From: Zeev Suraski <zeev@php.net>
Date: Mon, 29 May 2000 17:22:35 +0000 (+0000)
Subject: - Added disable_functions php.ini support
X-Git-Tag: PRE_EIGHT_BYTE_ALLOC_PATCH~189
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7213c743f085cf3842418a96fd848f8b93c4d387;p=php

- Added disable_functions php.ini support
- Fixed Win32 build
---

diff --git a/NEWS b/NEWS
index 0fb582bc6b..3a17a7b78a 100644
--- a/NEWS
+++ b/NEWS
@@ -2,13 +2,15 @@ PHP 4.0                                                                    NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 
 ?? ??? 2000, Version 4.0.1
+- Added disable_functions php.ini directive, to allow administrators to disable
+  certain functions for security reasons (Zeev)
 - Fixed sessions on Win32. When setting the directory depth parameter in
   save_path you need to now delimit it with a ';' instead of ':', e.g
   "5;/tmp" instead of "5:/tmp" (Andi)
 - Changed the Apache handler's return status to 'Declined' when a requested
   PHP file could not be found.  Returning 'Not Found' caused problems
   in the ErrorDocument handler stage in that $REDIRECT_REDIRECT_ERROR_NOTES
-  was not getting set at all.  Moving to 'Declined' shoudl fix this and I
+  was not getting set at all.  Moving to 'Declined' should fix this and I
   can't see any other side effects.  (Rasmus)
 - Fixed scanning decimal numbers in internationalized environments. They should
   always be in standard US format e.g. 23.3. (Andi, Zend Engine)
diff --git a/main/internal_functions_win32.c b/main/internal_functions_win32.c
index bddc81805d..f6d1bbc3ee 100644
--- a/main/internal_functions_win32.c
+++ b/main/internal_functions_win32.c
@@ -43,7 +43,7 @@
 #include "ext/standard/php_dir.h"
 #include "ext/standard/php_filestat.h"
 #include "ext/standard/php_mail.h"
-#include "ext/standard/php_syslog.h"
+#include "ext/standard/php_ext_syslog.h"
 #include "ext/standard/php_standard.h"
 #include "ext/standard/php_lcg.h"
 #include "ext/standard/php_output.h"
diff --git a/main/main.c b/main/main.c
index 76c8d83de2..fdeeb5747a 100644
--- a/main/main.c
+++ b/main/main.c
@@ -148,6 +148,22 @@ static PHP_INI_MH(OnUpdateErrorReporting)
 }
 
 
+static PHP_INI_MH(OnDisableFunctions)
+{
+	char *func;
+	char *new_value_dup = zend_strndup(new_value, new_value_length);	/* This is an intentional leak,
+																		 * it's not a big deal as it's process-wide
+																		 */
+
+	func = strtok(new_value_dup, ", ");
+	while (func) {
+		zend_disable_function(func, strlen(func));
+		func = strtok(NULL, ", ");
+	}
+	return SUCCESS;
+}
+
+
 /* Need to convert to strings and make use of:
  * DEFAULT_SHORT_OPEN_TAG
  * PHP_SAFE_MODE
@@ -232,6 +248,8 @@ PHP_INI_BEGIN()
 	PHP_INI_ENTRY("precision",					"14",		PHP_INI_ALL,		OnSetPrecision)
 	PHP_INI_ENTRY("sendmail_from",				NULL,		PHP_INI_ALL,		NULL)
 	PHP_INI_ENTRY("sendmail_path",	DEFAULT_SENDMAIL_PATH,	PHP_INI_SYSTEM,		NULL)
+
+	PHP_INI_ENTRY("disable_functions",			"",			PHP_INI_SYSTEM,		OnDisableFunctions)
 PHP_INI_END()
 
 
diff --git a/php.ini-dist b/php.ini-dist
index a86970dcbd..0a76188079 100644
--- a/php.ini-dist
+++ b/php.ini-dist
@@ -105,6 +105,14 @@ safe_mode_protected_env_vars = LD_LIBRARY_PATH		; This directive contains a comm
 													; even if safe_mode_allowed_env_vars is
 													; set to allow to change them.
 
+
+disable_functions	=								; This directive allows you to disable certain
+													; functions for security reasons.  It receives
+													; a comma separated list of function names.
+													; This directive is *NOT* affected by whether
+													; Safe Mode is turned on or off.
+													
+
 ; Colors for Syntax Highlighting mode.  Anything that's acceptable in <font color=???> would work.
 highlight.string	=	#DD0000
 highlight.comment	=	#FF8000
diff --git a/php.ini-optimized b/php.ini-optimized
index 2f2f2152aa..3e8b721656 100644
--- a/php.ini-optimized
+++ b/php.ini-optimized
@@ -93,6 +93,14 @@ safe_mode_protected_env_vars = LD_LIBRARY_PATH		; This directive contains a comm
 													; even if safe_mode_allowed_env_vars is
 													; set to allow to change them.
 
+
+disable_functions	=								; This directive allows you to disable certain
+													; functions for security reasons.  It receives
+													; a comma separated list of function names.
+													; This directive is *NOT* affected by whether
+													; Safe Mode is turned on or off.
+
+
 ; Colors for Syntax Highlighting mode.  Anything that's acceptable in <font color=???> would work.
 highlight.string	=	#DD0000
 highlight.comment	=	#FF8000
diff --git a/php.ini-recommended b/php.ini-recommended
index 2f2f2152aa..3e8b721656 100644
--- a/php.ini-recommended
+++ b/php.ini-recommended
@@ -93,6 +93,14 @@ safe_mode_protected_env_vars = LD_LIBRARY_PATH		; This directive contains a comm
 													; even if safe_mode_allowed_env_vars is
 													; set to allow to change them.
 
+
+disable_functions	=								; This directive allows you to disable certain
+													; functions for security reasons.  It receives
+													; a comma separated list of function names.
+													; This directive is *NOT* affected by whether
+													; Safe Mode is turned on or off.
+
+
 ; Colors for Syntax Highlighting mode.  Anything that's acceptable in <font color=???> would work.
 highlight.string	=	#DD0000
 highlight.comment	=	#FF8000