diff options
| author | Zeev Suraski <zeev@php.net> | 2000-05-29 17:22:35 +0000 |
|---|---|---|
| committer | Zeev Suraski <zeev@php.net> | 2000-05-29 17:22:35 +0000 |
| commit | 7213c743f085cf3842418a96fd848f8b93c4d387 (patch) | |
| tree | 63011021b3a119459d41f617a741b04ff1bd1d8b | |
| parent | bc7abb330002089a5311bb5482ea4c0ce38f4470 (diff) | |
| download | php-git-7213c743f085cf3842418a96fd848f8b93c4d387.tar.gz | |
- Added disable_functions php.ini support
- Fixed Win32 build
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | main/internal_functions_win32.c | 2 | ||||
| -rw-r--r-- | main/main.c | 18 | ||||
| -rw-r--r-- | php.ini-dist | 8 | ||||
| -rw-r--r-- | php.ini-optimized | 8 | ||||
| -rw-r--r-- | php.ini-recommended | 8 |
6 files changed, 46 insertions, 2 deletions
@@ -2,13 +2,15 @@ PHP 4.0 NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2000, Version 4.0.1 +- Added disable_functions php.ini directive, to allow administrators to disable + certain functions for security reasons (Zeev) - Fixed sessions on Win32. When setting the directory depth parameter in save_path you need to now delimit it with a ';' instead of ':', e.g "5;/tmp" instead of "5:/tmp" (Andi) - Changed the Apache handler's return status to 'Declined' when a requested PHP file could not be found. Returning 'Not Found' caused problems in the ErrorDocument handler stage in that $REDIRECT_REDIRECT_ERROR_NOTES - was not getting set at all. Moving to 'Declined' shoudl fix this and I + was not getting set at all. Moving to 'Declined' should fix this and I can't see any other side effects. (Rasmus) - Fixed scanning decimal numbers in internationalized environments. They should always be in standard US format e.g. 23.3. (Andi, Zend Engine) diff --git a/main/internal_functions_win32.c b/main/internal_functions_win32.c index bddc81805d..f6d1bbc3ee 100644 --- a/main/internal_functions_win32.c +++ b/main/internal_functions_win32.c @@ -43,7 +43,7 @@ #include "ext/standard/php_dir.h" #include "ext/standard/php_filestat.h" #include "ext/standard/php_mail.h" -#include "ext/standard/php_syslog.h" +#include "ext/standard/php_ext_syslog.h" #include "ext/standard/php_standard.h" #include "ext/standard/php_lcg.h" #include "ext/standard/php_output.h" diff --git a/main/main.c b/main/main.c index 76c8d83de2..fdeeb5747a 100644 --- a/main/main.c +++ b/main/main.c @@ -148,6 +148,22 @@ static PHP_INI_MH(OnUpdateErrorReporting) } +static PHP_INI_MH(OnDisableFunctions) +{ + char *func; + char *new_value_dup = zend_strndup(new_value, new_value_length); /* This is an intentional leak, + * it's not a big deal as it's process-wide + */ + + func = strtok(new_value_dup, ", "); + while (func) { + zend_disable_function(func, strlen(func)); + func = strtok(NULL, ", "); + } + return SUCCESS; +} + + /* Need to convert to strings and make use of: * DEFAULT_SHORT_OPEN_TAG * PHP_SAFE_MODE @@ -232,6 +248,8 @@ PHP_INI_BEGIN() PHP_INI_ENTRY("precision", "14", PHP_INI_ALL, OnSetPrecision) PHP_INI_ENTRY("sendmail_from", NULL, PHP_INI_ALL, NULL) PHP_INI_ENTRY("sendmail_path", DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL) + + PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, OnDisableFunctions) PHP_INI_END() diff --git a/php.ini-dist b/php.ini-dist index a86970dcbd..0a76188079 100644 --- a/php.ini-dist +++ b/php.ini-dist @@ -105,6 +105,14 @@ safe_mode_protected_env_vars = LD_LIBRARY_PATH ; This directive contains a comm ; even if safe_mode_allowed_env_vars is ; set to allow to change them. + +disable_functions = ; This directive allows you to disable certain + ; functions for security reasons. It receives + ; a comma separated list of function names. + ; This directive is *NOT* affected by whether + ; Safe Mode is turned on or off. + + ; Colors for Syntax Highlighting mode. Anything that's acceptable in <font color=???> would work. highlight.string = #DD0000 highlight.comment = #FF8000 diff --git a/php.ini-optimized b/php.ini-optimized index 2f2f2152aa..3e8b721656 100644 --- a/php.ini-optimized +++ b/php.ini-optimized @@ -93,6 +93,14 @@ safe_mode_protected_env_vars = LD_LIBRARY_PATH ; This directive contains a comm ; even if safe_mode_allowed_env_vars is ; set to allow to change them. + +disable_functions = ; This directive allows you to disable certain + ; functions for security reasons. It receives + ; a comma separated list of function names. + ; This directive is *NOT* affected by whether + ; Safe Mode is turned on or off. + + ; Colors for Syntax Highlighting mode. Anything that's acceptable in <font color=???> would work. highlight.string = #DD0000 highlight.comment = #FF8000 diff --git a/php.ini-recommended b/php.ini-recommended index 2f2f2152aa..3e8b721656 100644 --- a/php.ini-recommended +++ b/php.ini-recommended @@ -93,6 +93,14 @@ safe_mode_protected_env_vars = LD_LIBRARY_PATH ; This directive contains a comm ; even if safe_mode_allowed_env_vars is ; set to allow to change them. + +disable_functions = ; This directive allows you to disable certain + ; functions for security reasons. It receives + ; a comma separated list of function names. + ; This directive is *NOT* affected by whether + ; Safe Mode is turned on or off. + + ; Colors for Syntax Highlighting mode. Anything that's acceptable in <font color=???> would work. highlight.string = #DD0000 highlight.comment = #FF8000 |