From 777a29fce22a741fedb69c83c3e7c2129372ee0e Mon Sep 17 00:00:00 2001
From: Christian Stocker <chregu@php.net>
Date: Mon, 10 Oct 2011 07:59:19 +0000
Subject: [PATCH] Added the xsl.security_prefs option to 5_4 and trunk and mark
 it as deprecated for BC-reasons Added tests for ini option and combination of
 both

---
 UPGRADING                                      |  9 +++++++++
 ext/xsl/php_xsl.c                              |  1 +
 ext/xsl/php_xsl.h                              |  2 ++
 .../{bug54446.phpt => bug54446_with_ini.phpt}  |  2 +-
 ext/xsl/xsltprocessor.c                        | 18 +++++++++---------
 5 files changed, 22 insertions(+), 10 deletions(-)
 rename ext/xsl/tests/{bug54446.phpt => bug54446_with_ini.phpt} (99%)

diff --git a/UPGRADING b/UPGRADING
index 7c248d04d0..94116a1369 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -153,6 +153,15 @@ UPGRADE NOTES - PHP 5.3
 
 - SplObjectStorage now has ArrayAccess support. It is also now possible to
   store associative information with objects in SplObjectStorage.
+  
+=====================
+4.1 New in PHP 5.3.9
+=====================
+
+- Write operations within XSLT (for example with the extension sax:output) are
+  disabled by default. You can define what is forbidden with the INI option
+  xsl.security_prefs. This option will be marked as deprecated in 5.4 again. 
+  Use the method XsltProcess::setSecurityPrefs($options) there.
 
 =============
 5. Deprecated
diff --git a/ext/xsl/php_xsl.c b/ext/xsl/php_xsl.c
index 6498880462..ff416c132b 100644
--- a/ext/xsl/php_xsl.c
+++ b/ext/xsl/php_xsl.c
@@ -180,6 +180,7 @@ PHP_MINIT_FUNCTION(xsl)
 	REGISTER_LONG_CONSTANT("XSL_SECPREF_CREATE_DIRECTORY", XSL_SECPREF_CREATE_DIRECTORY, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_NETWORK",     XSL_SECPREF_READ_NETWORK,     CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_NETWORK",    XSL_SECPREF_WRITE_NETWORK,    CONST_CS | CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("XSL_SECPREF_DEFAULT",          XSL_SECPREF_DEFAULT,          CONST_CS | CONST_PERSISTENT);
 
 	REGISTER_LONG_CONSTANT("LIBXSLT_VERSION",           LIBXSLT_VERSION,            CONST_CS | CONST_PERSISTENT);
 	REGISTER_STRING_CONSTANT("LIBXSLT_DOTTED_VERSION",  LIBXSLT_DOTTED_VERSION,     CONST_CS | CONST_PERSISTENT);
diff --git a/ext/xsl/php_xsl.h b/ext/xsl/php_xsl.h
index cf724fea18..27ad521254 100644
--- a/ext/xsl/php_xsl.h
+++ b/ext/xsl/php_xsl.h
@@ -50,6 +50,8 @@ extern zend_module_entry xsl_module_entry;
 #define XSL_SECPREF_CREATE_DIRECTORY 8
 #define XSL_SECPREF_READ_NETWORK 16
 #define XSL_SECPREF_WRITE_NETWORK 32
+/* Default == disable all write access ==  XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY |Â XSL_SECPREF_WRITE_FILE */
+#define XSL_SECPREF_DEFAULT 44
 
 typedef struct _xsl_object {
 	zend_object  std;
diff --git a/ext/xsl/tests/bug54446.phpt b/ext/xsl/tests/bug54446_with_ini.phpt
similarity index 99%
rename from ext/xsl/tests/bug54446.phpt
rename to ext/xsl/tests/bug54446_with_ini.phpt
index d5f46932ea..31cd1d43be 100644
--- a/ext/xsl/tests/bug54446.phpt
+++ b/ext/xsl/tests/bug54446_with_ini.phpt
@@ -1,5 +1,5 @@
 --TEST--
-Bug #54446 (Arbitrary file creation via libxslt 'output' extension)
+Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
 --SKIPIF--
 <?php
 if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
diff --git a/ext/xsl/xsltprocessor.c b/ext/xsl/xsltprocessor.c
index bba07aaee3..9e69df6b8a 100644
--- a/ext/xsl/xsltprocessor.c
+++ b/ext/xsl/xsltprocessor.c
@@ -476,7 +476,7 @@ static xmlDocPtr php_xsl_apply_stylesheet(zval *id, xsl_object *intern, xsltStyl
 	zend_object_handlers *std_hnd;
 	FILE *f;
 	int secPrefsError = 0;
-	int secPrefsIni;
+	int secPrefsValue;
 	xsltSecurityPrefsPtr secPrefs = NULL;
 
 	node = php_libxml_import_node(docp TSRMLS_CC);
@@ -535,32 +535,32 @@ static xmlDocPtr php_xsl_apply_stylesheet(zval *id, xsl_object *intern, xsltStyl
 	efree(member);
 
 	
-	secPrefsIni = INI_INT("xsl.security_prefs");
+	secPrefsValue = INI_INT("xsl.security_prefs");
 	
-	//if securityPrefs is set to NONE, we don't have to do any checks, but otherwise...
-	if (secPrefsIni != XSL_SECPREF_NONE) {
+	/* if securityPrefs is set to NONE, we don't have to do any checks, but otherwise... */
+	if (secPrefsValue != XSL_SECPREF_NONE) {
 		secPrefs = xsltNewSecurityPrefs(); 
-		if (secPrefsIni & XSL_SECPREF_READ_FILE ) { 
+		if (secPrefsValue & XSL_SECPREF_READ_FILE ) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
 		}
-		if (secPrefsIni & XSL_SECPREF_WRITE_FILE ) { 
+		if (secPrefsValue & XSL_SECPREF_WRITE_FILE ) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
 		}
-		if (secPrefsIni & XSL_SECPREF_CREATE_DIRECTORY ) { 
+		if (secPrefsValue & XSL_SECPREF_CREATE_DIRECTORY ) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
 		}
-		if (secPrefsIni & XSL_SECPREF_READ_NETWORK) { 
+		if (secPrefsValue & XSL_SECPREF_READ_NETWORK) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
 		}
-		if (secPrefsIni & XSL_SECPREF_WRITE_NETWORK) { 
+		if (secPrefsValue & XSL_SECPREF_WRITE_NETWORK) { 
 			if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) { 
 				secPrefsError = 1;
 			}
-- 
2.50.1