Added the xsl.security_prefs option to 5_4 and trunk and

mark it as deprecated for BC-reasons
Added tests for ini option and combination of both

diff --git a/UPGRADING b/UPGRADING
index 7c248d04d02a6f03e4e8d7770160b1f54f290575..94116a136998dcadc0c1476204e66e73dab91410 100755 (executable)
--- a/UPGRADING
+++ b/UPGRADING
@@ -153,6 +153,15 @@ UPGRADE NOTES - PHP 5.3
 
 - SplObjectStorage now has ArrayAccess support. It is also now possible to
   store associative information with objects in SplObjectStorage.
+  
+=====================
+4.1 New in PHP 5.3.9
+=====================
+
+- Write operations within XSLT (for example with the extension sax:output) are
+  disabled by default. You can define what is forbidden with the INI option
+  xsl.security_prefs. This option will be marked as deprecated in 5.4 again. 
+  Use the method XsltProcess::setSecurityPrefs($options) there.
 
 =============
 5. Deprecated

diff --git a/ext/xsl/php_xsl.c b/ext/xsl/php_xsl.c
index 6498880462445552e019fe106deddc443a90e9b9..ff416c132b5bab6f109383404f3c2dc033d9cfff 100644 (file)
--- a/ext/xsl/php_xsl.c
+++ b/ext/xsl/php_xsl.c
@@ -180,6 +180,7 @@ PHP_MINIT_FUNCTION(xsl)
        REGISTER_LONG_CONSTANT("XSL_SECPREF_CREATE_DIRECTORY", XSL_SECPREF_CREATE_DIRECTORY, CONST_CS | CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_NETWORK",     XSL_SECPREF_READ_NETWORK,     CONST_CS | CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_NETWORK",    XSL_SECPREF_WRITE_NETWORK,    CONST_CS | CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("XSL_SECPREF_DEFAULT",          XSL_SECPREF_DEFAULT,          CONST_CS | CONST_PERSISTENT);
 
        REGISTER_LONG_CONSTANT("LIBXSLT_VERSION",           LIBXSLT_VERSION,            CONST_CS | CONST_PERSISTENT);
        REGISTER_STRING_CONSTANT("LIBXSLT_DOTTED_VERSION",  LIBXSLT_DOTTED_VERSION,     CONST_CS | CONST_PERSISTENT);

diff --git a/ext/xsl/php_xsl.h b/ext/xsl/php_xsl.h
index cf724fea1883e37c2e5e14849e3db80537d3a66c..27ad5212542d89e438c136cd2c9240d908221c0c 100644 (file)
--- a/ext/xsl/php_xsl.h
+++ b/ext/xsl/php_xsl.h
@@ -50,6 +50,8 @@ extern zend_module_entry xsl_module_entry;
 #define XSL_SECPREF_CREATE_DIRECTORY 8
 #define XSL_SECPREF_READ_NETWORK 16
 #define XSL_SECPREF_WRITE_NETWORK 32
+/* Default == disable all write access ==  XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_FILE */
+#define XSL_SECPREF_DEFAULT 44
 
 typedef struct _xsl_object {
        zend_object  std;

diff --git a/ext/xsl/tests/bug54446.phpt b/ext/xsl/tests/bug54446_with_ini.phpt
similarity index 99%
rename from ext/xsl/tests/bug54446.phpt
rename to ext/xsl/tests/bug54446_with_ini.phpt
index d5f46932eaca145e9569e5c3084db829400f9d27..31cd1d43be9d4b4749e325ccec88942c8debb102 100644 (file)
--- a/ext/xsl/tests/bug54446.phpt
+++ b/ext/xsl/tests/bug54446_with_ini.phpt
@@ -1,5 +1,5 @@
 --TEST--
-Bug #54446 (Arbitrary file creation via libxslt 'output' extension)
+Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
 --SKIPIF--
 <?php
 if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");

diff --git a/ext/xsl/xsltprocessor.c b/ext/xsl/xsltprocessor.c
index bba07aaee36a2f07d6af8b7407f87c2c99edaf87..9e69df6b8ad636988c6fd3556876a59212a84385 100644 (file)
--- a/ext/xsl/xsltprocessor.c
+++ b/ext/xsl/xsltprocessor.c
@@ -476,7 +476,7 @@ static xmlDocPtr php_xsl_apply_stylesheet(zval *id, xsl_object *intern, xsltStyl
        zend_object_handlers *std_hnd;
        FILE *f;
        int secPrefsError = 0;
-       int secPrefsIni;
+       int secPrefsValue;
        xsltSecurityPrefsPtr secPrefs = NULL;
 
        node = php_libxml_import_node(docp TSRMLS_CC);
@@ -535,32 +535,32 @@ static xmlDocPtr php_xsl_apply_stylesheet(zval *id, xsl_object *intern, xsltStyl
        efree(member);
 
        
-       secPrefsIni = INI_INT("xsl.security_prefs");
+       secPrefsValue = INI_INT("xsl.security_prefs");
        
-       //if securityPrefs is set to NONE, we don't have to do any checks, but otherwise...
-       if (secPrefsIni != XSL_SECPREF_NONE) {
+       /* if securityPrefs is set to NONE, we don't have to do any checks, but otherwise... */
+       if (secPrefsValue != XSL_SECPREF_NONE) {
                secPrefs = xsltNewSecurityPrefs(); 
-               if (secPrefsIni & XSL_SECPREF_READ_FILE ) { 
+               if (secPrefsValue & XSL_SECPREF_READ_FILE ) { 
                        if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid)) { 
                                secPrefsError = 1;
                        }
                }
-               if (secPrefsIni & XSL_SECPREF_WRITE_FILE ) { 
+               if (secPrefsValue & XSL_SECPREF_WRITE_FILE ) { 
                        if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) { 
                                secPrefsError = 1;
                        }
                }
-               if (secPrefsIni & XSL_SECPREF_CREATE_DIRECTORY ) { 
+               if (secPrefsValue & XSL_SECPREF_CREATE_DIRECTORY ) { 
                        if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) { 
                                secPrefsError = 1;
                        }
                }
-               if (secPrefsIni & XSL_SECPREF_READ_NETWORK) { 
+               if (secPrefsValue & XSL_SECPREF_READ_NETWORK) { 
                        if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid)) { 
                                secPrefsError = 1;
                        }
                }
-               if (secPrefsIni & XSL_SECPREF_WRITE_NETWORK) { 
+               if (secPrefsValue & XSL_SECPREF_WRITE_NETWORK) { 
                        if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) { 
                                secPrefsError = 1;
                        }