summaryrefslogtreecommitdiff
path: root/main/safe_mode.c
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix a couple of build warningsRasmus Lerdorf2001-07-161-1/+1
|
* o Fixed Bug #12121: chdir and safe_modeJames E. Flemer2001-07-131-42/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - [ main/safe_mode.h ] added new checkuid mode: CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check fails - [ ext/standard/dir.c ] changed php_checkuid() to use CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR - [ main/safe_mode.c ] added code for new checkuid mode o Fixed Bug #12119: safe mode owner check can be bypassed with symlink - [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination of symlink before trimming filename o New Feature: safe_mode_include_dir (php.ini directive) - Allows bypassing UID/GID checks when including files from the directory in safe_mode_include_dir and its subdirectories. (safe_mode must be on, directory must also be in include_path or full path must be used when including) o Fixed Feature: safe_mode_gid (php.ini directive) - Correctly check (and report) UID/GID bits on directories o Changed include() fall back to scripts cwd implementation - CWD added to the (local) search path in php_fopen_with_path() instead of seperate case. [ main/fopen_wrappers.c ]
* Fix Windows build (I think)Rasmus Lerdorf2001-07-091-0/+1
|
* Add getmygid() and safe_mode_gid ini directive to allow safe mode to doRasmus Lerdorf2001-07-091-2/+9
| | | | | | | a gid check instead of a uid check. @ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do @ a gid check instead of a uid check. (James E. Flemer, Rasmus)
* Fix folding and clean up some extensionsRasmus Lerdorf2001-06-061-1/+2
|
* vim-6 does folding - clean up a bunch of missing folding tags plusRasmus Lerdorf2001-06-051-0/+8
| | | | | some misguided RINIT and RSHUTDOWN calls in a few fringe extensions
* - Change macros from V_ to VCWD_ because of AIX name clashAndi Gutmans2001-04-301-4/+4
|
* - Fix copyright notices with 2001Andi Gutmans2001-02-261-1/+1
|
* - Fix warningAndi Gutmans2001-02-121-1/+1
| | | | | | | | PR: Submitted by: Reviewed by: Obtained from:
* @- Allow access to uploaded files in safe_mode. Beware that you can onlyThies C. Arntzen2001-01-091-0/+8
| | | | | | @ read the file. If you copy it to new location the copy will not have the @ right UID and you script won't be able to access that copy. (Thies)
* - Make all places use MAXPATHLEN in the same way. It includes theAndi Gutmans2000-12-161-1/+1
| | | | | terminating NULL.
* - Define the different possible modes for readibility and use in the restAndi Gutmans2000-11-011-34/+44
| | | | | - of PHP
* - In function declerations the opening { should be on a new lineAndi Gutmans2000-11-011-1/+2
|
* - I wrote a long msg but the commit didn't go through.Zeev Suraski2000-06-251-1/+9
| | | | | | | | | | - So here is the short version: - a) Start moving to binary opens in Windows - b) Give checkuid_mode() a small face lift including the fopen-wrappers.c - The mode to this function should at least be a #define but that is for - another day. Anyway this whole stuff should be given more face lifts in - the future.
* Update the license with the new clause 6Zeev Suraski2000-05-181-2/+2
|
* - Add missing V_STAT()Andi Gutmans2000-04-201-3/+3
|
* - Change PHP_ to V_ (directory & file functions)Andi Gutmans2000-04-151-1/+1
|
* - Fix another bug in session.cAndi Gutmans2000-03-301-1/+1
| | | | | - Start using the new PHP_GETCWD() and co. macros
* Get the license right... (this won't make it to RC1 of B4)Zeev Suraski2000-02-191-2/+2
|
* request_info.c is dead! long live SAPIZeev Suraski2000-02-101-5/+5
| | | | | | | @- Finished the server abstraction layer; All of the PHP code is now shared @ across different servers (Apache, CGI, IIS, etc.), except for thin @ interface modules (Zeev)
* More cleanup!Zeev Suraski2000-02-101-4/+4
|
* More cleanup...Zeev Suraski2000-02-101-10/+4
|
* # Fix silly typoRasmus Lerdorf2000-01-081-1/+1
|
* Happy Y2K patch! Happy new year (or the new millennium, depending on whetherSascha Schumann2000-01-011-1/+1
| | | | | you start counting at 0 or 1).
* More php3_ annihilationZeev Suraski1999-12-171-2/+2
|
* More php3_ annihilationZeev Suraski1999-12-171-3/+3
|
* Removed '3' from key functions in PHP (maintained compatibility throughZeev Suraski1999-08-021-5/+5
| | | | | php3_compat.h)
* License updateZeev Suraski1999-07-161-20/+9
|
* * Get rid of another request_info element (filename)Zeev Suraski1999-06-261-1/+1
| | | | | * CGI through Apache should work now
* * Get the Apache module to compile againZeev Suraski1999-04-261-1/+3
| | | | | | * Get rid of php3_rqst, use SG(server_context) instead (there's still Apache-specific code, but it nuked a global)
* A lot of cleanups... Removed old thread-safe code and other redundant code ↵Zeev Suraski1999-04-241-8/+7
| | | | and files
* Remove tls.[ch]Zeev Suraski1999-04-231-3/+1
|
* First commit of re-structuring phase one. We have started using automake inStig Bakken1999-04-171-1/+1
| | | | | | | | | | | | | sub-directories and started to move extension code into ext/<name>. For now, I have moved the "standard" extension (which is quite a mix of everything right now) and the GD extension into their own subdirs in ext/. The configure script now also runs configure in the libzend directory automatically and makes sure php4 and libzend use the same config.cache file. To avoid running configure in libzend, use the --no-recursion option. "make" in php4 also builds libzend now. The Apache module doesn't compile right now, but a fix for that is coming up.
* PHP 4.0Zeev Suraski1999-04-071-0/+156
View Lorry Controller Status