?? ??? 200?, PHP 5.3.0 Alpha 4
- Changed opendir/dir/scandir to use default context
when no context argument is passed. (Sara)
+- Changed open_basedir to allow tightening in runtime contexts. (Sara)
- Fixed bug #46811 ini_set() doesn't return false on failure. (Hannes)
--- /dev/null
+--TEST--
+openbase_dir runtime tightning
+--INI--
+open_basedir=/usr/local
+--FILE--
+<?php
+var_dump(ini_set("open_basedir", "/usr/local/bin"));
+var_dump(ini_get("open_basedir"));
+var_dump(ini_set("open_basedir", "/usr"));
+var_dump(ini_get("open_basedir"));
+?>
+--EXPECT--
+string(10) "/usr/local"
+string(14) "/usr/local/bin"
+bool(false)
+string(14) "/usr/local/bin"
+
#endif
/* }}} */
+/* {{{ OnUpdateBaseDir
+Allows any change to open_basedir setting in during Startup and Shutdown events,
+or a tightening during activation/runtime/deactivation */
+PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
+{
+ char **p, *pathbuf, *ptr, *end;
+#ifndef ZTS
+ char *base = (char *) mh_arg2;
+#else
+ char *base = (char *) ts_resource(*((int *) mh_arg2));
+#endif
+
+ p = (char **) (base + (size_t) mh_arg1);
+
+ if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN) {
+ /* We're in a PHP_INI_SYSTEM context, no restrictions */
+ *p = new_value;
+ return SUCCESS;
+ }
+
+ /* Otherwise we're in runtime */
+ if (!*p || !**p) {
+ /* open_basedir not set yet, go ahead and give it a value */
+ *p = new_value;
+ return SUCCESS;
+ }
+
+ /* Shortcut: When we have a open_basedir and someone tries to unset, we know it'll fail */
+ if (!new_value || !*new_value) {
+ return FAILURE;
+ }
+
+ /* Is the proposed open_basedir at least as restrictive as the current setting? */
+ ptr = pathbuf = estrdup(new_value);
+ while (ptr && *ptr) {
+ end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+ if (end != NULL) {
+ *end = '\0';
+ end++;
+ }
+ if (php_check_open_basedir_ex(ptr, 0 TSRMLS_CC) != 0) {
+ /* At least one portion of this open_basedir is less restrictive than the prior one, FAIL */
+ efree(pathbuf);
+ return FAILURE;
+ }
+ ptr = end;
+ }
+ efree(pathbuf);
+
+ /* Everything checks out, set it */
+ *p = new_value;
+
+ return SUCCESS;
+}
+/* }}} */
+
/* {{{ php_check_specific_open_basedir
When open_basedir is not NULL, check if the given filename is located in
open_basedir. Returns -1 if error or not in the open_basedir, else 0.
BEGIN_EXTERN_C()
#include "php_globals.h"
+#include "php_ini.h"
PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC);
PHPAPI char *expand_filepath(const char *filepath, char *real_path TSRMLS_DC);
PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const char *path, char **opened_path TSRMLS_DC);
PHPAPI char *php_strip_url_passwd(char *path);
+
+PHPAPI ZEND_INI_MH(OnUpdateBaseDir);
END_EXTERN_C()
#endif
projects / php / commitdiff