diff options
| author | Rasmus Lerdorf <rasmus@php.net> | 2006-06-16 14:09:01 +0000 |
|---|---|---|
| committer | Rasmus Lerdorf <rasmus@php.net> | 2006-06-16 14:09:01 +0000 |
| commit | 6bfeea9eb9543cb5a5f2c024a57f7c8ecfc84968 (patch) | |
| tree | 948506cfed0b1ad84ca21edbb3216ed0b4b15099 | |
| parent | 6320ee11cfdfbbda2b94f092a57a1eb8561aa3a5 (diff) | |
| download | php-git-6bfeea9eb9543cb5a5f2c024a57f7c8ecfc84968.tar.gz | |
MFH: Backported allow_url_include from HEAD. This directive allows
separate control of URL handling in includes/requires allowing sites to
enable allow_url_fopen without enabling remote includes.
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | main/main.c | 1 | ||||
| -rw-r--r-- | main/php_globals.h | 1 | ||||
| -rwxr-xr-x | main/streams/streams.c | 2 | ||||
| -rw-r--r-- | php.ini-dist | 3 |
5 files changed, 7 insertions, 1 deletions
@@ -43,6 +43,7 @@ PHP NEWS . Added readInnerXML(), readOuterXML(), readString(), setSchema(). (2.6.20+) . Changed to passing libxml options when loading reader. +- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus) - Added automatic module globals management. (Dmitry) - Added RFC2397 (data: stream) support. (Marcus) - Added new error mode E_RECOVERABLE_ERROR. (Derick, Marcus, Tony) diff --git a/main/main.c b/main/main.c index 174705ccde..e2e8e37610 100644 --- a/main/main.c +++ b/main/main.c @@ -322,6 +322,7 @@ PHP_INI_BEGIN() PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals) STD_PHP_INI_ENTRY("realpath_cache_size", "16K", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals) STD_PHP_INI_ENTRY("realpath_cache_ttl", "120", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_ttl, virtual_cwd_globals, cwd_globals) diff --git a/main/php_globals.h b/main/php_globals.h index 5ce9de80d6..582a472277 100644 --- a/main/php_globals.h +++ b/main/php_globals.h @@ -150,6 +150,7 @@ struct _php_core_globals { char *disable_functions; char *disable_classes; + zend_bool allow_url_include; }; diff --git a/main/streams/streams.c b/main/streams/streams.c index 8a25d8d3be..4a9c119801 100755 --- a/main/streams/streams.c +++ b/main/streams/streams.c @@ -1605,7 +1605,7 @@ PHPAPI php_stream_wrapper *php_stream_locate_url_wrapper(const char *path, char return &php_plain_files_wrapper; } - if (wrapperpp && (*wrapperpp)->is_url && !PG(allow_url_fopen)) { + if ((wrapperpp && (*wrapperpp)->is_url) && (!PG(allow_url_fopen) || ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include))) ) { if (options & REPORT_ERRORS) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration"); } diff --git a/php.ini-dist b/php.ini-dist index ffbaae89b6..8d2e74a5da 100644 --- a/php.ini-dist +++ b/php.ini-dist @@ -531,6 +531,9 @@ upload_max_filesize = 2M ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. allow_url_fopen = On +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +allow_url_include = Off + ; Define the anonymous ftp password (your email address) ;from="john@doe.com" |