From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Mon, 11 Mar 2019 15:28:46 +0000 (+0100)
Subject: Merge branch 'PHP-7.2' into PHP-7.3
X-Git-Tag: php-7.3.4RC1~25
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e7ce7c6bb211011569d8036b663bc4ccd45b9984;p=php

Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
---

e7ce7c6bb211011569d8036b663bc4ccd45b9984
diff --cc php.ini-development
index 1cf2a41bf8,b8141af076..e475e379ea
--- a/php.ini-development
+++ b/php.ini-development
@@@ -1004,10 -986,21 +1004,21 @@@ cli_server.color = O
  ;intl.use_exceptions = 0
  
  [sqlite3]
+ ; Directory pointing to SQLite3 extensions
+ ; http://php.net/sqlite3.extension-dir
  ;sqlite3.extension_dir =
  
+ ; SQLite defensive mode flag (only available from SQLite 3.26+)
+ ; When the defensive flag is enabled, language features that allow ordinary
+ ; SQL to deliberately corrupt the database file are disabled. This forbids
+ ; writing directly to the schema, shadow tables (eg. FTS data tables), or
+ ; the sqlite_dbpage virtual table.
+ ; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+ ; (for older SQLite versions, this flag has no use)
+ sqlite3.defensive = 1
+ 
  [Pcre]
 -;PCRE library backtracking limit.
 +; PCRE library backtracking limit.
  ; http://php.net/pcre.backtrack-limit
  ;pcre.backtrack_limit=100000
  
diff --cc php.ini-production
index fa09ade786,1dbbfc8d76..980e9a8cda
--- a/php.ini-production
+++ b/php.ini-production
@@@ -1011,10 -993,21 +1011,21 @@@ cli_server.color = O
  ;intl.use_exceptions = 0
  
  [sqlite3]
+ ; Directory pointing to SQLite3 extensions
+ ; http://php.net/sqlite3.extension-dir
  ;sqlite3.extension_dir =
  
+ ; SQLite defensive mode flag (only available from SQLite 3.26+)
+ ; When the defensive flag is enabled, language features that allow ordinary
+ ; SQL to deliberately corrupt the database file are disabled. This forbids
+ ; writing directly to the schema, shadow tables (eg. FTS data tables), or
+ ; the sqlite_dbpage virtual table.
+ ; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+ ; (for older SQLite versions, this flag has no use)
+ sqlite3.defensive = 1
+ 
  [Pcre]
 -;PCRE library backtracking limit.
 +; PCRE library backtracking limit.
  ; http://php.net/pcre.backtrack-limit
  ;pcre.backtrack_limit=100000