Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs()

to define forbidden operations within XSLT stylesheets, default is not to 
enable any write operations from XSLT anymore. Bug #54446

1 files changed, 9 insertions, 0 deletions

diff --git a/ext/xsl/php_xsl.h b/ext/xsl/php_xsl.h
index 5d1ffa5c3f..8782077413 100644
--- a/ext/xsl/php_xsl.h
+++ b/ext/xsl/php_xsl.h
@@ -32,6 +32,7 @@ extern zend_module_entry xsl_module_entry;
 #include <libxslt/xsltInternals.h>
 #include <libxslt/xsltutils.h>
 #include <libxslt/transform.h>
+#include <libxslt/security.h> 
 #if HAVE_XSL_EXSLT
 #include <libexslt/exslt.h>
 #include <libexslt/exsltconfig.h>
@@ -43,6 +44,13 @@ extern zend_module_entry xsl_module_entry;
 #include <libxslt/extensions.h>
 #include <libxml/xpathInternals.h>
 
+#define XSL_SECPREF_NONE 0
+#define XSL_SECPREF_READ_FILE 2
+#define XSL_SECPREF_WRITE_FILE 4
+#define XSL_SECPREF_CREATE_DIRECTORY 8
+#define XSL_SECPREF_READ_NETWORK 16
+#define XSL_SECPREF_WRITE_NETWORK 32
+
 typedef struct _xsl_object {
 	zend_object  std;
 	void *ptr;
@@ -55,6 +63,7 @@ typedef struct _xsl_object {
 	HashTable *node_list;
 	php_libxml_node_object *doc;
 	char *profiling;
+	long securityPrefs;
 } xsl_object;
 
 void php_xsl_set_object(zval *wrapper, void *obj TSRMLS_DC);