This is one of the last old and odd deprecated settings we still have in PHP, it was never fully implemented in all the database extensions and should probably have been gone back in 5.4, along with safe_mode. Although if my memory strikes me right, mysql was also supporting it back then, but not mysqli.
So far only interbase was supporting this feature, and the removal of it causes two effects for interbase:
- CREATE DATABASE is now allowed no matter
- The default database set by php.ini (ibase.default_db) is no longer forced
http://php.net/ini.core#ini.sql.safe-mode
TLS is already used in TSRM, the way exporting the tsrm cache through
a thread local variable is not portable. Additionally, the current
patch suffers from bugs which are hard to find, but prevent it to
be worky with apache. What is done here is mainly uses the idea
from the RFC patch, but
- __thread variable is removed
- offset math and declarations are removed
- extra macros and definitions are removed
What is done merely is
- use an inline function to access the tsrm cache. The function uses
the portable tsrm_tls_get macro which is cheap
- all the TSRM_* macros are set to placebo. Thus this opens the way
remove them later
Except that, the logic is old. TSRMLS_FETCH will have to be done once
per thread, then tsrm_get_ls_cache() can be used. Things seeming to be
worky are cli, cli server and apache. I also tried to enable bz2
shared and it has worked out of the box. The change is yet minimal
diffing to the current master bus is a worky start, IMHO. Though will
have to recheck the other previously done SAPIs - embed and cgi.
The offsets can be added to the tsrm_resource_type struct, then
it'll not be needed to declare them in the userspace. Even the
"done" member type can be changed to int16 or smaller, then adding
the offset as int16 will not change the struct size. As well on the
todo might be removing the hashed storage, thread_id != thread_id and
linked list logic in favour of the explicit TLS operations.
Added a new configuration directive which allows it to change the
temporary directory, the default behavior is unchanged.
This is a useful option if you use all/some hosts inside of one .ini file
with sections and want to change the temp dir per user (maybe it's not
allowed to write outside the users home directory). Since the TMPDIR
variable affects the whole php that way can not be used for this scenario.
(see https://bugs.php.net/bug.php?id=60524)
* Removed ini options, safe_mode*
* Removed --enable-safe-mode --with-exec-dir configure options on Unix
* Updated extensions, SAPI's and core
* php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
Added mail logging functionality that allows logging of mail sent via
mail() function
THe logging functionality is disabled by default but can be enabled on a
per-directory or globaly via 2 INI settings.
The mail.log directive allows you to specify the file where each call to
mail() will be logged. The log file will contain the path and line # of the
calling script in addition to all of the headers indicated by the user.
The mail.add_x_header directive will introduce a X-PHP-Originating-Script
header that will contain the file name (no path) of the calling script and
the uid of the script. This combination should be sufficient for the admin
to locate the sending script.
