURLOPT_FOLLOWLOCATION:
convert_to_long_ex(zvalue);
if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
if (PG(open_basedir) && *PG(open_basedir)) {
if (Z_LVAL_PP(zvalue) != 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set");
php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set");
RETVAL_FALSE;
return 1;
}
@ -1728,7 +1728,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
option == CURLOPT_SSH_PUBLIC_KEYFILE || option == CURLOPT_SSH_PRIVATE_KEYFILE
) {
if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}
@ -1938,8 +1938,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
if ((filename = php_memnstr(postval, ";filename=", sizeof(";filename=") - 1, postval + Z_STRLEN_PP(current)))) {
*filename = '\0';
}
/* safe_mode / open_basedir check */
if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
/* open_basedir check */
if (php_check_open_basedir(postval TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}
@ -2028,8 +2028,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
break;
}
/* the following options deal with files, therefor safe_mode & open_basedir checks
* are required.
/* the following options deal with files, therefore the open_basedir check
* is required.
*/
case CURLOPT_COOKIEJAR:
case CURLOPT_SSLCERT:
@ -2041,7 +2041,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
convert_to_string_ex(zvalue);
if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}

4
ext/curl/streams.c
View file

@ -395,7 +395,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
}
}
if (mr > 1) {
if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
if (PG(open_basedir) && *PG(open_basedir)) {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
} else {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
@ -403,7 +403,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS, mr);
}
} else {
if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
if (PG(open_basedir) && *PG(open_basedir)) {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
} else {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);

4
ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt
View file

@ -1,5 +1,5 @@
--TEST--
CURLOPT_FOLLOWLOCATION case check safe_mode and open_basedir
CURLOPT_FOLLOWLOCATION case check open_basedir
--CREDITS--
WHITE new media architects - Dennis
--INI--
@ -17,6 +17,6 @@ curl_close($ch);
var_dump($succes);
?>
--EXPECTF--
Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when %r(safe_mode is enabled or an )?%ropen_basedir is set in %s.php on line %d
Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s.php on line %d
bool(false)

2
ext/curl/tests/curl_setopt_basic001.phpt
View file

@ -6,7 +6,7 @@ Paul Sohier
--INI--
safe_mode=On
--SKIPIF--
<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER')) print "skip"; ?>
<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER') || PHP_VERSION_ID < 503099) print "skip"; ?>
--FILE--
<?php

6
ext/dba/dba.c
View file

@ -838,7 +838,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
/* when in read only mode try to use existing .lck file first */
/* do not log errors for .lck file while in read ony mode on .lck file */
lock_file_mode = "rb";
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path);
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|persistent_flag, &opened_path);
}
if (!info->lock.fp) {
/* when not in read mode or failed to open .lck file read only. now try again in create(write) mode and log errors */
@ -853,7 +853,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
}
}
if (!info->lock.fp) {
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path);
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, &opened_path);
if (info->lock.fp) {
if (lock_dbf) {
/* replace the path info with the real path of the opened file */
@ -891,7 +891,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
if (info->lock.fp && lock_dbf) {
info->fp = info->lock.fp; /* use the same stream for locking and database access */
} else {
info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, NULL);
info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, NULL);
}
if (!info->fp) {
dba_close(info TSRMLS_CC);

1
ext/dba/libflatfile/flatfile.c
View file

@ -27,7 +27,6 @@
#include "php.h"
#include "php_globals.h"
#include "safe_mode.h"
#include <stdlib.h>
#include <string.h>

1
ext/dba/libinifile/inifile.c
View file

@ -24,7 +24,6 @@
#include "php.h"
#include "php_globals.h"
#include "safe_mode.h"
#include <stdlib.h>
#include <string.h>

4
ext/enchant/enchant.c
View file

@ -587,7 +587,11 @@ PHP_FUNCTION(enchant_broker_request_pwl_dict)
RETURN_FALSE;
}
#if PHP_API_VERSION < 20100412
if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) {
#else
if (php_check_open_basedir(pwl TSRMLS_CC)) {
#endif
RETURN_FALSE;
}

4
ext/exif/exif.c
View file

@ -3861,7 +3861,7 @@ static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_t
ImageInfo->motorola_intel = -1; /* flag as unknown */
ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL);
ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH, NULL);
if (!ImageInfo->infile) {
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Unable to open file");
return FALSE;
@ -4166,7 +4166,7 @@ PHP_FUNCTION(exif_imagetype)
return;
}
stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|REPORT_ERRORS, NULL);
if (stream == NULL) {
RETURN_FALSE;

9
ext/fileinfo/fileinfo.c
View file

@ -297,7 +297,11 @@ PHP_FUNCTION(finfo_open)
}
file = resolved_path;
#if PHP_API_VERSION < 20100412
if ((PG(safe_mode) && (!php_checkuid(file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file TSRMLS_CC)) {
#else
if (php_check_open_basedir(file TSRMLS_CC)) {
#endif
RETURN_FALSE;
}
}
@ -492,8 +496,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime
if (wrap) {
php_stream_context *context = php_stream_context_from_zval(zcontext, 0);
#if PHP_API_VERSION < 20100412
php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
#else
php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context);
#endif
if (!stream) {
RETVAL_FALSE;

18
ext/fileinfo/libmagic.patch
View file

@ -257,7 +257,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
+
+ TSRMLS_FETCH();
+
+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
+ stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@ -490,7 +490,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
goto error2;
- if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1)
+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
+ stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@ -647,7 +647,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
- if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) {
+/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */
+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
+ stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL);
@ -799,7 +799,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c
break;
case CDF_FILETIME:
tp = info[i].pi_tp;
+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
+ if (tp < 1000000000000000i64) {
+#else
if (tp < 1000000000000000LL) {
@ -822,7 +822,7 @@ diff -u libmagic.orig/cdf.h libmagic/cdf.h
typedef struct {
uint64_t h_magic;
-#define CDF_MAGIC 0xE11AB1A1E011CFD0LL
+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
+# define CDF_MAGIC 0xE11AB1A1E011CFD0i64
+#else
+# define CDF_MAGIC 0xE11AB1A1E011CFD0LL
@ -2019,7 +2019,7 @@ diff -u libmagic.orig/magic.c libmagic/magic.c
+
+ if (!stream && inname) {
+ no_in_stream = 1;
+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
+ stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL);
@ -2392,7 +2392,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c
case CDF_FILETIME:
tp = info[i].pi_tp;
if (tp != 0) {
+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
+ if (tp < 1000000000000000i64) {
+#else
if (tp < 1000000000000000LL) {
@ -2773,7 +2773,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
+
+ convert_libmagic_pattern(pattern, options);
+
+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
+ if ((pce = pcre_get_compiled_regex_cache(Z_STRVAL_P(pattern), Z_STRLEN_P(pattern) TSRMLS_CC)) == NULL) {
#else
- pmatch[0].rm_so = 0;
@ -2800,7 +2800,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
+ haystack = estrndup(ms->search.s, ms->search.s_len);
+
+ /* match v = 0, no match v = 1 */
+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
+ php_pcre_match_impl(pce, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC);
+#else
+ php_pcre_match_impl(pce, IS_STRING, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC);

6
ext/fileinfo/libmagic/apprentice.c
View file

@ -597,7 +597,7 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs,
TSRMLS_FETCH();
#if (PHP_MAJOR_VERSION < 6)
#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@ -2041,7 +2041,7 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
if (dbname == NULL)
goto error2;
#if (PHP_MAJOR_VERSION < 6)
#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@ -2165,7 +2165,7 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp,
}
/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */
#if (PHP_MAJOR_VERSION < 6)
#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL);

2
ext/fileinfo/libmagic/cdf.c
View file

@ -1131,7 +1131,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count)
break;
case CDF_FILETIME:
tp = info[i].pi_tp;
#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
#if defined(PHP_WIN32) && _MSC_VER <= 1500
if (tp < 1000000000000000i64) {
#else
if (tp < 1000000000000000LL) {

2
ext/fileinfo/libmagic/cdf.h
View file

@ -42,7 +42,7 @@ typedef int32_t cdf_secid_t;
typedef struct {
uint64_t h_magic;
#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
#if defined(PHP_WIN32) && _MSC_VER <= 1500
# define CDF_MAGIC 0xE11AB1A1E011CFD0i64
#else
# define CDF_MAGIC 0xE11AB1A1E011CFD0LL

2
ext/fileinfo/libmagic/magic.c
View file

@ -290,7 +290,7 @@ file_or_stream(struct magic_set *ms, const char *inname, php_stream *stream)
if (!stream && inname) {
no_in_stream = 1;
#if (PHP_MAJOR_VERSION < 6)
#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL);

2
ext/fileinfo/libmagic/readcdf.c
View file

@ -110,7 +110,7 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info,
case CDF_FILETIME:
tp = info[i].pi_tp;
if (tp != 0) {
#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
#if defined(PHP_WIN32) && _MSC_VER <= 1500
if (tp < 1000000000000000i64) {
#else
if (tp < 1000000000000000LL) {

18
ext/ftp/php_ftp.c
View file

@ -41,7 +41,7 @@
#include "php_ftp.h"
#include "ftp.h"
static int le_ftpbuf;
static int le_ftpbuf;
#define le_ftpbuf_name "FTP Buffer"
/* {{{ arginfo */
@ -874,9 +874,9 @@ PHP_FUNCTION(ftp_get)
#endif
if (ftp->autoseek && resumepos) {
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL);
if (outstream == NULL) {
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
}
if (outstream != NULL) {
/* if autoresume is wanted seek to end */
@ -888,7 +888,7 @@ PHP_FUNCTION(ftp_get)
}
}
} else {
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
}
if (outstream == NULL) {
@ -935,9 +935,9 @@ PHP_FUNCTION(ftp_nb_get)
mode = FTPTYPE_IMAGE;
#endif
if (ftp->autoseek && resumepos) {
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL);
if (outstream == NULL) {
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
}
if (outstream != NULL) {
/* if autoresume is wanted seek to end */
@ -949,7 +949,7 @@ PHP_FUNCTION(ftp_nb_get)
}
}
} else {
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
}
if (outstream == NULL) {
@ -1131,7 +1131,7 @@ PHP_FUNCTION(ftp_put)
ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
XTYPE(xtype, mode);
if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) {
if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) {
RETURN_FALSE;
}
@ -1184,7 +1184,7 @@ PHP_FUNCTION(ftp_nb_put)
ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
XTYPE(xtype, mode);
if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) {
if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) {
RETURN_FALSE;
}

4
ext/gd/gd.c
View file

@ -1470,7 +1470,7 @@ PHP_FUNCTION(imageloadfont)
return;
}
stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
stream = php_stream_open_wrapper(file, "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
if (stream == NULL) {
RETURN_FALSE;
}
@ -2422,7 +2422,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type,
}
}
stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
stream = php_stream_open_wrapper(file, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
if (stream == NULL) {
RETURN_FALSE;
}

10
ext/gd/php_gd.h
View file

@ -33,12 +33,10 @@
#if HAVE_LIBGD
/* open_basedir and safe_mode checks */
#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \
if (!filename || php_check_open_basedir(filename TSRMLS_CC) || \
(PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR)) \
) { \
php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \
RETURN_FALSE; \
#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \
if (!filename || php_check_open_basedir(filename TSRMLS_CC)) { \
php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \
RETURN_FALSE; \
}
#define PHP_GDIMG_TYPE_GIF 1

6
ext/hash/hash.c
View file

@ -141,7 +141,7 @@ static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_
RETURN_FALSE;
}
if (isfilename) {
stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT);
stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT);
if (!stream) {
/* Stream will report errors opening file */
RETURN_FALSE;
@ -219,7 +219,7 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename,
RETURN_FALSE;
}
if (isfilename) {
stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT);
stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT);
if (!stream) {
/* Stream will report errors opening file */
RETURN_FALSE;
@ -453,7 +453,7 @@ PHP_FUNCTION(hash_update_file)
ZEND_FETCH_RESOURCE(hash, php_hash_data*, &zhash, -1, PHP_HASH_RESNAME, php_hash_le_hash);
context = php_stream_context_from_zval(zcontext, 0);
stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, context);
stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS, NULL, context);
if (!stream) {
/* Stream will report errors opening file */
RETURN_FALSE;

2
ext/hash/hash_md.c
View file

@ -148,7 +148,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file)
return;
}
stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
}

2
ext/hash/hash_sha.c
View file

@ -132,7 +132,7 @@ PHP_FUNCTION(sha1_file)
return;
}
stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
}

14
ext/imap/php_imap.c
View file

@ -1215,10 +1215,8 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
efree(IMAPG(imap_password));
}
/* local filename, need to perform open_basedir and safe_mode checks */
if (mailbox[0] != '{' &&
(php_check_open_basedir(mailbox TSRMLS_CC) ||
(PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
/* local filename, need to perform open_basedir check */
if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) {
RETURN_FALSE;
}
@ -1292,10 +1290,8 @@ PHP_FUNCTION(imap_reopen)
mail_parameters(NIL, SET_MAXLOGINTRIALS, (void *) retries);
}
#endif
/* local filename, need to perform open_basedir and safe_mode checks */
if (mailbox[0] != '{' &&
(php_check_open_basedir(mailbox TSRMLS_CC) ||
(PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
/* local filename, need to perform open_basedir check */
if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) {
RETURN_FALSE;
}
@ -2394,7 +2390,7 @@ PHP_FUNCTION(imap_savebody)
default:
convert_to_string_ex(out);
writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS, NULL);
break;
}

4
ext/libxml/libxml.c
View file

@ -300,7 +300,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char
that the streams layer puts out at times, but for libxml we
may try to open files that don't exist, but it is not a failure
in xml processing (eg. DTD files) */
wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC);
wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, 0 TSRMLS_CC);
if (wrapper && read_only && wrapper->wops->url_stat) {
if (wrapper->wops->url_stat(wrapper, path_to_open, PHP_STREAM_URL_STAT_QUIET, &ssbuf, NULL TSRMLS_CC) == -1) {
if (isescaped) {
@ -314,7 +314,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char
context = zend_fetch_resource(&LIBXML(stream_context) TSRMLS_CC, -1, "Stream-Context", NULL, 1, php_le_stream_context());
}
ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, context);
ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, REPORT_ERRORS, NULL, context);
if (isescaped) {
xmlFree(resolved_path);
}

5
ext/mbstring/mbstring.c
View file

@ -3862,11 +3862,6 @@ PHP_FUNCTION(mb_send_mail)
extern void mbfl_memory_device_unput(mbfl_memory_device *device);
char *pp, *ee;
if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE.");
RETURN_FALSE;
}
/* initialize */
mbfl_memory_device_init(&device, 0, 0);
mbfl_string_init(&orig_str);

4
ext/mysql/php_mysql.c
View file

@ -664,7 +664,11 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
}
/* disable local infile option for open_basedir */
#if PHP_API_VERSION < 20100412
if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
#else
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') && (client_flags & CLIENT_LOCAL_FILES)) {
#endif
client_flags ^= CLIENT_LOCAL_FILES;
}

1
ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
View file

@ -26,7 +26,6 @@ if ($socket == "" && $host != NULL && $host != 'localhost' && $host != '.') {
}
?>
--INI--
safe_mode=0
open_basedir="."
--FILE--
<?php

4
ext/mysqli/mysqli_api.c
View file

@ -1674,7 +1674,11 @@ PHP_FUNCTION(mysqli_options)
}
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
#if PHP_API_VERSION < 20100412
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
#else
if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
#endif
if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
RETURN_FALSE;
}

4
ext/mysqlnd/mysqlnd_net.c
View file

@ -102,7 +102,11 @@ MYSQLND_METHOD(mysqlnd_net, network_write)(MYSQLND * const conn, const zend_ucha
static enum_func_status
MYSQLND_METHOD(mysqlnd_net, connect)(MYSQLND_NET * net, const char * const scheme, size_t scheme_len, zend_bool persistent, char **errstr, int * errcode TSRMLS_DC)
{
#if PHP_API_VERSION < 20100412
unsigned int streams_options = ENFORCE_SAFE_MODE;
#else
unsigned int streams_options = 0;
#endif
unsigned int streams_flags = STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT;
char * hashed_details = NULL;
int hashed_details_len = 0;

7
ext/oci8/oci8.c
View file

@ -1741,13 +1741,6 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled. Enable oci8.privileged_connect to be able to connect as SYSOPER or SYSDBA");
return NULL;
}
/* Disable privileged connections in Safe Mode (N.b. safe mode has been removed in PHP
* 6 anyway)
*/
if (PG(safe_mode)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled in Safe Mode");
return NULL;
}
}
}

12
ext/oci8/oci8_interface.c
View file

@ -918,16 +918,12 @@ PHP_FUNCTION(oci_lob_export)
/* nothing to write, fail silently */
RETURN_FALSE;
}
if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
}
stream = php_stream_open_wrapper_ex(filename, "w", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL);
stream = php_stream_open_wrapper_ex(filename, "w", REPORT_ERRORS, NULL, NULL);
block_length = PHP_OCI_LOB_BUFFER_SIZE;
if (block_length > length) {
@ -1871,12 +1867,6 @@ PHP_FUNCTION(oci_password_change)
int user_len, pass_old_len, pass_new_len, dbname_len;
php_oci_connection *connection;
/* Disable in Safe Mode */
if (PG(safe_mode)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "is disabled in Safe Mode");
RETURN_FALSE;
}
if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &z_connection, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) {
PHP_OCI_ZVAL_TO_CONNECTION(z_connection, connection);

2
ext/oci8/oci8_lob.c
View file

@ -724,7 +724,7 @@ int php_oci_lob_import (php_oci_descriptor *descriptor, char *filename TSRMLS_DC
char buf[8192];
ub4 offset = 1;
if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) {
if (php_check_open_basedir(filename TSRMLS_CC)) {
return 1;
}

2
ext/oci8/tests/oci8safemode.phpt
View file

@ -1,7 +1,7 @@
--TEST--
Test functionality disabled in safe mode
--SKIPIF--
<?php if (!extension_loaded('oci8')) die("skip no oci8 extension"); ?>
<?php if (!extension_loaded('oci8')){ die("skip no oci8 extension"); } if (PHP_VERSION_ID < 503099){ die("skip: safe_mode no longer available"); } ?>
--INI--
safe_mode=On
oci8.privileged_connect=On

7
ext/odbc/php_odbc.c
View file

@ -1296,13 +1296,6 @@ PHP_FUNCTION(odbc_execute)
filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2);
filename[strlen(filename)] = '\0';
/* Check for safe mode. */
if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
efree(filename);
efree(params);
RETURN_FALSE;
}
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
efree(filename);

37
ext/openssl/openssl.c
View file

@ -489,12 +489,9 @@ static void php_csr_free(zend_rsrc_list_entry *rsrc TSRMLS_DC)
}
/* }}} */
/* {{{ openssl safe_mode & open_basedir checks */
inline static int php_openssl_safe_mode_chk(char *filename TSRMLS_DC)
/* {{{ openssl open_basedir check */
inline static int php_openssl_open_base_dir_chk(char *filename TSRMLS_DC)
{
if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return -1;
}
if (php_check_open_basedir(filename TSRMLS_CC)) {
return -1;
}
@ -774,7 +771,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
/* read in the oids */
str = CONF_get_string(req->req_config, NULL, "oid_file");
if (str && !php_openssl_safe_mode_chk(str TSRMLS_CC)) {
if (str && !php_openssl_open_base_dir_chk(str TSRMLS_CC)) {
BIO *oid_bio = BIO_new_file(str, "r");
if (oid_bio) {
OBJ_create_objects(oid_bio);
@ -1163,7 +1160,7 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * r
/* read cert from the named file */
BIO *in;
if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) {
return NULL;
}
@ -1219,7 +1216,7 @@ PHP_FUNCTION(openssl_x509_export_to_file)
return;
}
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
return;
}
@ -1449,7 +1446,7 @@ static STACK_OF(X509) * load_all_certs_from_file(char *certfile)
goto end;
}
if (php_openssl_safe_mode_chk(certfile TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(certfile TSRMLS_CC)) {
sk_X509_free(stack);
goto end;
}
@ -1776,7 +1773,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "private key does not correspond to cert");
goto cleanup;
}
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
goto cleanup;
}
@ -2178,7 +2175,7 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long
filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1);
}
if (filename) {
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
return NULL;
}
in = BIO_new_file(filename, "r");
@ -2214,7 +2211,7 @@ PHP_FUNCTION(openssl_csr_export_to_file)
return;
}
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
return;
}
@ -2692,7 +2689,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char *
BIO *in;
if (filename) {
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
TMP_CLEAN;
}
in = BIO_new_file(filename, "r");
@ -2999,7 +2996,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
RETURN_FALSE;
}
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
RETURN_FALSE;
}
@ -3287,7 +3284,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
if (!store) {
goto clean_exit;
}
if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
goto clean_exit;
}
@ -3305,7 +3302,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
if (datafilename) {
if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(datafilename TSRMLS_CC)) {
goto clean_exit;
}
@ -3325,7 +3322,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
if (signersfilename) {
BIO *certout;
if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(signersfilename TSRMLS_CC)) {
goto clean_exit;
}
@ -3385,7 +3382,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
return;
if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
return;
}
@ -3544,7 +3541,7 @@ PHP_FUNCTION(openssl_pkcs7_sign)
goto clean_exit;
}
if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
goto clean_exit;
}
@ -3639,7 +3636,7 @@ PHP_FUNCTION(openssl_pkcs7_decrypt)
goto clean_exit;
}
if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
goto clean_exit;
}

2
ext/pdo/pdo_dbh.c
View file

@ -187,7 +187,7 @@ static char *dsn_from_uri(char *uri, char *buf, size_t buflen TSRMLS_DC) /* {{{
php_stream *stream;
char *dsn = NULL;
stream = php_stream_open_wrapper(uri, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
stream = php_stream_open_wrapper(uri, "rb", REPORT_ERRORS, NULL);
if (stream) {
dsn = php_stream_get_line(stream, buf, buflen, NULL);
php_stream_close(stream);

2
ext/pdo_mysql/mysql_driver.c
View file

@ -649,7 +649,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
goto cleanup;
}
#if PHP_MAJOR_VERSION < 6
#if PHP_API_VERSION < 20100412
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
#else
if (PG(open_basedir) && PG(open_basedir)[0] != '\0')

9
ext/pdo_sqlite/sqlite_driver.c
View file

@ -643,11 +643,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC)
return NULL;
}
if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
efree(fullpath);
return NULL;
}
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
return NULL;
@ -705,7 +700,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS
if (!filename) {
zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC,
"safe_mode/open_basedir prohibits opening %s",
"open_basedir prohibits opening %s",
dbh->data_source);
goto cleanup;
}
@ -718,7 +713,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS
goto cleanup;
}
if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
if (PG(open_basedir) && *PG(open_basedir)) {
sqlite3_set_authorizer(H->db, authorizer, NULL);
}

10
ext/pgsql/pgsql.c
View file

@ -2879,7 +2879,7 @@ PHP_FUNCTION(pg_trace)
ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
stream = php_stream_open_wrapper(z_filename, mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
stream = php_stream_open_wrapper(z_filename, mode, REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
@ -3338,10 +3338,6 @@ PHP_FUNCTION(pg_lo_import)
else {
WRONG_PARAM_COUNT;
}
if (PG(safe_mode) &&(!php_checkuid(file_in, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(file_in TSRMLS_CC)) {
RETURN_FALSE;
@ -3475,10 +3471,6 @@ PHP_FUNCTION(pg_lo_export)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Requires 2 or 3 arguments");
RETURN_FALSE;
}
if (PG(safe_mode) &&(!php_checkuid(file_out, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(file_out TSRMLS_CC)) {
RETURN_FALSE;

6
ext/phar/phar.c
View file

@ -1327,7 +1327,7 @@ int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int a
if (!pphar) {
pphar = &mydata;
}
#if PHP_MAJOR_VERSION < 6
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
return FAILURE;
}
@ -1491,7 +1491,7 @@ int phar_open_from_filename(char *fname, int fname_len, char *alias, int alias_l
} else if (error && *error) {
return FAILURE;
}
#if PHP_MAJOR_VERSION < 6
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
return FAILURE;
}
@ -2357,7 +2357,7 @@ int phar_open_executed_filename(char *alias, int alias_len, char **error TSRMLS_
FREE_ZVAL(halt_constant);
#if PHP_MAJOR_VERSION < 6
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
return FAILURE;
}

16
ext/phar/phar_object.c
View file

@ -1754,7 +1754,7 @@ phar_spl_fileinfo:
return ZEND_HASH_APPLY_STOP;
}
}
#if PHP_MAJOR_VERSION < 6
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "Iterator %v returned a path \"%s\" that safe mode prevents opening", ce->name, fname);
@ -3943,7 +3943,7 @@ PHP_METHOD(Phar, addFile)
return;
}
#if PHP_MAJOR_VERSION < 6
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, safe_mode restrictions prevent this", fname);
return;
@ -4187,11 +4187,11 @@ PHP_METHOD(Phar, delMetadata)
}
}
/* }}} */
#if (PHP_MAJOR_VERSION < 6)
#define OPENBASEDIR_CHECKPATH(filename) \
#if PHP_API_VERSION < 20100412
#define PHAR_OPENBASEDIR_CHECKPATH(filename) \
(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
#else
#define OPENBASEDIR_CHECKPATH(filename) \
#define PHAR_OPENBASEDIR_CHECKPATH(filename) \
php_check_open_basedir(filename TSRMLS_CC)
#endif
@ -4235,7 +4235,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
return FAILURE;
}
if (OPENBASEDIR_CHECKPATH(fullpath)) {
if (PHAR_OPENBASEDIR_CHECKPATH(fullpath)) {
spprintf(error, 4096, "Cannot extract \"%s\" to \"%s\", openbasedir/safe mode restrictions in effect", entry->filename, fullpath);
efree(fullpath);
return FAILURE;
@ -4285,7 +4285,11 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
return SUCCESS;
}
#if PHP_API_VERSION < 20100412
fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
#endif
if (!fp) {
spprintf(error, 4096, "Cannot extract \"%s\", could not open for writing \"%s\"", entry->filename, fullpath);

4
ext/phar/util.c
View file

@ -201,7 +201,7 @@ int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len,
entry.tmp = estrndup(filename, filename_len);
}
}
#if PHP_MAJOR_VERSION < 6
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && !is_phar && (!php_checkuid(entry.tmp, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
efree(entry.tmp);
efree(entry.filename);
@ -850,7 +850,7 @@ int phar_open_archive_fp(phar_archive_data *phar TSRMLS_DC) /* {{{ */
if (phar_get_pharfp(phar TSRMLS_CC)) {
return SUCCESS;
}
#if PHP_MAJOR_VERSION < 6
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(phar->fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
return FAILURE;
}

9
ext/posix/posix.c
View file

@ -840,8 +840,7 @@ PHP_FUNCTION(posix_mkfifo)
RETURN_FALSE;
}
if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
RETURN_FALSE;
}
@ -875,8 +874,7 @@ PHP_FUNCTION(posix_mknod)
RETURN_FALSE;
}
if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
RETURN_FALSE;
}
@ -961,8 +959,7 @@ PHP_FUNCTION(posix_access)
RETURN_FALSE;
}
if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
(PG(safe_mode) && (!php_checkuid_ex(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS)))) {
if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
efree(path);
POSIX_G(last_error) = EPERM;
RETURN_FALSE;

3
ext/posix/tests/posix_access.phpt
View file

@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
if (PHP_VERSION_ID < 503099) {
die('SKIP Safe mode is no longer available.');
}
?>
--INI--
safe_mode = 1

3
ext/posix/tests/posix_access_error_modes.phpt
View file

@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
if (PHP_VERSION_ID < 503099) {
die('SKIP Safe mode is no longer available.');
}
?>
--INI--
safe_mode = 1

3
ext/posix/tests/posix_access_error_wrongparams.phpt
View file

@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
if (PHP_VERSION_ID < 503099) {
die('SKIP Safe mode is no longer available.');
}
?>
--INI--
safe_mode = 1

3
ext/posix/tests/posix_access_safemode.phpt
View file

@ -11,6 +11,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
if (PHP_VERSION_ID < 503099) {
die('SKIP Safe mode is no longer available.');
}
--INI--
safe_mode = 1
--FILE--

3
ext/posix/tests/posix_mkfifo_safemode.phpt
View file

@ -17,6 +17,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
if (PHP_VERSION_ID < 503099) {
die('SKIP Safe mode is no longer available.');
}
?>
--INI--
safe_mode = 1

13
ext/pspell/pspell.c
View file

@ -402,11 +402,6 @@ static PHP_FUNCTION(pspell_new_personal)
}
#endif
if (PG(safe_mode) && (!php_checkuid(personal, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
delete_pspell_config(config);
RETURN_FALSE;
}
if (php_check_open_basedir(personal TSRMLS_CC)) {
delete_pspell_config(config);
RETURN_FALSE;
@ -836,10 +831,6 @@ static void pspell_config_path(INTERNAL_FUNCTION_PARAMETERS, char *option)
PSPELL_FETCH_CONFIG;
if (PG(safe_mode) && (!php_checkuid(value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(value TSRMLS_CC)) {
RETURN_FALSE;
}
@ -891,10 +882,6 @@ static PHP_FUNCTION(pspell_config_repl)
pspell_config_replace(config, "save-repl", "true");
if (PG(safe_mode) && (!php_checkuid(repl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(repl TSRMLS_CC)) {
RETURN_FALSE;
}

13
ext/session/mod_files.c
View file

@ -171,20 +171,14 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
if (data->fd != -1) {
#ifndef PHP_WIN32
/* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */
if (PG(safe_mode) || PG(open_basedir)) {
if (PG(open_basedir)) {
struct stat sbuf;
if (fstat(data->fd, &sbuf)) {
close(data->fd);
return;
}
if (
S_ISLNK(sbuf.st_mode) &&
(
php_check_open_basedir(buf TSRMLS_CC) ||
(PG(safe_mode) && !php_checkuid(buf, NULL, CHECKUID_CHECK_FILE_AND_DIR))
)
) {
if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
close(data->fd);
return;
}
@ -274,9 +268,6 @@ PS_OPEN_FUNC(files)
/* if save path is an empty string, determine the temporary dir */
save_path = php_get_temporary_directory();
if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return FAILURE;
}
if (php_check_open_basedir(save_path TSRMLS_CC)) {
return FAILURE;
}

4
ext/session/session.c
View file

@ -567,10 +567,6 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
p = new_value;
}
if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return FAILURE;
}
if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) {
return FAILURE;
}

2
ext/soap/php_http.c
View file

@ -118,7 +118,7 @@ static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, ph
namelen = spprintf(&name, 0, "%s://%s:%d", (use_ssl && !*use_proxy)? "ssl" : "tcp", host, port);
stream = php_stream_xport_create(name, namelen,
ENFORCE_SAFE_MODE | REPORT_ERRORS,
REPORT_ERRORS,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
NULL /*persistent_id*/,
timeout,

2
ext/soap/php_xml.c
View file

@ -179,7 +179,7 @@ int php_stream_xmlIO_match_wrapper(const char *filename)
void *php_stream_xmlIO_open_wrapper(const char *filename)
{
TSRMLS_FETCH();
return php_stream_open_wrapper((char*)filename, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
return php_stream_open_wrapper((char*)filename, "rb", REPORT_ERRORS, NULL);
}
int php_stream_xmlIO_read(void *context, char *buffer, int len)

2
ext/spl/php_spl.c
View file

@ -231,7 +231,7 @@ static int spl_autoload(const char *class_name, const char * lc_name, int class_
class_file_len = spprintf(&class_file, 0, "%s%s", lc_name, file_extension);
ret = php_stream_open_for_zend_ex(class_file, &file_handle, ENFORCE_SAFE_MODE|USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
ret = php_stream_open_for_zend_ex(class_file, &file_handle, USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
if (ret == SUCCESS) {
if (!file_handle.opened_path) {

4
ext/spl/spl_directory.c
View file

@ -221,7 +221,7 @@ static void spl_filesystem_dir_open(spl_filesystem_object* intern, char *path TS
intern->type = SPL_FS_DIR;
intern->_path_len = strlen(path);
intern->u.dir.dirp = php_stream_opendir(path, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
intern->u.dir.dirp = php_stream_opendir(path, REPORT_ERRORS, NULL);
if (intern->_path_len > 1 && IS_SLASH_AT(path, intern->_path_len-1)) {
intern->_path = estrndup(path, --intern->_path_len);
@ -245,7 +245,7 @@ static int spl_filesystem_file_open(spl_filesystem_object *intern, int use_inclu
{
intern->type = SPL_FS_FILE;
intern->u.file.context = php_stream_context_from_zval(intern->u.file.zcontext, 0);
intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, intern->u.file.context);
intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, intern->u.file.context);
if (!intern->file_name_len || !intern->u.file.stream) {
if (!EG(exception)) {

7
ext/sqlite/pdo_sqlite2.c
View file

@ -522,11 +522,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC)
return NULL;
}
if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
efree(fullpath);
return NULL;
}
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
return NULL;
@ -585,7 +580,7 @@ static int pdo_sqlite2_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRML
if (!filename) {
zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC,
"safe_mode/open_basedir prohibits opening %s",
"open_basedir prohibits opening %s",
dbh->data_source);
goto cleanup;
}

1
ext/sqlite/sess_sqlite.c
View file

@ -42,7 +42,6 @@ PS_OPEN_FUNC(sqlite)
char *errmsg = NULL;
sqlite *db;
/* TODO: do we need a safe_mode check here? */
db = sqlite_open(save_path, 0666, &errmsg);
if (db == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,

17
ext/sqlite/sqlite.c
View file

@ -1066,9 +1066,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg
case SQLITE_COPY:
if (strncmp(arg4, ":memory:", sizeof(":memory:") - 1)) {
TSRMLS_FETCH();
if (PG(safe_mode) && (!php_checkuid(arg4, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return SQLITE_DENY;
}
if (php_check_open_basedir(arg4 TSRMLS_CC)) {
return SQLITE_DENY;
@ -1079,9 +1076,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg
case SQLITE_ATTACH:
if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) {
TSRMLS_FETCH();
if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return SQLITE_DENY;
}
if (php_check_open_basedir(arg3 TSRMLS_CC)) {
return SQLITE_DENY;
@ -1510,7 +1504,7 @@ static struct php_sqlite_db *php_sqlite_open(char *filename, int mode, char *per
/* authorizer hook so we can enforce safe mode
* Note: the declaration of php_sqlite_authorizer is correct for 2.8.2 of libsqlite,
* and IS backwards binary compatible with earlier versions */
if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
if (PG(open_basedir) && *PG(open_basedir)) {
sqlite_set_authorizer(sdb, php_sqlite_authorizer, NULL);
}
@ -1566,8 +1560,7 @@ PHP_FUNCTION(sqlite_popen)
RETURN_FALSE;
}
if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
php_check_open_basedir(fullpath TSRMLS_CC)) {
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
RETURN_FALSE;
}
@ -1648,8 +1641,7 @@ PHP_FUNCTION(sqlite_open)
}
}
if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
php_check_open_basedir(fullpath TSRMLS_CC)) {
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
zend_restore_error_handling(&error_handling TSRMLS_CC);
if (object) {
@ -1697,8 +1689,7 @@ PHP_FUNCTION(sqlite_factory)
RETURN_NULL();
}
if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
php_check_open_basedir(fullpath TSRMLS_CC)) {
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
zend_restore_error_handling(&error_handling TSRMLS_CC);
RETURN_NULL();

12
ext/sqlite3/sqlite3.c
View file

@ -120,11 +120,13 @@ PHP_METHOD(sqlite3, open)
return;
}
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "safe_mode prohibits opening %s", fullpath);
efree(fullpath);
return;
}
#endif
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "open_basedir prohibits opening %s", fullpath);
@ -158,7 +160,11 @@ PHP_METHOD(sqlite3, open)
}
#endif
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
#else
if (PG(open_basedir) && *PG(open_basedir)) {
#endif
sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL);
}
@ -1779,14 +1785,18 @@ static zend_function_entry php_sqlite3_result_class_methods[] = {
*/
static int php_sqlite3_authorizer(void *autharg, int access_type, const char *arg3, const char *arg4, const char *arg5, const char *arg6)
{
TSRMLS_FETCH();
switch (access_type) {
case SQLITE_ATTACH:
{
if (strncmp(arg3, ":memory:", sizeof(":memory:")-1)) {
TSRMLS_FETCH();
#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return SQLITE_DENY;
}
#endif
if (php_check_open_basedir(arg3 TSRMLS_CC)) {
return SQLITE_DENY;
}

2
ext/sqlite3/tests/sqlite3_21_security.phpt
View file

@ -1,5 +1,5 @@
--TEST--
SQLite3 open_basedir / safe_mode checks
SQLite3 open_basedir checks
--SKIPIF--
<?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
--INI--

108
ext/standard/basic_functions.c
View file

@ -34,7 +34,6 @@
#include "zend_operators.h"
#include "ext/standard/php_dns.h"
#include "ext/standard/php_uuencode.h"
#include "safe_mode.h"
#ifdef PHP_WIN32
#include "win32/php_win32_globals.h"
@ -3351,41 +3350,6 @@ const zend_function_entry basic_functions[] = { /* {{{ */
};
/* }}} */
static PHP_INI_MH(OnUpdateSafeModeProtectedEnvVars) /* {{{ */
{
char *protected_vars, *protected_var;
char *token_buf;
int dummy = 1;
protected_vars = estrndup(new_value, new_value_length);
zend_hash_clean(&BG(sm_protected_env_vars));
protected_var = php_strtok_r(protected_vars, ", ", &token_buf);
while (protected_var) {
zend_hash_update(&BG(sm_protected_env_vars), protected_var, strlen(protected_var), &dummy, sizeof(int), NULL);
protected_var = php_strtok_r(NULL, ", ", &token_buf);
}
efree(protected_vars);
return SUCCESS;
}
/* }}} */
static PHP_INI_MH(OnUpdateSafeModeAllowedEnvVars) /* {{{ */
{
if (BG(sm_allowed_env_vars)) {
free(BG(sm_allowed_env_vars));
}
BG(sm_allowed_env_vars) = zend_strndup(new_value, new_value_length);
return SUCCESS;
}
/* }}} */
PHP_INI_BEGIN() /* {{{ */
PHP_INI_ENTRY_EX("safe_mode_protected_env_vars", SAFE_MODE_PROTECTED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeProtectedEnvVars, NULL)
PHP_INI_ENTRY_EX("safe_mode_allowed_env_vars", SAFE_MODE_ALLOWED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeAllowedEnvVars, NULL)
PHP_INI_END()
/* }}} */
static const zend_module_dep standard_deps[] = { /* {{{ */
ZEND_MOD_OPTIONAL("session")
{NULL, NULL, NULL}
@ -3462,8 +3426,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /*
BG(left) = -1;
BG(user_tick_functions) = NULL;
BG(user_filter_map) = NULL;
zend_hash_init(&BG(sm_protected_env_vars), 5, NULL, NULL, 1);
BG(sm_allowed_env_vars) = NULL;
memset(&BG(url_adapt_state_ex), 0, sizeof(BG(url_adapt_state_ex)));
@ -3479,10 +3441,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /*
static void basic_globals_dtor(php_basic_globals *basic_globals_p TSRMLS_DC) /* {{{ */
{
zend_hash_destroy(&BG(sm_protected_env_vars));
if (BG(sm_allowed_env_vars)) {
free(BG(sm_allowed_env_vars));
}
if (BG(url_adapt_state_ex).tags) {
zend_hash_destroy(BG(url_adapt_state_ex).tags);
free(BG(url_adapt_state_ex).tags);
@ -3594,8 +3552,6 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */
test_class_startup();
#endif
REGISTER_INI_ENTRIES();
register_phpinfo_constants(INIT_FUNC_ARGS_PASSTHRU);
register_html_constants(INIT_FUNC_ARGS_PASSTHRU);
register_string_constants(INIT_FUNC_ARGS_PASSTHRU);
@ -3676,8 +3632,6 @@ PHP_MSHUTDOWN_FUNCTION(basic) /* {{{ */
php_unregister_url_stream_wrapper("ftp" TSRMLS_CC);
#endif
UNREGISTER_INI_ENTRIES();
PHP_MSHUTDOWN(browscap)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
PHP_MSHUTDOWN(array)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
PHP_MSHUTDOWN(assert)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
@ -4061,39 +4015,6 @@ PHP_FUNCTION(putenv)
}
#endif
if (PG(safe_mode)) {
/* Check the protected list */
if (zend_hash_exists(&BG(sm_protected_env_vars), pe.key, pe.key_len)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", pe.key);
efree(pe.putenv_string);
efree(pe.key);
RETURN_FALSE;
}
/* Check the allowed list */
if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) {
char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars));
char *strtok_buf = NULL;
char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf);
zend_bool allowed = 0;
while (allowed_prefix) {
if (!strncmp(allowed_prefix, pe.key, strlen(allowed_prefix))) {
allowed = 1;
break;
}
allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf);
}
efree(allowed_env_vars);
if (!allowed) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", pe.key);
efree(pe.putenv_string);
efree(pe.key);
RETURN_FALSE;
}
}
}
zend_hash_del(&BG(putenv_ht), pe.key, pe.key_len+1);
/* find previous value */
@ -4694,7 +4615,7 @@ PHPAPI int _php_error_log_ex(int opt_err, char *message, int message_len, char *
break;
case 3: /*save to a file */
stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | REPORT_ERRORS, NULL);
if (!stream) {
return FAILURE;
}
@ -5141,10 +5062,6 @@ PHP_FUNCTION(highlight_file)
RETURN_FALSE;
}
if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
RETURN_FALSE;
}
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
}
@ -5391,18 +5308,14 @@ PHP_FUNCTION(ini_set)
}
#define _CHECK_PATH(var, var_len, ini) php_ini_check_path(var, var_len, ini, sizeof(ini))
/* safe_mode & basedir check */
if (PG(safe_mode) || PG(open_basedir)) {
/* open basedir check */
if (PG(open_basedir)) {
if (_CHECK_PATH(varname, varname_len, "error_log") ||
_CHECK_PATH(varname, varname_len, "java.class.path") ||
_CHECK_PATH(varname, varname_len, "java.home") ||
_CHECK_PATH(varname, varname_len, "mail.log") ||
_CHECK_PATH(varname, varname_len, "java.library.path") ||
_CHECK_PATH(varname, varname_len, "vpopmail.directory")) {
if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
zval_dtor(return_value);
RETURN_FALSE;
}
if (php_check_open_basedir(new_value TSRMLS_CC)) {
zval_dtor(return_value);
RETURN_FALSE;
@ -5410,17 +5323,6 @@ PHP_FUNCTION(ini_set)
}
}
/* checks that ensure the user does not overwrite certain ini settings when safe_mode is enabled */
if (PG(safe_mode)) {
if (!strncmp("max_execution_time", varname, sizeof("max_execution_time")) ||
!strncmp("memory_limit", varname, sizeof("memory_limit")) ||
!strncmp("child_terminate", varname, sizeof("child_terminate"))
) {
zval_dtor(return_value);
RETURN_FALSE;
}
}
if (zend_alter_ini_entry_ex(varname, varname_len + 1, new_value, new_value_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME, 0 TSRMLS_CC) == FAILURE) {
zval_dtor(return_value);
RETURN_FALSE;
@ -5797,10 +5699,6 @@ PHP_FUNCTION(move_uploaded_file)
RETURN_FALSE;
}
if (PG(safe_mode) && (!php_checkuid(new_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(new_path TSRMLS_CC)) {
RETURN_FALSE;
}

8
ext/standard/basic_functions.h
View file

@ -175,9 +175,6 @@ typedef struct _php_basic_globals {
zend_llist *user_tick_functions;
zval *active_ini_file_section;
HashTable sm_protected_env_vars;
char *sm_allowed_env_vars;
/* pageinfo.c */
long page_uid;
@ -240,11 +237,6 @@ typedef struct {
} putenv_entry;
#endif
/* Values are comma-delimited
*/
#define SAFE_MODE_PROTECTED_ENV_VARS "LD_LIBRARY_PATH"
#define SAFE_MODE_ALLOWED_ENV_VARS "PHP_"
PHPAPI double php_get_nan(void);
PHPAPI double php_get_inf(void);

13
ext/standard/dir.c
View file

@ -215,7 +215,7 @@ static void _php_do_opendir(INTERNAL_FUNCTION_PARAMETERS, int createobject)
context = php_stream_context_from_zval(zcontext, 0);
dirp = php_stream_opendir(dirname, ENFORCE_SAFE_MODE|REPORT_ERRORS, context);
dirp = php_stream_opendir(dirname, REPORT_ERRORS, context);
if (dirp == NULL) {
RETURN_FALSE;
@ -319,7 +319,7 @@ PHP_FUNCTION(chdir)
RETURN_FALSE;
}
if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
if (php_check_open_basedir(str TSRMLS_CC)) {
RETURN_FALSE;
}
ret = VCWD_CHDIR(str);
@ -481,7 +481,7 @@ PHP_FUNCTION(glob)
/* now catch the FreeBSD style of "no matches" */
if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
no_results:
if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
if (PG(open_basedir) && *PG(open_basedir)) {
struct stat s;
if (0 != VCWD_STAT(pattern, &s) || S_IFDIR != (s.st_mode & S_IFMT)) {
@ -494,11 +494,8 @@ no_results:
array_init(return_value);
for (n = 0; n < globbuf.gl_pathc; n++) {
if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
if (PG(safe_mode) && (!php_checkuid_ex(globbuf.gl_pathv[n], NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS))) {
basedir_limit = 1;
continue;
} else if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) {
if (PG(open_basedir) && *PG(open_basedir)) {
if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) {
basedir_limit = 1;
continue;
}

3
ext/standard/dl.c
View file

@ -63,9 +63,6 @@ PHPAPI PHP_FUNCTION(dl)
if (!PG(enable_dl)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't enabled");
RETURN_FALSE;
} else if (PG(safe_mode)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't allowed when running in Safe Mode");
RETURN_FALSE;
}
if (filename_len >= MAXPATHLEN) {

42
ext/standard/exec.c
View file

@ -22,7 +22,6 @@
#include "php.h"
#include <ctype.h>
#include "php_string.h"
#include "safe_mode.h"
#include "ext/standard/head.h"
#include "ext/standard/file.h"
#include "basic_functions.h"
@ -63,51 +62,21 @@ PHPAPI int php_exec(int type, char *cmd, zval *array, zval *return_value TSRMLS_
FILE *fp;
char *buf, *tmp=NULL;
int l = 0, pclose_return;
char *cmd_p, *b, *c, *d=NULL;
char *b, *c, *d=NULL;
php_stream *stream;
size_t buflen, bufl = 0;
#if PHP_SIGCHILD
void (*sig_handler)() = NULL;
#endif
if (PG(safe_mode)) {
if ((c = strchr(cmd, ' '))) {
*c = '\0';
c++;
}
if (strstr(cmd, "..")) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path");
goto err;
}
b = strrchr(cmd, PHP_DIR_SEPARATOR);
#ifdef PHP_WIN32
if (b && *b == '\\' && b == cmd) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path.");
goto err;
}
#endif
spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : ""));
if (c) {
*(c - 1) = ' ';
}
cmd_p = php_escape_shell_cmd(d);
efree(d);
d = cmd_p;
} else {
cmd_p = cmd;
}
#if PHP_SIGCHILD
sig_handler = signal (SIGCHLD, SIG_DFL);
#endif
#ifdef PHP_WIN32
fp = VCWD_POPEN(cmd_p, "rb");
fp = VCWD_POPEN(cmd, "rb");
#else
fp = VCWD_POPEN(cmd_p, "r");
fp = VCWD_POPEN(cmd, "r");
#endif
if (!fp) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd);
@ -484,11 +453,6 @@ PHP_FUNCTION(shell_exec)
return;
}
if (PG(safe_mode)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute using backquotes in Safe Mode");
RETURN_FALSE;
}
#ifdef PHP_WIN32
if ((in=VCWD_POPEN(command, "rt"))==NULL) {
#else

88
ext/standard/file.c
View file

@ -70,7 +70,6 @@
#endif
#include "ext/standard/head.h"
#include "safe_mode.h"
#include "php_string.h"
#include "file.h"
@ -386,7 +385,7 @@ PHP_FUNCTION(get_meta_tags)
}
md.stream = php_stream_open_wrapper(filename, "rb",
(use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS,
(use_include_path ? USE_PATH : 0) | REPORT_ERRORS,
NULL);
if (!md.stream) {
RETURN_FALSE;
@ -546,7 +545,7 @@ PHP_FUNCTION(file_get_contents)
context = php_stream_context_from_zval(zcontext, 0);
stream = php_stream_open_wrapper_ex(filename, "rb",
(use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS,
(use_include_path ? USE_PATH : 0) | REPORT_ERRORS,
NULL, context);
if (!stream) {
RETURN_FALSE;
@ -615,7 +614,7 @@ PHP_FUNCTION(file_put_contents)
}
mode[2] = '\0';
stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
if (stream == NULL) {
RETURN_FALSE;
}
@ -750,7 +749,7 @@ PHP_FUNCTION(file)
context = php_stream_context_from_zval(zcontext, flags & PHP_FILE_NO_DEFAULT_CONTEXT);
stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
if (!stream) {
RETURN_FALSE;
}
@ -836,10 +835,6 @@ PHP_FUNCTION(tempnam)
return;
}
if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(dir TSRMLS_CC)) {
RETURN_FALSE;
}
@ -896,7 +891,7 @@ PHP_NAMED_FUNCTION(php_if_fopen)
context = php_stream_context_from_zval(zcontext, 0);
stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
if (stream == NULL) {
RETURN_FALSE;
@ -942,7 +937,7 @@ PHP_FUNCTION(popen)
int command_len, mode_len;
FILE *fp;
php_stream *stream;
char *posix_mode, *b, *buf = 0, *tmp;
char *posix_mode, *buf = 0;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &command, &command_len, &mode, &mode_len) == FAILURE) {
return;
@ -957,49 +952,14 @@ PHP_FUNCTION(popen)
}
}
#endif
if (PG(safe_mode)){
b = strchr(command, ' ');
if (!b) {
b = strrchr(command, '/');
} else {
char *c;
c = command;
while((*b != '/') && (b != c)) {
b--;
}
if (b == c) {
b = NULL;
}
}
if (b) {
spprintf(&buf, 0, "%s%s", PG(safe_mode_exec_dir), b);
} else {
spprintf(&buf, 0, "%s/%s", PG(safe_mode_exec_dir), command);
}
tmp = php_escape_shell_cmd(buf);
fp = VCWD_POPEN(tmp, posix_mode);
efree(tmp);
if (!fp) {
php_error_docref2(NULL TSRMLS_CC, buf, posix_mode, E_WARNING, "%s", strerror(errno));
efree(posix_mode);
efree(buf);
RETURN_FALSE;
}
efree(buf);
} else {
fp = VCWD_POPEN(command, posix_mode);
if (!fp) {
php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno));
efree(posix_mode);
RETURN_FALSE;
}
fp = VCWD_POPEN(command, posix_mode);
if (!fp) {
php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno));
efree(posix_mode);
RETURN_FALSE;
}
stream = php_stream_fopen_from_pipe(fp, mode);
if (stream == NULL) {
@ -1361,10 +1321,6 @@ PHPAPI int php_mkdir_ex(char *dir, long mode, int options TSRMLS_DC)
{
int ret;
if (PG(safe_mode) && (!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return -1;
}
if (php_check_open_basedir(dir TSRMLS_CC)) {
return -1;
}
@ -1440,7 +1396,7 @@ PHP_FUNCTION(readfile)
context = php_stream_context_from_zval(zcontext, 0);
stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
if (stream) {
size = php_stream_passthru(stream);
php_stream_close(stream);
@ -1561,7 +1517,7 @@ PHP_FUNCTION(unlink)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s does not allow unlinking", wrapper->wops->label ? wrapper->wops->label : "Wrapper");
RETURN_FALSE;
}
RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, ENFORCE_SAFE_MODE | REPORT_ERRORS, context TSRMLS_CC));
RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, REPORT_ERRORS, context TSRMLS_CC));
}
/* }}} */
@ -1684,10 +1640,6 @@ PHP_FUNCTION(copy)
return;
}
if (PG(safe_mode) &&(!php_checkuid(source, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(source TSRMLS_CC)) {
RETURN_FALSE;
}
@ -1704,13 +1656,13 @@ PHP_FUNCTION(copy)
PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC) /* {{{ */
{
return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC);
return php_copy_file_ex(src, dest, 0 TSRMLS_CC);
}
/* }}} */
/* {{{ php_copy_file
*/
PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC)
PHPAPI int php_copy_file_ex(char *src, char *dest, int src_flg TSRMLS_DC)
{
php_stream *srcstream = NULL, *deststream = NULL;
int ret = FAILURE;
@ -1781,13 +1733,13 @@ no_stat:
}
safe_to_copy:
srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL);
srcstream = php_stream_open_wrapper(src, "rb", src_flg | REPORT_ERRORS, NULL);
if (!srcstream) {
return ret;
}
deststream = php_stream_open_wrapper(dest, "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
deststream = php_stream_open_wrapper(dest, "wb", REPORT_ERRORS, NULL);
if (srcstream && deststream) {
ret = php_stream_copy_to_stream_ex(srcstream, deststream, PHP_STREAM_COPY_ALL, NULL);
@ -2376,10 +2328,6 @@ PHP_FUNCTION(realpath)
}
if (VCWD_REALPATH(filename, resolved_path_buff)) {
if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(resolved_path_buff TSRMLS_CC)) {
RETURN_FALSE;
}

57
ext/standard/filestat.c
View file

@ -19,7 +19,6 @@
/* $Id$ */
#include "php.h"
#include "safe_mode.h"
#include "fopen_wrappers.h"
#include "php_globals.h"
@ -434,10 +433,6 @@ static void php_do_chgrp(INTERNAL_FUNCTION_PARAMETERS, int do_lchgrp) /* {{{ */
RETURN_FALSE;
}
if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
RETURN_FALSE;
}
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
@ -535,10 +530,6 @@ static void php_do_chown(INTERNAL_FUNCTION_PARAMETERS, int do_lchown) /* {{{ */
RETURN_FALSE;
}
if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
RETURN_FALSE;
}
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
@ -603,36 +594,12 @@ PHP_FUNCTION(chmod)
return;
}
if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
RETURN_FALSE;
}
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
}
imode = (mode_t) mode;
/* In safe mode, do not allow to setuid files.
* Setuiding files could allow users to gain privileges
* that safe mode doesn't give them. */
if (PG(safe_mode)) {
php_stream_statbuf ssb;
if (php_stream_stat_path_ex(filename, 0, &ssb, NULL)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "stat failed for %s", filename);
RETURN_FALSE;
}
if ((imode & 04000) != 0 && (ssb.sb.st_mode & 04000) == 0) {
imode ^= 04000;
}
if ((imode & 02000) != 0 && (ssb.sb.st_mode & 02000) == 0) {
imode ^= 02000;
}
if ((imode & 01000) != 0 && (ssb.sb.st_mode & 01000) == 0) {
imode ^= 01000;
}
}
ret = VCWD_CHMOD(filename, imode);
if (ret == -1) {
@ -680,11 +647,6 @@ PHP_FUNCTION(touch)
WRONG_PARAM_COUNT;
}
/* Safe-mode */
if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
@ -771,28 +733,13 @@ PHPAPI void php_stat(const char *filename, php_stat_len filename_length, int typ
};
char *local;
php_stream_wrapper *wrapper;
char safe_mode_buf[MAXPATHLEN];
if (!filename_length) {
RETURN_FALSE;
}
if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper) {
if (php_check_open_basedir(local TSRMLS_CC)) {
RETURN_FALSE;
} else if (PG(safe_mode)) {
if (type == FS_IS_X) {
if (strstr(local, "..")) {
RETURN_FALSE;
} else {
char *b = strrchr(local, PHP_DIR_SEPARATOR);
snprintf(safe_mode_buf, MAXPATHLEN, "%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : local));
local = (char *)&safe_mode_buf;
}
} else if (!php_checkuid_ex(local, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS, CHECKUID_NO_ERRORS)) {
RETURN_FALSE;
}
}
if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper && php_check_open_basedir(local TSRMLS_CC)) {
RETURN_FALSE;
}
if (IS_ACCESS_CHECK(type)) {

2
ext/standard/fsock.c
View file

@ -76,7 +76,7 @@ static void php_fsockopen_stream(INTERNAL_FUNCTION_PARAMETERS, int persistent)
ZVAL_STRING(zerrstr, "", 1);
}
stream = php_stream_xport_create(hostname, hostname_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
stream = php_stream_xport_create(hostname, hostname_len, REPORT_ERRORS,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, hashkey, &tv, NULL, &errstr, &err);
if (port > 0) {

4
ext/standard/ftok.c
View file

@ -47,9 +47,9 @@ PHP_FUNCTION(ftok)
if (proj_len != 1){
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Project identifier is invalid");
RETURN_LONG(-1);
}
}
if ((PG(safe_mode) && (!php_checkuid(pathname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pathname TSRMLS_CC)) {
if (php_check_open_basedir(pathname TSRMLS_CC)) {
RETURN_LONG(-1);
}

1
ext/standard/head.c
View file

@ -31,7 +31,6 @@
#endif
#include "php_globals.h"
#include "safe_mode.h"
/* Implementation of the language Header() function */

2
ext/standard/http_fopen_wrapper.c
View file

@ -131,7 +131,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
Z_TYPE_PP(tmpzval) != IS_STRING ||
Z_STRLEN_PP(tmpzval) <= 0) {
php_url_free(resource);
return php_stream_open_wrapper_ex(path, mode, ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
}
/* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
request_fulluri = 1;

2
ext/standard/image.c
View file

@ -1313,7 +1313,7 @@ PHP_FUNCTION(getimagesize)
array_init(*info);
}
stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL);
stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH, NULL);
if (!stream) {
RETURN_FALSE;

4
ext/standard/iptc.c
View file

@ -190,10 +190,6 @@ PHP_FUNCTION(iptcembed)
return;
}
if (PG(safe_mode) && (!php_checkuid(jpeg_file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_check_open_basedir(jpeg_file TSRMLS_CC)) {
RETURN_FALSE;
}

21
ext/standard/link.c
View file

@ -47,7 +47,6 @@
#include <errno.h>
#include <ctype.h>
#include "safe_mode.h"
#include "php_link.h"
#include "php_string.h"
@ -64,10 +63,6 @@ PHP_FUNCTION(readlink)
return;
}
if (PG(safe_mode) && !php_checkuid(link, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
RETURN_FALSE;
}
if (php_check_open_basedir(link TSRMLS_CC)) {
RETURN_FALSE;
}
@ -144,14 +139,6 @@ PHP_FUNCTION(symlink)
RETURN_FALSE;
}
if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
RETURN_FALSE;
}
if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
RETURN_FALSE;
}
if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}
@ -200,14 +187,6 @@ PHP_FUNCTION(link)
RETURN_FALSE;
}
if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
RETURN_FALSE;
}
if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
RETURN_FALSE;
}
if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}

11
ext/standard/link_win32.c
View file

@ -39,7 +39,6 @@
#include <errno.h>
#include <ctype.h>
#include "safe_mode.h"
#include "php_link.h"
#include "php_string.h"
@ -91,7 +90,7 @@ PHP_FUNCTION(readlink)
return;
}
if (OPENBASEDIR_CHECKPATH(link)) {
if (php_check_open_basedir(link TSRMLS_CC)) {
RETURN_FALSE;
}
if (!expand_filepath(link, path_resolved TSRMLS_CC)) {
@ -209,11 +208,11 @@ PHP_FUNCTION(symlink)
RETURN_FALSE;
}
if (OPENBASEDIR_CHECKPATH(dest_p)) {
if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}
if (OPENBASEDIR_CHECKPATH(source_p)) {
if (php_check_open_basedir(source_p TSRMLS_CC)) {
RETURN_FALSE;
}
@ -264,11 +263,11 @@ PHP_FUNCTION(link)
RETURN_FALSE;
}
if (OPENBASEDIR_CHECKPATH(source_p)) {
if (php_check_open_basedir(source_p TSRMLS_CC)) {
RETURN_FALSE;
}
if (OPENBASEDIR_CHECKPATH(dest_p)) {
if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}

10
ext/standard/mail.c
View file

@ -41,7 +41,6 @@
#include "php_mail.h"
#include "php_ini.h"
#include "safe_mode.h"
#include "exec.h"
#ifdef PHP_WIN32
@ -105,14 +104,7 @@ PHP_FUNCTION(mail)
char *to_r, *subject_r;
char *p, *e;
if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE");
RETURN_FALSE;
}
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len,
&headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE
) {
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE) {
return;
}

2
ext/standard/md5.c
View file

@ -89,7 +89,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file)
return;
}
stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
}

1
ext/standard/pack.c
View file

@ -39,7 +39,6 @@
#include <sys/param.h>
#endif
#include "ext/standard/head.h"
#include "safe_mode.h"
#include "php_string.h"
#include "pack.h"
#if HAVE_PWD_H

81
ext/standard/proc_open.c
View file

@ -28,7 +28,6 @@
#include <stdio.h>
#include <ctype.h>
#include "php_string.h"
#include "safe_mode.h"
#include "ext/standard/head.h"
#include "ext/standard/basic_functions.h"
#include "ext/standard/file.h"
@ -153,33 +152,6 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent
if (string_length == 0) {
continue;
}
if (PG(safe_mode)) {
/* Check the protected list */
if (zend_hash_exists(&BG(sm_protected_env_vars), string_key, string_length - 1)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", string_key);
return env;
}
/* Check the allowed list */
if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) {
char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars));
char *strtok_buf = NULL;
char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf);
zend_bool allowed = 0;
while (allowed_prefix) {
if (!strncmp(allowed_prefix, string_key, strlen(allowed_prefix))) {
allowed = 1;
break;
}
allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf);
}
efree(allowed_env_vars);
if (!allowed) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", string_key);
return env;
}
}
}
l = string_length + el_len + 1;
memcpy(p, string_key, string_length);
@ -278,53 +250,6 @@ static void proc_open_rsrc_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC)
}
/* }}} */
/* {{{ php_make_safe_mode_command */
static int php_make_safe_mode_command(char *cmd, char **safecmd, int is_persistent TSRMLS_DC)
{
int lcmd, larg0;
char *space, *sep, *arg0;
if (!PG(safe_mode)) {
*safecmd = pestrdup(cmd, is_persistent);
return SUCCESS;
}
lcmd = strlen(cmd);
arg0 = estrndup(cmd, lcmd);
space = memchr(arg0, ' ', lcmd);
if (space) {
*space = '\0';
larg0 = space - arg0;
} else {
larg0 = lcmd;
}
if (php_memnstr(arg0, "..", sizeof("..")-1, arg0 + larg0)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path");
efree(arg0);
return FAILURE;
}
sep = zend_memrchr(arg0, PHP_DIR_SEPARATOR, larg0);
spprintf(safecmd, 0, "%s%s%s%s", PG(safe_mode_exec_dir), (sep ? sep : "/"), (sep ? "" : arg0), (space ? cmd + larg0 : ""));
efree(arg0);
arg0 = php_escape_shell_cmd(*safecmd);
efree(*safecmd);
if (is_persistent) {
*safecmd = pestrdup(arg0, 1);
efree(arg0);
} else {
*safecmd = arg0;
}
return SUCCESS;
}
/* }}} */
/* {{{ PHP_MINIT_FUNCTION(proc_open) */
PHP_MINIT_FUNCTION(proc_open)
{
@ -541,9 +466,7 @@ PHP_FUNCTION(proc_open)
RETURN_FALSE;
}
if (FAILURE == php_make_safe_mode_command(command, &command, is_persistent TSRMLS_CC)) {
RETURN_FALSE;
}
command = pestrdup(command, is_persistent);
#ifdef PHP_WIN32
if (other_options) {
@ -695,7 +618,7 @@ PHP_FUNCTION(proc_open)
/* try a wrapper */
stream = php_stream_open_wrapper(Z_STRVAL_PP(zfile), Z_STRVAL_PP(zmode),
ENFORCE_SAFE_MODE|REPORT_ERRORS|STREAM_WILL_CAST, NULL);
REPORT_ERRORS|STREAM_WILL_CAST, NULL);
/* force into an fd */
if (stream == NULL || FAILURE == php_stream_cast(stream,

2
ext/standard/sha1.c
View file

@ -79,7 +79,7 @@ PHP_FUNCTION(sha1_file)
return;
}
stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
}

4
ext/standard/streamsfuncs.c
View file

@ -128,7 +128,7 @@ PHP_FUNCTION(stream_socket_client)
ZVAL_STRING(zerrstr, "", 1);
}
stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
stream = php_stream_xport_create(host, host_len, REPORT_ERRORS,
STREAM_XPORT_CLIENT | (flags & PHP_STREAM_CLIENT_CONNECT ? STREAM_XPORT_CONNECT : 0) |
(flags & PHP_STREAM_CLIENT_ASYNC_CONNECT ? STREAM_XPORT_CONNECT_ASYNC : 0),
hashkey, &tv, context, &errstr, &err);
@ -204,7 +204,7 @@ PHP_FUNCTION(stream_socket_server)
ZVAL_STRING(zerrstr, "", 1);
}
stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
stream = php_stream_xport_create(host, host_len, REPORT_ERRORS,
STREAM_XPORT_SERVER | flags,
NULL, NULL, context, &errstr, &err);

1
ext/standard/tests/file/bug22414.phpt
View file

@ -1,7 +1,6 @@
--TEST--
Bug #22414 (passthru() does not read data correctly)
--INI--
safe_mode=
output_handler=
--FILE--
<?php

40
ext/standard/tests/general_functions/get_cfg_var_variation8.phpt
View file

@ -1,20 +1,20 @@
--TEST--
Test function get_cfg_var() by calling deprecated option
--CREDITS--
Francesco Fullone ff@ideato.it
#PHPTestFest Cesena Italia on 2009-06-20
--INI--
safe_mode=1
--SKIPIF--
<?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?>
--FILE--
<?php
echo "*** Test by calling method or function with deprecated option ***\n";
var_dump(get_cfg_var( 'safe_mode' ) );
?>
--EXPECTF--
Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in %s on line 0
*** Test by calling method or function with deprecated option ***
string(1) "1"
--TEST--
Test function get_cfg_var() by calling deprecated option
--CREDITS--
Francesco Fullone ff@ideato.it
#PHPTestFest Cesena Italia on 2009-06-20
--INI--
magic_quotes_gpc=1
--SKIPIF--
<?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?>
--FILE--
<?php
echo "*** Test by calling method or function with deprecated option ***\n";
var_dump(get_cfg_var( 'magic_quotes_gpc' ) );
?>
--EXPECTF--
Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in %s on line 0
*** Test by calling method or function with deprecated option ***
string(1) "1"

2
ext/standard/tests/general_functions/putenv_error1.phpt
View file

@ -5,6 +5,8 @@ Brian DeShong <brian@deshong.net>
--INI--
safe_mode=1
safe_mode_allowed_env_vars=TESTING_
--SKIPIF--
<?php if (PHP_VERSION_ID < 503099) { die('SKIP Safe mode is no longer available'); } ?>
--FILE--
<?php
putenv('FOO=bar');

2
ext/standard/tests/general_functions/putenv_error2.phpt
View file

@ -5,6 +5,8 @@ Brian DeShong <brian@deshong.net>
--INI--
safe_mode=1
safe_mode_protected_env_vars=FOO,BAZ
--SKIPIF--
<?php if (PHP_VERSION_ID < 503099) { die('SKIP Safe mode is no longer available'); } ?>
--FILE--
<?php
putenv('FOO=bar');

9
ext/tidy/tidy.c
View file

@ -29,7 +29,6 @@
#include "php_ini.h"
#include "ext/standard/info.h"
#include "safe_mode.h"
#include "tidy.h"
#include "buffio.h"
@ -74,7 +73,7 @@
_php_tidy_apply_config_array(_doc, HASH_OF(*_val) TSRMLS_CC); \
} else { \
convert_to_string_ex(_val); \
TIDY_SAFE_MODE_CHECK(Z_STRVAL_PP(_val)); \
TIDY_OPEN_BASE_DIR_CHECK(Z_STRVAL_PP(_val)); \
switch (tidyLoadConfig(_doc, Z_STRVAL_PP(_val))) { \
case -1: \
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not load configuration file '%s'", Z_STRVAL_PP(_val)); \
@ -156,8 +155,8 @@
zend_hash_update(_table, #_key, sizeof(#_key), (void *)&tmp, sizeof(zval *), NULL); \
}
#define TIDY_SAFE_MODE_CHECK(filename) \
if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { \
#define TIDY_OPEN_BASE_DIR_CHECK(filename) \
if (php_check_open_basedir(filename TSRMLS_CC)) { \
RETURN_FALSE; \
} \
@ -641,7 +640,7 @@ static char *php_tidy_file_to_mem(char *filename, zend_bool use_include_path, in
php_stream *stream;
char *data = NULL;
if (!(stream = php_stream_open_wrapper(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE, NULL))) {
if (!(stream = php_stream_open_wrapper(filename, "rb", (use_include_path ? USE_PATH : 0), NULL))) {
return NULL;
}
if ((*len = (int) php_stream_copy_to_mem(stream, &data, PHP_STREAM_COPY_ALL, 0)) == 0) {

2
ext/xmlwriter/php_xmlwriter.c
View file

@ -679,7 +679,7 @@ static void *php_xmlwriter_streams_IO_open_write_wrapper(const char *filename TS
php_stream_wrapper *wrapper = NULL;
void *ret_val = NULL;
ret_val = php_stream_open_wrapper_ex((char *)filename, "wb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, NULL);
ret_val = php_stream_open_wrapper_ex((char *)filename, "wb", REPORT_ERRORS, NULL, NULL);
return ret_val;
}
/* }}} */

16
ext/zip/php_zip.c
View file

@ -184,7 +184,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
efree(file_dirname_fullpath);
efree(file_basename);
free(new_state.cwd);
@ -238,7 +238,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
* is required, does a file can have a different
* safemode status as its parent folder?
*/
if (OPENBASEDIR_CHECKPATH(fullpath)) {
if (ZIP_OPENBASEDIR_CHECKPATH(fullpath)) {
efree(fullpath);
efree(file_dirname_fullpath);
efree(file_basename);
@ -255,7 +255,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
return 0;
}
#if (PHP_MAJOR_VERSION < 6)
#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
@ -288,7 +288,7 @@ static int php_zip_add_file(struct zip *za, const char *filename, int filename_l
char resolved_path[MAXPATHLEN];
if (OPENBASEDIR_CHECKPATH(filename)) {
if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
return -1;
}
@ -530,7 +530,7 @@ int php_zip_glob(char *pattern, int pattern_len, long flags, zval *return_value
/* we assume that any glob pattern will match files from one directory only
so checking the dirname of the first match should be sufficient */
strncpy(cwd, globbuf.gl_pathv[0], MAXPATHLEN);
if (OPENBASEDIR_CHECKPATH(cwd)) {
if (ZIP_OPENBASEDIR_CHECKPATH(cwd)) {
return -1;
}
@ -592,7 +592,7 @@ int php_zip_pcre(char *regexp, int regexp_len, char *path, int path_len, zval *r
}
#endif
if (OPENBASEDIR_CHECKPATH(path)) {
if (ZIP_OPENBASEDIR_CHECKPATH(path)) {
return -1;
}
@ -1163,7 +1163,7 @@ static PHP_NAMED_FUNCTION(zif_zip_open)
RETURN_FALSE;
}
if (OPENBASEDIR_CHECKPATH(filename)) {
if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
@ -1452,7 +1452,7 @@ static ZIPARCHIVE_METHOD(open)
RETURN_FALSE;
}
if (OPENBASEDIR_CHECKPATH(filename)) {
if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}

8
ext/zip/php_zip.h
View file

@ -43,12 +43,12 @@ extern zend_module_entry zip_module_entry;
# endif
#endif
/* {{{ OPENBASEDIR_CHECKPATH(filename) */
#if (PHP_MAJOR_VERSION < 6)
# define OPENBASEDIR_CHECKPATH(filename) \
/* {{{ ZIP_OPENBASEDIR_CHECKPATH(filename) */
#if PHP_API_VERSION < 20100412
# define ZIP_OPENBASEDIR_CHECKPATH(filename) \
(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
#else
#define OPENBASEDIR_CHECKPATH(filename) \
#define ZIP_OPENBASEDIR_CHECKPATH(filename) \
php_check_open_basedir(filename TSRMLS_CC)
#endif
/* }}} */

4
ext/zip/zip_stream.c
View file

@ -120,7 +120,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D
}
if (filename) {
if (OPENBASEDIR_CHECKPATH(filename)) {
if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
return NULL;
}
@ -201,7 +201,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper,
php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
fragment++;
if (OPENBASEDIR_CHECKPATH(file_dirname)) {
if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname)) {
efree(file_basename);
return NULL;
}

7
ext/zlib/zlib.c
View file

@ -44,7 +44,6 @@
#endif
#include "ext/standard/head.h"
#include "safe_mode.h"
#include "ext/standard/php_standard.h"
#include "ext/standard/info.h"
#include "php_zlib.h"
@ -373,7 +372,7 @@ static PHP_FUNCTION(gzfile)
use_include_path = flags ? USE_PATH : 0;
/* using a stream here is a bit more efficient (resource wise) than php_gzopen_wrapper */
stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
if (stream == NULL) {
/* Error reporting is already done by stream code */
RETURN_FALSE;
@ -415,7 +414,7 @@ static PHP_FUNCTION(gzopen)
use_include_path = flags ? USE_PATH : 0;
stream = php_stream_gzopen(NULL, filename, mode, use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
stream = php_stream_gzopen(NULL, filename, mode, use_include_path | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
if (!stream) {
RETURN_FALSE;
@ -444,7 +443,7 @@ static PHP_FUNCTION(readgzfile)
use_include_path = flags ? USE_PATH : 0;
stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE, NULL, NULL STREAMS_CC TSRMLS_CC);
stream = php_stream_gzopen(NULL, filename, "rb", use_include_path, NULL, NULL STREAMS_CC TSRMLS_CC);
if (!stream) {
RETURN_FALSE;
}

69
main/SAPI.c
View file

@ -674,75 +674,12 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
}
}
} else if (!STRCASECMP(header_line, "WWW-Authenticate")) { /* HTTP Authentication */
sapi_update_response_code(401 TSRMLS_CC); /* authentication-required */
if(PG(safe_mode))
#if (HAVE_PCRE || HAVE_BUNDLED_PCRE) && !defined(COMPILE_DL_PCRE)
{
zval *repl_temp;
char *ptr = colon_offset+1, *result, *newheader;
int ptr_len=0, result_len = 0, newlen = 0;
myuid = php_getuid(TSRMLS_C);
efree(header_line);
/* skip white space */
while (isspace(*ptr)) {
ptr++;
}
myuid = php_getuid(TSRMLS_C);
ptr_len = strlen(ptr);
MAKE_STD_ZVAL(repl_temp);
Z_TYPE_P(repl_temp) = IS_STRING;
Z_STRLEN_P(repl_temp) = spprintf(&Z_STRVAL_P(repl_temp), 0, "realm=\"\\1-%ld\"", myuid);
/* Modify quoted realm value */
result = php_pcre_replace("/realm=\"(.*?)\"/i", 16,
ptr, ptr_len,
repl_temp,
0, &result_len, -1, NULL TSRMLS_CC);
if(result_len==ptr_len) {
efree(result);
efree(Z_STRVAL_P(repl_temp));
Z_STRLEN_P(repl_temp) = spprintf(&Z_STRVAL_P(repl_temp), 0, "realm=\\1-%ld\\2", myuid);
/* modify unquoted realm value */
result = php_pcre_replace("/realm=([^\\s]+)(.*)/i", 21,
ptr, ptr_len,
repl_temp,
0, &result_len, -1, NULL TSRMLS_CC);
if(result_len==ptr_len) {
char *lower_temp = estrdup(ptr);
char conv_temp[32];
int conv_len;
php_strtolower(lower_temp,strlen(lower_temp));
/* If there is no realm string at all, append one */
if(!strstr(lower_temp,"realm")) {
efree(result);
conv_len = slprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
result = emalloc(ptr_len+conv_len+1);
result_len = ptr_len+conv_len;
memcpy(result, ptr, ptr_len);
memcpy(result+ptr_len, conv_temp, conv_len);
*(result+ptr_len+conv_len) = '\0';
}
efree(lower_temp);
}
}
newlen = spprintf(&newheader, 0, "WWW-Authenticate: %s", result);
efree(header_line);
sapi_header.header = newheader;
sapi_header.header_len = newlen;
efree(result);
efree(Z_STRVAL_P(repl_temp));
efree(repl_temp);
}
#else
{
myuid = php_getuid();
efree(header_line);
sapi_header.header_len = spprintf(&sapi_header.header, 0, "WWW-Authenticate: Basic realm=\"%ld\"", myuid);
}
#endif
sapi_header.header_len = spprintf(&sapi_header.header, 0, "WWW-Authenticate: Basic realm=\"%ld\"", myuid);
}
if (sapi_header.header==header_line) {
*colon_offset = ':';

84
main/fopen_wrappers.c
View file

@ -39,7 +39,6 @@
#include <sys/param.h>
#endif
#include "safe_mode.h"
#include "ext/standard/head.h"
#include "ext/standard/php_standard.h"
#include "zend_compile.h"
@ -312,55 +311,6 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
}
/* }}} */
/* {{{ php_check_safe_mode_include_dir
*/
PHPAPI int php_check_safe_mode_include_dir(const char *path TSRMLS_DC)
{
if (PG(safe_mode)) {
if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) {
char *pathbuf;
char *ptr;
char *end;
char resolved_name[MAXPATHLEN];
/* Resolve the real path into resolved_name */
if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) {
return -1;
}
pathbuf = estrdup(PG(safe_mode_include_dir));
ptr = pathbuf;
while (ptr && *ptr) {
end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
if (end != NULL) {
*end = '\0';
end++;
}
/* Check the path */
#ifdef PHP_WIN32
if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0)
#else
if (strncmp(ptr, resolved_name, strlen(ptr)) == 0)
#endif
{
/* File is in the right directory */
efree(pathbuf);
return 0;
}
ptr = end;
}
efree(pathbuf);
}
return -1;
}
/* Nothing to check... */
return 0;
}
/* }}} */
/* {{{ php_fopen_and_set_opened_path
*/
static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, char **opened_path TSRMLS_DC)
@ -650,7 +600,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
char *pathbuf, *ptr, *end;
char *exec_fname;
char trypath[MAXPATHLEN];
struct stat sb;
FILE *fp;
int path_length;
int filename_length;
@ -668,33 +617,15 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
/* Relative path open */
if (*filename == '.') {
if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
return NULL;
}
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
/*
* files in safe_mode_include_dir (or subdir) are excluded from
* safe mode GID/UID checks
*/
/* Absolute path open */
if (IS_ABSOLUTE_PATH(filename, filename_length)) {
if (php_check_safe_mode_include_dir(filename TSRMLS_CC) == 0) {
/* filename is in safe_mode_include_dir (or subdir) */
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
return NULL;
}
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
if (!path || (path && !*path)) {
if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
return NULL;
}
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
@ -733,21 +664,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) {
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN);
}
if (PG(safe_mode)) {
if (VCWD_STAT(trypath, &sb) == 0) {
/* file exists ... check permission */
if (php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0 ||
php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)
) {
/* UID ok, or trypath is in safe_mode_include_dir */
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
} else {
fp = NULL;
}
efree(pathbuf);
return fp;
}
}
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
if (fp) {
efree(pathbuf);

Some files were not shown because too many files have changed in this diff Show more