| #
771e3e49 |
| 13-Jul-2001 |
James E. Flemer |
o Fixed Bug #12121: chdir and safe_mode
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ex
o Fixed Bug #12121: chdir and safe_mode
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ext/standard/dir.c ] changed php_checkuid() to use
CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR
- [ main/safe_mode.c ] added code for new checkuid mode
o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
- [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
of symlink before trimming filename
o New Feature: safe_mode_include_dir (php.ini directive)
- Allows bypassing UID/GID checks when including files
from the directory in safe_mode_include_dir and its
subdirectories. (safe_mode must be on, directory must
also be in include_path or full path must be used when
including)
o Fixed Feature: safe_mode_gid (php.ini directive)
- Correctly check (and report) UID/GID bits on directories
o Changed include() fall back to scripts cwd implementation
- CWD added to the (local) search path in php_fopen_with_path()
instead of seperate case. [ main/fopen_wrappers.c ]
show more ...
|
| #
3dd33fde |
| 13-Jul-2001 |
Sascha Schumann |
Fix xmlrpc_error:number handling
|
| #
a2ce3c70 |
| 10-Jul-2001 |
Sascha Schumann |
Allow errors to be returned as XMLRPC fault packets.
Submitted by: Matt Allen <matt@investigationmarketplace.com>
|
| #
934e10c7 |
| 09-Jul-2001 |
Rasmus Lerdorf |
Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a
Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a gid check instead of a uid check. (James E. Flemer, Rasmus)
show more ...
|
|
Revision tags: PRE_GRANULAR_GARBAGE_FIX, php-4.0.6, php-4.0.6RC4, php-4.0.6RC3, php-4.0.6RC2, php-4.0.6RC1, php-4.0.5, php-4.0.5RC8, php-4.0.5RC7 |
|
| #
c34d2b91 |
| 04-Apr-2001 |
foobar |
Added new configuration directives:
arg_separator.input and arg_separator.output
|
|
Revision tags: php-4.0.5RC6, php-4.0.5RC5, php-4.0.5RC4, php-4.0.5RC3, php-4.0.5RC2, php-4.0.5RC1 |
|
| #
eb6ba01d |
| 26-Feb-2001 |
Andi Gutmans |
- Fix copyright notices with 2001
|
| #
d294f46f |
| 15-Jan-2001 |
Zeev Suraski |
- Remove the ini_extension_list global
- Switch to delayed loading of Zend extensions
|
| #
db0b8bc0 |
| 15-Jan-2001 |
Sascha Schumann |
Defer loading of extensions until all configuration entries have been
added to the configuration hash.
|
|
Revision tags: php-4.0.4pl1, php-4.0.4pl1RC2, php-4.0.4pl1RC1, php-4.0.4REL, php-4.0.4RC6, php-4.0.4RC5, php-4.0.4RC4, php-4.0.4RC3 |
|
| #
0f7f5c2c |
| 13-Nov-2000 |
Zeev Suraski |
- Import Jade Nicoletti's transparent gzip encoding support as an output
handler. Works quite nicely!
- Fix buglets in output buffering
- Add output_handler INI directive
|
| #
cae27179 |
| 13-Oct-2000 |
Hartmut Holzgraefe |
fopen wrappers cleanup
- comfiguration is now done by an ini parameter
instead of a compile time option
- the implementations of the three standard wrappers
now live in se
fopen wrappers cleanup
- comfiguration is now done by an ini parameter
instead of a compile time option
- the implementations of the three standard wrappers
now live in seperate files in ext/standard
- the compiler is happy again, no more warnings
show more ...
|
|
Revision tags: php-4.0.3, php-4.0.3RC2, php-4.0.3RC1 |
|
| #
b7ecaacd |
| 09-Sep-2000 |
Zeev Suraski |
More security-related (control) patches:
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit. Defaults to 8MB.
- Impleme
More security-related (control) patches:
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit. Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
show more ...
|
| #
bfa301df |
| 06-Sep-2000 |
Zeev Suraski |
Fix ordering
|
| #
eb321449 |
| 05-Sep-2000 |
Zeev Suraski |
- Remove track_vars - it is now always on
- Make the various $HTTP_*_VARS[] arrays be defined always,
even if they're empty
- Fix Win32 build and warnings
|
| #
ed453cc9 |
| 04-Sep-2000 |
Zeev Suraski |
Fix the file upload security problem with no side effects (untested)
|
|
Revision tags: php-4.0.2, PRE_LIBMYSQL_REVERT, php-4.0.2RC1, PRE_FILE_COMPILE_API_CHANGE, PRE_METHOD_CALL_SEPERATE_FIX_PATCH |
|
| #
23ca7b9f |
| 04-Jul-2000 |
Stig Bakken |
Added "html_errors" directive to optionally disable HTML formatting of error
messages. The default is on. (Stig)
|
| #
16017f6d |
| 02-Jul-2000 |
Sascha Schumann |
Change header protection macros to conform to standard.
Draft 3 of IEEE 1003.1 200x, "2.2 The Compilation Environment"
All identifiers that begin with an underscore and either an
Change header protection macros to conform to standard.
Draft 3 of IEEE 1003.1 200x, "2.2 The Compilation Environment"
All identifiers that begin with an underscore and either an uppercase
letter or another underscore are always reserved for any use by the
implementation.
show more ...
|
|
Revision tags: php-4.0.1pl1, php-4.0.1, php-4.0.1RC2, php-4.0.1RC |
|
| #
c885f468 |
| 16-Jun-2000 |
Zeev Suraski |
Improve timeout support - ini_get("max_execution_time", ...) works now
|
|
Revision tags: PRE_EIGHT_BYTE_ALLOC_PATCH |
|
| #
34c40031 |
| 06-Jun-2000 |
Zeev Suraski |
@- Made the short_tags, asp_tags and allow_call_time_pass_reference INI directives work
@ on a per-directory basis as well, e.g. from .htaccess files (Zeev)
|
| #
8fb954ae |
| 29-May-2000 |
Zeev Suraski |
Fix startup sequence. It should do it this time.
|
|
Revision tags: php-4.0.0 |
|
| #
e043439f |
| 18-May-2000 |
Zeev Suraski |
Update the license with the new clause 6
|
|
Revision tags: php-4.0RC2 |
|
| #
6727342b |
| 14-Apr-2000 |
Rasmus Lerdorf |
Make error_prepend_string and error_append_string work
@Make error_prepend_string and error_append_string work
|
|
Revision tags: PHP-4.0-RC1 |
|
| #
7a955aa1 |
| 26-Feb-2000 |
Zeev Suraski |
@- Fixed a (fairly common) situation where error_reporting values would not be
@ properly restored after a call to error_reporting(), in between requests (Zeev)
|
| #
e5c8aeb3 |
| 26-Feb-2000 |
Zeev Suraski |
- Protect $HTTP_POST_FILES[] as well
|
| #
0e90b9dc |
| 26-Feb-2000 |
Zeev Suraski |
@- The various $HTTP_*_VARS[] are now protected, and cannot be manipulated by
@ user input (Zeev)
This patch is untested! I'll only have time to test it thoroughly in a couple of hours...
|
| #
d23e5d83 |
| 25-Feb-2000 |
Stig Bakken |
@- Implemented default_charset and default_mimetype config directives (Stig)
Implemented default_charset and default_mimetype configuration directives.
Started implementing ticks in PHP.
|
