php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-24 08:28:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
38,511 Commits 549 Branches 1,485 Tags
00f576cc9755d030c94de3566c46db4a54bff2ae
Commit Graph

81 Commits

Author SHA1 Message Date
Sebastian Bergmann ef49b9a8de MFH: Bump copyright year, 3 of 3. 2008-12-31 11:17:49 +00:00
Felipe Pena 9c51f3c841 - MFB: Removed unused variable. 2008-07-24 16:01:59 +00:00
Felipe Pena 16fb63384c - MFB: Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666. 
(patch by Christian Hoffmann)
 2008-07-21 19:34:45 +00:00
Sebastian Bergmann d9f3a1305f MFH: Bump copyright year, 2 of 2. 2007-12-31 07:20:42 +00:00
Ilia Alshanetsky 81676a4b6e MFB: Fixed bug #43276 (Incomplete fix for bug #42739, mkdir() under 
safe_mode).
 2007-11-15 18:58:43 +00:00
Jani Taskinen 979e8b5896 MFB53 2007-10-11 09:33:53 +00:00
Jani Taskinen 3c9eb61d04 MF53 2007-10-11 08:28:02 +00:00
Robert Thompson 98505945f2 Fix for bug 41899, safe mode and relative paths with Solaris's broken getcwd(). 2007-10-10 23:54:39 +00:00
Ilia Alshanetsky f60df047f1 Fixed bug #42739 (mkdir() doesnt like a trailing slash when safe_mode is 
enabled).
 2007-09-23 15:19:21 +00:00
Jani Taskinen d271071067 MFH: Fixed compile warnings 2007-07-21 01:43:33 +00:00
Hannes Magnusson b865d176de Typo 2007-01-12 12:11:18 +00:00
Ilia Alshanetsky 2ae036f038 Fixed bug #40098 (php_fopen_primary_script() not thread safe). 
Adjusted previous fixes for similar issue to handle sysconf() failures
 2007-01-12 01:46:11 +00:00
Ilia Alshanetsky 78ca1de763 Fixed bug #40079 (php_get_current_user() not thread safe). 
# Original patch from wharmby at uk dot ibm dot com
 2007-01-09 23:27:22 +00:00
Sebastian Bergmann 4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Antony Dovgal a7ce772222 fix #39575 (move_uploaded_file() no longer working (safe mode related)) 2006-11-22 11:55:36 +00:00
Dmitry Stogov 9fd2b6deb4 Simplify the code base as this getpwd() was used only once 2006-11-10 09:56:16 +00:00
Nuno Lopes 7961207d6b add const keywords 2006-07-01 11:35:34 +00:00
Antony Dovgal fbeb246a3a no need to do TSRMLS_FETCH() twice 2006-06-01 14:06:23 +00:00
foobar 5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
foobar 23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
Stefan Esser b1bb6f1735 Do not silently truncate 2004-12-01 22:37:33 +00:00
Anantha Kesari H Y 06a4be43a3 NetWare don't have uid for a file so modified the php_checkuid to return 1 for NetWAre 2004-09-29 12:35:13 +00:00
Andi Gutmans 56f8195fe5 - Nuke empty_string. It is a reminanent from the time where RETURN_FALSE() 
used to return "" and not bool(false). It's not worth keeping it because
  STR_FREE() and zval_dtor() always have to check for it and it slows down
  the general case. In addition, it seems that empty_string has been abused
  quite a lot, and was used not only for setting zval's but generally in
  PHP code instead of "", which wasn't the intention. Last but not least,
  nuking empty_string should improve stability as I doubt every place
  correctly checked if they are not mistakenly erealloc()'ing it or
  calling efree() on it.
  NOTE: Some code is probably broken. Each extension maintainer should
  check and see that my changes are OK. Also, I haven't had time to touch
  PECL yet. Will try and do it tomorrow.
 2004-07-19 07:19:50 +00:00
Andi Gutmans dbeb4158d2 - A belated happy holidays and PHP 5 2004-01-08 08:18:22 +00:00
James Cox f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Wez Furlong cfd0466389 Fix for Bug #21310, based on a patch by jflemer@php.net. 2003-03-17 13:40:45 +00:00
foobar 8e3f23e3c0 ws fixes + missing $Id$ tags, headers added 2003-02-19 08:40:19 +00:00
Ilia Alshanetsky 9b560970f8 Fixed compiler warnings. 2003-01-09 22:33:43 +00:00
Sara Golemon 4d789b593f Bug #21531 file_exists() and other filestat functions throw errors when in safe mode and file/directory does not exist. 
Extended php_checkuid function to add "flags" field via rename to php_checkuid_ex with alias for BC in functions that do want safe mode errors thrown.
 2003-01-09 21:57:45 +00:00
Sebastian Bergmann 2c5d4b8c23 Bump year. 2002-12-31 15:59:15 +00:00
Ilia Alshanetsky 78e2e69b23 Instead of checking whether realpath exists based on OS. Use the 
HAVE_REALPATH define, which is set if realpath() is avaliable. This patch
also resolves bug #18868.
 2002-11-06 18:07:23 +00:00
David Reid cf2e12a01e Add some more BeOS support. 2002-10-02 23:48:58 +00:00
Marcus Boerger a1f7bb12f1 use php_error_docref() 2002-08-25 18:45:02 +00:00
Wez Furlong c2cbae6dd3 Enhance Ilia's recent patch to query the wrapper subsystem to determine 
if a filename is a URL and thus if safe-mode checks should be skipped.
 2002-08-16 09:50:24 +00:00
Ilia Alshanetsky a643ae656a Make https:// be exempt from safe_mode checks, just like http:// & ftp:// are. 2002-08-16 03:52:37 +00:00
Yasuo Ohgaki f4f8726b9e Accoding to safe_mode.h, php_checkuid() has six modes. 2002-07-17 05:15:17 +00:00
foobar 6f10116237 Fix bug: #18285, php_checkuid() mangled the passed path. 2002-07-13 00:52:18 +00:00
Stefan Esser 0d3a45299d SAFE_MODE restriction error message fixed if the file doesn't exist 2002-03-17 21:00:44 +00:00
Stefan Esser cf4a292c5d fixed a typo within checkuid 2002-03-14 16:48:18 +00:00
James E. Flemer 6a6b5a6108 (php_checkuid) Added case for root directory when mode is 
not CHECKUID_ALLOW_ONLY_DIR.
 2002-03-03 21:12:49 +00:00
James E. Flemer ecac9a7e9e (php_checkuid) Added case for root directory when mode is 
CHECKUID_ALLOW_ONLY_DIR.
 2002-03-03 20:49:04 +00:00
Sebastian Bergmann 90613d2282 Maintain headers. 2002-02-28 08:29:35 +00:00
Sebastian Bergmann 38933514e1 Update headers. 2001-12-11 15:32:16 +00:00
Derick Rethans 78747bd2df - Don't wrap lines... this is annoying while coding. 2001-09-09 13:29:31 +00:00
Zeev Suraski 1159c84ab7 - TSRMLS_FETCH work 
- whitespace fixes
 2001-08-05 01:43:02 +00:00
Zeev Suraski bc42c37513 More TSRMLS_FETCH work. Got it under 400 now. 2001-07-31 06:28:05 +00:00
Zeev Suraski d87cc976e1 Redesigned thread safety mechanism - nua nua 2001-07-28 11:36:37 +00:00
Rasmus Lerdorf 721c562e2a Fix a couple of build warnings 2001-07-16 04:31:13 +00:00
James E. Flemer 771e3e498f o Fixed Bug #12121: chdir and safe_mode 
- [ main/safe_mode.h ] added new checkuid mode:
    CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
	fails

  - [ ext/standard/dir.c ] changed php_checkuid() to use
    CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR

  - [ main/safe_mode.c ] added code for new checkuid mode

o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
  - [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
    of symlink before trimming filename

o New Feature: safe_mode_include_dir (php.ini directive)
  - Allows bypassing UID/GID checks when including files
    from the directory in safe_mode_include_dir and its
	subdirectories. (safe_mode must be on, directory must
	also be in include_path or full path must be used when
	including)

o Fixed Feature: safe_mode_gid (php.ini directive)
  - Correctly check (and report) UID/GID bits on directories

o Changed include() fall back to scripts cwd implementation
  - CWD added to the (local) search path in php_fopen_with_path()
    instead of seperate case. [ main/fopen_wrappers.c ]
 2001-07-13 18:21:21 +00:00
Rasmus Lerdorf 89a73df39c Fix Windows build (I think) 2001-07-09 18:57:19 +00:00