From dd8e59da8f5aafd9d77a0f1f17e5e272d09f643f Mon Sep 17 00:00:00 2001 From: Kalle Sommer Nielsen Date: Mon, 26 Apr 2010 23:53:30 +0000 Subject: Removed safe_mode * Removed ini options, safe_mode* * Removed --enable-safe-mode --with-exec-dir configure options on Unix * Updated extensions, SAPI's and core * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore --- INSTALL | 8 +- Makefile.gcov | 4 +- Makefile.global | 2 +- NEWS | 3 +- configure.in | 24 +- ext/bz2/bz2.c | 6 +- ext/com_dotnet/com_persist.c | 6 +- ext/curl/interface.c | 26 +- ext/curl/streams.c | 4 +- ...setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt | 4 +- ext/curl/tests/curl_setopt_basic001.phpt | 2 +- ext/dba/dba.c | 6 +- ext/dba/libflatfile/flatfile.c | 1 - ext/dba/libinifile/inifile.c | 1 - ext/enchant/enchant.c | 4 + ext/exif/exif.c | 4 +- ext/fileinfo/fileinfo.c | 9 +- ext/fileinfo/libmagic.patch | 18 +- ext/fileinfo/libmagic/apprentice.c | 6 +- ext/fileinfo/libmagic/cdf.c | 2 +- ext/fileinfo/libmagic/cdf.h | 2 +- ext/fileinfo/libmagic/magic.c | 2 +- ext/fileinfo/libmagic/readcdf.c | 2 +- ext/ftp/php_ftp.c | 18 +- ext/gd/gd.c | 4 +- ext/gd/php_gd.h | 10 +- ext/hash/hash.c | 6 +- ext/hash/hash_md.c | 2 +- ext/hash/hash_sha.c | 2 +- ext/imap/php_imap.c | 14 +- ext/libxml/libxml.c | 4 +- ext/mbstring/mbstring.c | 5 - ext/mysql/php_mysql.c | 4 + .../tests/mysql_query_load_data_openbasedir.phpt | 1 - ext/mysqli/mysqli_api.c | 4 + ext/mysqlnd/mysqlnd_net.c | 4 + ext/oci8/oci8.c | 7 - ext/oci8/oci8_interface.c | 12 +- ext/oci8/oci8_lob.c | 2 +- ext/oci8/tests/oci8safemode.phpt | 2 +- ext/odbc/php_odbc.c | 7 - ext/openssl/openssl.c | 37 ++- ext/pdo/pdo_dbh.c | 2 +- ext/pdo_mysql/mysql_driver.c | 2 +- ext/pdo_sqlite/sqlite_driver.c | 9 +- ext/pgsql/pgsql.c | 10 +- ext/phar/phar.c | 6 +- ext/phar/phar_object.c | 16 +- ext/phar/util.c | 4 +- ext/posix/posix.c | 9 +- ext/posix/tests/posix_access.phpt | 3 + ext/posix/tests/posix_access_error_modes.phpt | 3 + .../tests/posix_access_error_wrongparams.phpt | 3 + ext/posix/tests/posix_access_safemode.phpt | 3 + ext/posix/tests/posix_mkfifo_safemode.phpt | 3 + ext/pspell/pspell.c | 13 - ext/session/mod_files.c | 13 +- ext/session/session.c | 4 - ext/soap/php_http.c | 2 +- ext/soap/php_xml.c | 2 +- ext/spl/php_spl.c | 2 +- ext/spl/spl_directory.c | 4 +- ext/sqlite/pdo_sqlite2.c | 7 +- ext/sqlite/sess_sqlite.c | 1 - ext/sqlite/sqlite.c | 17 +- ext/sqlite3/sqlite3.c | 12 +- ext/sqlite3/tests/sqlite3_21_security.phpt | 2 +- ext/standard/basic_functions.c | 108 +------- ext/standard/basic_functions.h | 8 - ext/standard/dir.c | 13 +- ext/standard/dl.c | 3 - ext/standard/exec.c | 42 +--- ext/standard/file.c | 88 ++----- ext/standard/filestat.c | 57 +---- ext/standard/fsock.c | 2 +- ext/standard/ftok.c | 4 +- ext/standard/head.c | 1 - ext/standard/http_fopen_wrapper.c | 2 +- ext/standard/image.c | 2 +- ext/standard/iptc.c | 4 - ext/standard/link.c | 21 -- ext/standard/link_win32.c | 11 +- ext/standard/mail.c | 10 +- ext/standard/md5.c | 2 +- ext/standard/pack.c | 1 - ext/standard/proc_open.c | 81 +----- ext/standard/sha1.c | 2 +- ext/standard/streamsfuncs.c | 4 +- ext/standard/tests/file/bug22414.phpt | 1 - .../general_functions/get_cfg_var_variation8.phpt | 40 +-- .../tests/general_functions/putenv_error1.phpt | 2 + .../tests/general_functions/putenv_error2.phpt | 2 + ext/tidy/tidy.c | 9 +- ext/xmlwriter/php_xmlwriter.c | 2 +- ext/zip/php_zip.c | 16 +- ext/zip/php_zip.h | 8 +- ext/zip/zip_stream.c | 4 +- ext/zlib/zlib.c | 7 +- main/SAPI.c | 69 +----- main/fopen_wrappers.c | 84 ------- main/main.c | 121 ++++++--- main/network.c | 2 +- main/php.h | 3 +- main/php_globals.h | 6 - main/php_ini.c | 4 - main/php_streams.h | 1 - main/safe_mode.c | 276 --------------------- main/safe_mode.h | 41 --- main/streams/plain_wrapper.c | 72 ------ main/streams/streams.c | 8 +- main/streams/userspace.c | 1 - pear/Makefile.frag | 2 +- php.ini-development | 38 --- php.ini-production | 38 --- sapi/apache/mod_php5.c | 2 +- sapi/apache/php_apache.c | 11 +- sapi/apache2filter/sapi_apache2.c | 19 +- sapi/apache2handler/sapi_apache2.c | 19 +- sapi/apache_hooks/php_apache.c | 21 +- sapi/nsapi/nsapi.c | 36 ++- win32/build/config.w32 | 2 +- win32/build/config.w32.h.in | 1 - win32/install.txt | 2 +- 123 files changed, 418 insertions(+), 1461 deletions(-) delete mode 100644 main/safe_mode.c delete mode 100644 main/safe_mode.h diff --git a/INSTALL b/INSTALL index 7675ec08ed..3de5ca42c9 100644 --- a/INSTALL +++ b/INSTALL @@ -1584,15 +1584,11 @@ Running PHP as an Apache module Example 6-2. Apache configuration example php_value include_path ".:/usr/local/lib/php" - php_admin_flag safe_mode on + php_admin_flag engine on php_value include_path ".:/usr/local/lib/php" - php_admin_flag safe_mode on - - - php3_include_path ".:/usr/local/lib/php" - php3_safe_mode on + php_admin_flag engine on Caution diff --git a/Makefile.gcov b/Makefile.gcov index 01dad16113..1181d3fe03 100644 --- a/Makefile.gcov +++ b/Makefile.gcov @@ -13,13 +13,13 @@ lcov-test: all TEST_PHP_EXECUTABLE=$(PHP_EXECUTABLE) \ TEST_PHP_SRCDIR=$(top_srcdir) \ CC="$(CC)" \ - $(PHP_EXECUTABLE) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \ + $(PHP_EXECUTABLE) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \ elif test ! -z "$(SAPI_CLI_PATH)" && test -x "$(SAPI_CLI_PATH)"; then \ NO_INTERACTION=1 \ TEST_PHP_EXECUTABLE=$(top_builddir)/$(SAPI_CLI_PATH) \ TEST_PHP_SRCDIR=$(top_srcdir) \ CC="$(CC)" \ - $(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \ + $(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \ else \ echo "ERROR: Cannot run tests without CLI sapi."; \ fi diff --git a/Makefile.global b/Makefile.global index 10a3c5690c..7b0d87baeb 100644 --- a/Makefile.global +++ b/Makefile.global @@ -79,7 +79,7 @@ PHP_TEST_SHARED_EXTENSIONS = ` \ . $$i; $(top_srcdir)/build/shtool echo -n -- " -d $(ZEND_EXT_TYPE)=$(top_builddir)/modules/$$dlname"; \ done; \ fi` -PHP_DEPRECATED_DIRECTIVES_REGEX = '^(safe_mode|magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*=' +PHP_DEPRECATED_DIRECTIVES_REGEX = '^(magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*=' test: all -@if test ! -z "$(PHP_EXECUTABLE)" && test -x "$(PHP_EXECUTABLE)"; then \ diff --git a/NEWS b/NEWS index fae2f6d121..308dfeb3e8 100644 --- a/NEWS +++ b/NEWS @@ -35,12 +35,13 @@ is present at compile time. (Rasmus) - Removed legacy features: + . allow_call_time_pass_reference. (Pierrick) . define_syslog_variables ini option and its associated function. (Kalle) . highlight.bg ini option. (Kalle) . import_request_variables(). (Kalle) . register_globals. (Kalle) - . allow_call_time_pass_reference. (Pierrick) . register_long_arrays ini option. (Kalle) + . Safe mode. (Kalle) . Session bug compatibility mode (session.bug_compat42 and session.bug_compat_warn ini options). (Kalle) . session_is_registered(), session_register() and session_unregister() diff --git a/configure.in b/configure.in index 3a9ff823ad..0ab2589742 100644 --- a/configure.in +++ b/configure.in @@ -820,28 +820,6 @@ AC_MSG_RESULT([$PHP_CONFIG_FILE_SCAN_DIR]) test -n "$DEBUG_CFLAGS" && CFLAGS="$CFLAGS $DEBUG_CFLAGS" -PHP_ARG_ENABLE(safe-mode, whether to enable safe mode by default, -[ --enable-safe-mode Enable safe mode by default], no, no) - -if test "$PHP_SAFE_MODE" = "yes"; then - AC_DEFINE(PHP_SAFE_MODE,1,[ ]) -else - AC_DEFINE(PHP_SAFE_MODE,0,[ ]) -fi - -AC_MSG_CHECKING([for safe mode exec dir]) -PHP_ARG_WITH(exec-dir,, -[ --with-exec-dir[=DIR] Only allow executables in DIR under safe-mode - [/usr/local/php/bin]], no, no) - -if test "$PHP_EXEC_DIR" != "no" && test "$PHP_EXEC_DIR" != "yes" ; then - AC_DEFINE_UNQUOTED(PHP_SAFE_MODE_EXEC_DIR, "$PHP_EXEC_DIR", [ ]) - AC_MSG_RESULT([$PHP_EXEC_DIR]) -else - AC_DEFINE(PHP_SAFE_MODE_EXEC_DIR, "/usr/local/php/bin", [ ]) - AC_MSG_RESULT([/usr/local/php/bin]) -fi - PHP_ARG_ENABLE(sigchild, whether to enable PHP's own SIGCHLD handler, [ --enable-sigchild Enable PHP's own SIGCHLD handler], no, no) @@ -1410,7 +1388,7 @@ PHP_INSTALL_HEADERS([Zend/ TSRM/ include/ main/ main/streams/]) PHP_ADD_SOURCES(TSRM, TSRM.c tsrm_strtok_r.c tsrm_virtual_cwd.c) PHP_ADD_SOURCES(main, main.c snprintf.c spprintf.c php_sprintf.c \ - safe_mode.c fopen_wrappers.c alloca.c php_scandir.c \ + fopen_wrappers.c alloca.c php_scandir.c \ php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ network.c php_open_temporary_file.c php_logos.c \ diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c index e5feaff179..7f6f7dbfd7 100644 --- a/ext/bz2/bz2.c +++ b/ext/bz2/bz2.c @@ -219,7 +219,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper, path_copy = path; #endif - if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) { + if (php_check_open_basedir(path_copy TSRMLS_CC)) { return NULL; } @@ -233,7 +233,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper, if (bz_file == NULL) { /* that didn't work, so try and get something from the network/wrapper */ - stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path); + stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path); if (stream) { int fd; @@ -386,7 +386,7 @@ static PHP_FUNCTION(bzopen) stream = php_stream_bz2open(NULL, Z_STRVAL_PP(file), mode, - ENFORCE_SAFE_MODE | REPORT_ERRORS, + REPORT_ERRORS, NULL); } else if (Z_TYPE_PP(file) == IS_RESOURCE) { /* If it is a resource, than its a stream resource */ diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c index f14b167309..cca51ec6a3 100755 --- a/ext/com_dotnet/com_persist.c +++ b/ext/com_dotnet/com_persist.c @@ -386,8 +386,7 @@ CPH_METHOD(SaveToFile) RETURN_FALSE; } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); RETURN_FALSE; } @@ -449,8 +448,7 @@ CPH_METHOD(LoadFromFile) RETURN_FALSE; } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); RETURN_FALSE; } diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 10331a5661..cf8a3892b9 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -10,7 +10,7 @@ | http://www.php.net/license/3_01.txt | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | + | license@php.net so we can mail you 6 copy immediately. | +----------------------------------------------------------------------+ | Author: Sterling Hughes | +----------------------------------------------------------------------+ @@ -169,8 +169,8 @@ static int php_curl_option_url(php_curl *ch, const char *url, const int len TSRM #if LIBCURL_VERSION_NUM < 0x071100 char *copystr = NULL; #endif - /* Disable file:// if open_basedir or safe_mode are used */ - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + /* Disable file:// if open_basedir are used */ + if (PG(open_basedir) && *PG(open_basedir)) { #if LIBCURL_VERSION_NUM >= 0x071304 error = curl_easy_setopt(ch->cp, CURLOPT_PROTOCOLS, CURLPROTO_ALL & ~CURLPROTO_FILE); #else @@ -1664,8 +1664,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu convert_to_long_ex(zvalue); #if LIBCURL_VERSION_NUM >= 0x71304 if ((option == CURLOPT_PROTOCOLS || option == CURLOPT_REDIR_PROTOCOLS) && - ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when in safe_mode or an open_basedir is set"); + (PG(open_basedir) && *PG(open_basedir)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when an open_basedir is set"); RETVAL_FALSE; return 1; } @@ -1674,9 +1674,9 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu break; case CURLOPT_FOLLOWLOCATION: convert_to_long_ex(zvalue); - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + if (PG(open_basedir) && *PG(open_basedir)) { if (Z_LVAL_PP(zvalue) != 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set"); RETVAL_FALSE; return 1; } @@ -1728,7 +1728,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu option == CURLOPT_SSH_PUBLIC_KEYFILE || option == CURLOPT_SSH_PRIVATE_KEYFILE ) { - if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) { RETVAL_FALSE; return 1; } @@ -1938,8 +1938,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu if ((filename = php_memnstr(postval, ";filename=", sizeof(";filename=") - 1, postval + Z_STRLEN_PP(current)))) { *filename = '\0'; } - /* safe_mode / open_basedir check */ - if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + /* open_basedir check */ + if (php_check_open_basedir(postval TSRMLS_CC)) { RETVAL_FALSE; return 1; } @@ -2028,8 +2028,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu break; } - /* the following options deal with files, therefor safe_mode & open_basedir checks - * are required. + /* the following options deal with files, therefore the open_basedir check + * is required. */ case CURLOPT_COOKIEJAR: case CURLOPT_SSLCERT: @@ -2041,7 +2041,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu convert_to_string_ex(zvalue); - if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) { RETVAL_FALSE; return 1; } diff --git a/ext/curl/streams.c b/ext/curl/streams.c index ce09b8ab6d..f48fb04329 100644 --- a/ext/curl/streams.c +++ b/ext/curl/streams.c @@ -395,7 +395,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename, } } if (mr > 1) { - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + if (PG(open_basedir) && *PG(open_basedir)) { curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0); } else { curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1); @@ -403,7 +403,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename, curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS, mr); } } else { - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + if (PG(open_basedir) && *PG(open_basedir)) { curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0); } else { curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1); diff --git a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt b/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt index c00e1d2080..7a778f3692 100644 --- a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt +++ b/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt @@ -1,5 +1,5 @@ --TEST-- -CURLOPT_FOLLOWLOCATION case check safe_mode and open_basedir +CURLOPT_FOLLOWLOCATION case check open_basedir --CREDITS-- WHITE new media architects - Dennis --INI-- @@ -17,6 +17,6 @@ curl_close($ch); var_dump($succes); ?> --EXPECTF-- -Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when %r(safe_mode is enabled or an )?%ropen_basedir is set in %s.php on line %d +Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s.php on line %d bool(false) diff --git a/ext/curl/tests/curl_setopt_basic001.phpt b/ext/curl/tests/curl_setopt_basic001.phpt index 178fbf7c13..b8a28dd762 100644 --- a/ext/curl/tests/curl_setopt_basic001.phpt +++ b/ext/curl/tests/curl_setopt_basic001.phpt @@ -6,7 +6,7 @@ Paul Sohier --INI-- safe_mode=On --SKIPIF-- - + --FILE-- lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path); + info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|persistent_flag, &opened_path); } if (!info->lock.fp) { /* when not in read mode or failed to open .lck file read only. now try again in create(write) mode and log errors */ @@ -853,7 +853,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent) } } if (!info->lock.fp) { - info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path); + info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, &opened_path); if (info->lock.fp) { if (lock_dbf) { /* replace the path info with the real path of the opened file */ @@ -891,7 +891,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent) if (info->lock.fp && lock_dbf) { info->fp = info->lock.fp; /* use the same stream for locking and database access */ } else { - info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, NULL); + info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, NULL); } if (!info->fp) { dba_close(info TSRMLS_CC); diff --git a/ext/dba/libflatfile/flatfile.c b/ext/dba/libflatfile/flatfile.c index 4aadcceaaf..50b84d2808 100644 --- a/ext/dba/libflatfile/flatfile.c +++ b/ext/dba/libflatfile/flatfile.c @@ -27,7 +27,6 @@ #include "php.h" #include "php_globals.h" -#include "safe_mode.h" #include #include diff --git a/ext/dba/libinifile/inifile.c b/ext/dba/libinifile/inifile.c index b40dd8c0ed..4c85087aca 100644 --- a/ext/dba/libinifile/inifile.c +++ b/ext/dba/libinifile/inifile.c @@ -24,7 +24,6 @@ #include "php.h" #include "php_globals.h" -#include "safe_mode.h" #include #include diff --git a/ext/enchant/enchant.c b/ext/enchant/enchant.c index c123e6756e..78ad035de1 100755 --- a/ext/enchant/enchant.c +++ b/ext/enchant/enchant.c @@ -587,7 +587,11 @@ PHP_FUNCTION(enchant_broker_request_pwl_dict) RETURN_FALSE; } +#if PHP_API_VERSION < 20100412 if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) { +#else + if (php_check_open_basedir(pwl TSRMLS_CC)) { +#endif RETURN_FALSE; } diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 1f9789c272..6a4fcc4a77 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3861,7 +3861,7 @@ static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_t ImageInfo->motorola_intel = -1; /* flag as unknown */ - ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL); + ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH, NULL); if (!ImageInfo->infile) { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Unable to open file"); return FALSE; @@ -4166,7 +4166,7 @@ PHP_FUNCTION(exif_imagetype) return; } - stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|REPORT_ERRORS, NULL); if (stream == NULL) { RETURN_FALSE; diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c index e0e9868897..75862e7e52 100644 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@ -297,7 +297,11 @@ PHP_FUNCTION(finfo_open) } file = resolved_path; +#if PHP_API_VERSION < 20100412 if ((PG(safe_mode) && (!php_checkuid(file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file TSRMLS_CC)) { +#else + if (php_check_open_basedir(file TSRMLS_CC)) { +#endif RETURN_FALSE; } } @@ -492,8 +496,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime if (wrap) { php_stream_context *context = php_stream_context_from_zval(zcontext, 0); - +#if PHP_API_VERSION < 20100412 php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); +#else + php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context); +#endif if (!stream) { RETVAL_FALSE; diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch index dc8e03fd17..276bb011c5 100644 --- a/ext/fileinfo/libmagic.patch +++ b/ext/fileinfo/libmagic.patch @@ -257,7 +257,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c + + TSRMLS_FETCH(); + -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); @@ -490,7 +490,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c goto error2; - if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1) -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); @@ -647,7 +647,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c - if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) { +/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */ -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL); @@ -799,7 +799,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c break; case CDF_FILETIME: tp = info[i].pi_tp; -+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 ++#if defined(PHP_WIN32) && _MSC_VER <= 1500 + if (tp < 1000000000000000i64) { +#else if (tp < 1000000000000000LL) { @@ -822,7 +822,7 @@ diff -u libmagic.orig/cdf.h libmagic/cdf.h typedef struct { uint64_t h_magic; -#define CDF_MAGIC 0xE11AB1A1E011CFD0LL -+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 ++#if defined(PHP_WIN32) && _MSC_VER <= 1500 +# define CDF_MAGIC 0xE11AB1A1E011CFD0i64 +#else +# define CDF_MAGIC 0xE11AB1A1E011CFD0LL @@ -2019,7 +2019,7 @@ diff -u libmagic.orig/magic.c libmagic/magic.c + + if (!stream && inname) { + no_in_stream = 1; -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL); @@ -2392,7 +2392,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { -+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 ++#if defined(PHP_WIN32) && _MSC_VER <= 1500 + if (tp < 1000000000000000i64) { +#else if (tp < 1000000000000000LL) { @@ -2773,7 +2773,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c + + convert_libmagic_pattern(pattern, options); + -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + if ((pce = pcre_get_compiled_regex_cache(Z_STRVAL_P(pattern), Z_STRLEN_P(pattern) TSRMLS_CC)) == NULL) { #else - pmatch[0].rm_so = 0; @@ -2800,7 +2800,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c + haystack = estrndup(ms->search.s, ms->search.s_len); + + /* match v = 0, no match v = 1 */ -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + php_pcre_match_impl(pce, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC); +#else + php_pcre_match_impl(pce, IS_STRING, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC); diff --git a/ext/fileinfo/libmagic/apprentice.c b/ext/fileinfo/libmagic/apprentice.c index ffa2cb529c..53fa8d5a14 100644 --- a/ext/fileinfo/libmagic/apprentice.c +++ b/ext/fileinfo/libmagic/apprentice.c @@ -597,7 +597,7 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs, TSRMLS_FETCH(); -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); @@ -2041,7 +2041,7 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, if (dbname == NULL) goto error2; -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); @@ -2165,7 +2165,7 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp, } /* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */ -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL); diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c index a3b4a11fc0..a3f7022085 100644 --- a/ext/fileinfo/libmagic/cdf.c +++ b/ext/fileinfo/libmagic/cdf.c @@ -1131,7 +1131,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count) break; case CDF_FILETIME: tp = info[i].pi_tp; -#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 +#if defined(PHP_WIN32) && _MSC_VER <= 1500 if (tp < 1000000000000000i64) { #else if (tp < 1000000000000000LL) { diff --git a/ext/fileinfo/libmagic/cdf.h b/ext/fileinfo/libmagic/cdf.h index 1fa69cfebf..c056a82100 100644 --- a/ext/fileinfo/libmagic/cdf.h +++ b/ext/fileinfo/libmagic/cdf.h @@ -42,7 +42,7 @@ typedef int32_t cdf_secid_t; typedef struct { uint64_t h_magic; -#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 +#if defined(PHP_WIN32) && _MSC_VER <= 1500 # define CDF_MAGIC 0xE11AB1A1E011CFD0i64 #else # define CDF_MAGIC 0xE11AB1A1E011CFD0LL diff --git a/ext/fileinfo/libmagic/magic.c b/ext/fileinfo/libmagic/magic.c index 849896bc83..a8bf6d8880 100644 --- a/ext/fileinfo/libmagic/magic.c +++ b/ext/fileinfo/libmagic/magic.c @@ -290,7 +290,7 @@ file_or_stream(struct magic_set *ms, const char *inname, php_stream *stream) if (!stream && inname) { no_in_stream = 1; -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL); diff --git a/ext/fileinfo/libmagic/readcdf.c b/ext/fileinfo/libmagic/readcdf.c index 56d6504039..117dc786ff 100644 --- a/ext/fileinfo/libmagic/readcdf.c +++ b/ext/fileinfo/libmagic/readcdf.c @@ -110,7 +110,7 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { -#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 +#if defined(PHP_WIN32) && _MSC_VER <= 1500 if (tp < 1000000000000000i64) { #else if (tp < 1000000000000000LL) { diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c index 0cd6d00127..55fcf49f4b 100644 --- a/ext/ftp/php_ftp.c +++ b/ext/ftp/php_ftp.c @@ -41,7 +41,7 @@ #include "php_ftp.h" #include "ftp.h" -static int le_ftpbuf; +static int le_ftpbuf; #define le_ftpbuf_name "FTP Buffer" /* {{{ arginfo */ @@ -874,9 +874,9 @@ PHP_FUNCTION(ftp_get) #endif if (ftp->autoseek && resumepos) { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL); if (outstream == NULL) { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL); } if (outstream != NULL) { /* if autoresume is wanted seek to end */ @@ -888,7 +888,7 @@ PHP_FUNCTION(ftp_get) } } } else { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL); } if (outstream == NULL) { @@ -935,9 +935,9 @@ PHP_FUNCTION(ftp_nb_get) mode = FTPTYPE_IMAGE; #endif if (ftp->autoseek && resumepos) { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL); if (outstream == NULL) { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL); } if (outstream != NULL) { /* if autoresume is wanted seek to end */ @@ -949,7 +949,7 @@ PHP_FUNCTION(ftp_nb_get) } } } else { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL); } if (outstream == NULL) { @@ -1131,7 +1131,7 @@ PHP_FUNCTION(ftp_put) ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf); XTYPE(xtype, mode); - if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) { + if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) { RETURN_FALSE; } @@ -1184,7 +1184,7 @@ PHP_FUNCTION(ftp_nb_put) ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf); XTYPE(xtype, mode); - if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) { + if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) { RETURN_FALSE; } diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 7b4d780c7b..a4d7cc6ac0 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -1470,7 +1470,7 @@ PHP_FUNCTION(imageloadfont) return; } - stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(file, "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); if (stream == NULL) { RETURN_FALSE; } @@ -2422,7 +2422,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type, } } - stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); + stream = php_stream_open_wrapper(file, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); if (stream == NULL) { RETURN_FALSE; } diff --git a/ext/gd/php_gd.h b/ext/gd/php_gd.h index 10a18fbf6e..7fbedbe4e0 100644 --- a/ext/gd/php_gd.h +++ b/ext/gd/php_gd.h @@ -33,12 +33,10 @@ #if HAVE_LIBGD /* open_basedir and safe_mode checks */ -#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \ - if (!filename || php_check_open_basedir(filename TSRMLS_CC) || \ - (PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR)) \ - ) { \ - php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \ - RETURN_FALSE; \ +#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \ + if (!filename || php_check_open_basedir(filename TSRMLS_CC)) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \ + RETURN_FALSE; \ } #define PHP_GDIMG_TYPE_GIF 1 diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 4c1222f001..85d67f9e25 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -141,7 +141,7 @@ static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_ RETURN_FALSE; } if (isfilename) { - stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT); + stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; @@ -219,7 +219,7 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename, RETURN_FALSE; } if (isfilename) { - stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT); + stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; @@ -453,7 +453,7 @@ PHP_FUNCTION(hash_update_file) ZEND_FETCH_RESOURCE(hash, php_hash_data*, &zhash, -1, PHP_HASH_RESNAME, php_hash_le_hash); context = php_stream_context_from_zval(zcontext, 0); - stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, context); + stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS, NULL, context); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; diff --git a/ext/hash/hash_md.c b/ext/hash/hash_md.c index b688b4e981..fd0e3efb0c 100644 --- a/ext/hash/hash_md.c +++ b/ext/hash/hash_md.c @@ -148,7 +148,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file) return; } - stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } diff --git a/ext/hash/hash_sha.c b/ext/hash/hash_sha.c index 6f873f2185..3524c98f4c 100644 --- a/ext/hash/hash_sha.c +++ b/ext/hash/hash_sha.c @@ -132,7 +132,7 @@ PHP_FUNCTION(sha1_file) return; } - stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 5432d84ff4..5781eb2e8a 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -1215,10 +1215,8 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent) efree(IMAPG(imap_password)); } - /* local filename, need to perform open_basedir and safe_mode checks */ - if (mailbox[0] != '{' && - (php_check_open_basedir(mailbox TSRMLS_CC) || - (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) { + /* local filename, need to perform open_basedir check */ + if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) { RETURN_FALSE; } @@ -1292,10 +1290,8 @@ PHP_FUNCTION(imap_reopen) mail_parameters(NIL, SET_MAXLOGINTRIALS, (void *) retries); } #endif - /* local filename, need to perform open_basedir and safe_mode checks */ - if (mailbox[0] != '{' && - (php_check_open_basedir(mailbox TSRMLS_CC) || - (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) { + /* local filename, need to perform open_basedir check */ + if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) { RETURN_FALSE; } @@ -2394,7 +2390,7 @@ PHP_FUNCTION(imap_savebody) default: convert_to_string_ex(out); - writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); + writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS, NULL); break; } diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c index d49f1429a3..83e879d044 100644 --- a/ext/libxml/libxml.c +++ b/ext/libxml/libxml.c @@ -300,7 +300,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char that the streams layer puts out at times, but for libxml we may try to open files that don't exist, but it is not a failure in xml processing (eg. DTD files) */ - wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC); + wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, 0 TSRMLS_CC); if (wrapper && read_only && wrapper->wops->url_stat) { if (wrapper->wops->url_stat(wrapper, path_to_open, PHP_STREAM_URL_STAT_QUIET, &ssbuf, NULL TSRMLS_CC) == -1) { if (isescaped) { @@ -314,7 +314,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char context = zend_fetch_resource(&LIBXML(stream_context) TSRMLS_CC, -1, "Stream-Context", NULL, 1, php_le_stream_context()); } - ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, context); + ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, REPORT_ERRORS, NULL, context); if (isescaped) { xmlFree(resolved_path); } diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index 1291ce2e2c..982c20179f 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -3862,11 +3862,6 @@ PHP_FUNCTION(mb_send_mail) extern void mbfl_memory_device_unput(mbfl_memory_device *device); char *pp, *ee; - if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE."); - RETURN_FALSE; - } - /* initialize */ mbfl_memory_device_init(&device, 0, 0); mbfl_string_init(&orig_str); diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c index 2c3085fd82..b948fd2158 100644 --- a/ext/mysql/php_mysql.c +++ b/ext/mysql/php_mysql.c @@ -664,7 +664,11 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent) } /* disable local infile option for open_basedir */ +#if PHP_API_VERSION < 20100412 if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) { +#else + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') && (client_flags & CLIENT_LOCAL_FILES)) { +#endif client_flags ^= CLIENT_LOCAL_FILES; } diff --git a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt index a257f5fb81..ff62f4227e 100644 --- a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt +++ b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt @@ -26,7 +26,6 @@ if ($socket == "" && $host != NULL && $host != 'localhost' && $host != '.') { } ?> --INI-- -safe_mode=0 open_basedir="." --FILE-- length) { @@ -1871,12 +1867,6 @@ PHP_FUNCTION(oci_password_change) int user_len, pass_old_len, pass_new_len, dbname_len; php_oci_connection *connection; - /* Disable in Safe Mode */ - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "is disabled in Safe Mode"); - RETURN_FALSE; - } - if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &z_connection, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) { PHP_OCI_ZVAL_TO_CONNECTION(z_connection, connection); diff --git a/ext/oci8/oci8_lob.c b/ext/oci8/oci8_lob.c index 2b87dbb3d2..af13237fe9 100644 --- a/ext/oci8/oci8_lob.c +++ b/ext/oci8/oci8_lob.c @@ -724,7 +724,7 @@ int php_oci_lob_import (php_oci_descriptor *descriptor, char *filename TSRMLS_DC char buf[8192]; ub4 offset = 1; - if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { + if (php_check_open_basedir(filename TSRMLS_CC)) { return 1; } diff --git a/ext/oci8/tests/oci8safemode.phpt b/ext/oci8/tests/oci8safemode.phpt index 1c62f36d39..1faebceb7f 100644 --- a/ext/oci8/tests/oci8safemode.phpt +++ b/ext/oci8/tests/oci8safemode.phpt @@ -1,7 +1,7 @@ --TEST-- Test functionality disabled in safe mode --SKIPIF-- - + --INI-- safe_mode=On oci8.privileged_connect=On diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c index 7274d74f0c..ac8564a573 100644 --- a/ext/odbc/php_odbc.c +++ b/ext/odbc/php_odbc.c @@ -1296,13 +1296,6 @@ PHP_FUNCTION(odbc_execute) filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2); filename[strlen(filename)] = '\0'; - /* Check for safe mode. */ - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(filename); - efree(params); - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { efree(filename); diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 42f40c8497..9c01fc6411 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -489,12 +489,9 @@ static void php_csr_free(zend_rsrc_list_entry *rsrc TSRMLS_DC) } /* }}} */ -/* {{{ openssl safe_mode & open_basedir checks */ -inline static int php_openssl_safe_mode_chk(char *filename TSRMLS_DC) +/* {{{ openssl open_basedir check */ +inline static int php_openssl_open_base_dir_chk(char *filename TSRMLS_DC) { - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return -1; - } if (php_check_open_basedir(filename TSRMLS_CC)) { return -1; } @@ -774,7 +771,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option /* read in the oids */ str = CONF_get_string(req->req_config, NULL, "oid_file"); - if (str && !php_openssl_safe_mode_chk(str TSRMLS_CC)) { + if (str && !php_openssl_open_base_dir_chk(str TSRMLS_CC)) { BIO *oid_bio = BIO_new_file(str, "r"); if (oid_bio) { OBJ_create_objects(oid_bio); @@ -1163,7 +1160,7 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * r /* read cert from the named file */ BIO *in; - if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) { return NULL; } @@ -1219,7 +1216,7 @@ PHP_FUNCTION(openssl_x509_export_to_file) return; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { return; } @@ -1449,7 +1446,7 @@ static STACK_OF(X509) * load_all_certs_from_file(char *certfile) goto end; } - if (php_openssl_safe_mode_chk(certfile TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(certfile TSRMLS_CC)) { sk_X509_free(stack); goto end; } @@ -1776,7 +1773,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file) php_error_docref(NULL TSRMLS_CC, E_WARNING, "private key does not correspond to cert"); goto cleanup; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { goto cleanup; } @@ -2178,7 +2175,7 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1); } if (filename) { - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { return NULL; } in = BIO_new_file(filename, "r"); @@ -2214,7 +2211,7 @@ PHP_FUNCTION(openssl_csr_export_to_file) return; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { return; } @@ -2692,7 +2689,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * BIO *in; if (filename) { - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { TMP_CLEAN; } in = BIO_new_file(filename, "r"); @@ -2999,7 +2996,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file) RETURN_FALSE; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { RETURN_FALSE; } @@ -3287,7 +3284,7 @@ PHP_FUNCTION(openssl_pkcs7_verify) if (!store) { goto clean_exit; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { goto clean_exit; } @@ -3305,7 +3302,7 @@ PHP_FUNCTION(openssl_pkcs7_verify) if (datafilename) { - if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(datafilename TSRMLS_CC)) { goto clean_exit; } @@ -3325,7 +3322,7 @@ PHP_FUNCTION(openssl_pkcs7_verify) if (signersfilename) { BIO *certout; - if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(signersfilename TSRMLS_CC)) { goto clean_exit; } @@ -3385,7 +3382,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt) return; - if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) { return; } @@ -3544,7 +3541,7 @@ PHP_FUNCTION(openssl_pkcs7_sign) goto clean_exit; } - if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) { goto clean_exit; } @@ -3639,7 +3636,7 @@ PHP_FUNCTION(openssl_pkcs7_decrypt) goto clean_exit; } - if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) { goto clean_exit; } diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index b5af49298c..c916dc099c 100755 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -187,7 +187,7 @@ static char *dsn_from_uri(char *uri, char *buf, size_t buflen TSRMLS_DC) /* {{{ php_stream *stream; char *dsn = NULL; - stream = php_stream_open_wrapper(uri, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(uri, "rb", REPORT_ERRORS, NULL); if (stream) { dsn = php_stream_get_line(stream, buf, buflen, NULL); php_stream_close(stream); diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index 1bb6d2a74f..be500da886 100755 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -649,7 +649,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ goto cleanup; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) #else if (PG(open_basedir) && PG(open_basedir)[0] != '\0') diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c index 7ad7722c9d..e0f53bebc0 100644 --- a/ext/pdo_sqlite/sqlite_driver.c +++ b/ext/pdo_sqlite/sqlite_driver.c @@ -643,11 +643,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) return NULL; } - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(fullpath); - return NULL; - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); return NULL; @@ -705,7 +700,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS if (!filename) { zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, - "safe_mode/open_basedir prohibits opening %s", + "open_basedir prohibits opening %s", dbh->data_source); goto cleanup; } @@ -718,7 +713,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS goto cleanup; } - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + if (PG(open_basedir) && *PG(open_basedir)) { sqlite3_set_authorizer(H->db, authorizer, NULL); } diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 70e9d0bda2..064173f9df 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -2879,7 +2879,7 @@ PHP_FUNCTION(pg_trace) ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); - stream = php_stream_open_wrapper(z_filename, mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(z_filename, mode, REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; @@ -3338,10 +3338,6 @@ PHP_FUNCTION(pg_lo_import) else { WRONG_PARAM_COUNT; } - - if (PG(safe_mode) &&(!php_checkuid(file_in, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } if (php_check_open_basedir(file_in TSRMLS_CC)) { RETURN_FALSE; @@ -3475,10 +3471,6 @@ PHP_FUNCTION(pg_lo_export) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Requires 2 or 3 arguments"); RETURN_FALSE; } - - if (PG(safe_mode) &&(!php_checkuid(file_out, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } if (php_check_open_basedir(file_out TSRMLS_CC)) { RETURN_FALSE; diff --git a/ext/phar/phar.c b/ext/phar/phar.c index ab6c4d07e7..822491874b 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -1327,7 +1327,7 @@ int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int a if (!pphar) { pphar = &mydata; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { return FAILURE; } @@ -1491,7 +1491,7 @@ int phar_open_from_filename(char *fname, int fname_len, char *alias, int alias_l } else if (error && *error) { return FAILURE; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { return FAILURE; } @@ -2357,7 +2357,7 @@ int phar_open_executed_filename(char *alias, int alias_len, char **error TSRMLS_ FREE_ZVAL(halt_constant); -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { return FAILURE; } diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index 41ae46c215..9b534dc25e 100755 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -1754,7 +1754,7 @@ phar_spl_fileinfo: return ZEND_HASH_APPLY_STOP; } } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "Iterator %v returned a path \"%s\" that safe mode prevents opening", ce->name, fname); @@ -3943,7 +3943,7 @@ PHP_METHOD(Phar, addFile) return; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, safe_mode restrictions prevent this", fname); return; @@ -4187,11 +4187,11 @@ PHP_METHOD(Phar, delMetadata) } } /* }}} */ -#if (PHP_MAJOR_VERSION < 6) -#define OPENBASEDIR_CHECKPATH(filename) \ +#if PHP_API_VERSION < 20100412 +#define PHAR_OPENBASEDIR_CHECKPATH(filename) \ (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC) #else -#define OPENBASEDIR_CHECKPATH(filename) \ +#define PHAR_OPENBASEDIR_CHECKPATH(filename) \ php_check_open_basedir(filename TSRMLS_CC) #endif @@ -4235,7 +4235,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char * return FAILURE; } - if (OPENBASEDIR_CHECKPATH(fullpath)) { + if (PHAR_OPENBASEDIR_CHECKPATH(fullpath)) { spprintf(error, 4096, "Cannot extract \"%s\" to \"%s\", openbasedir/safe mode restrictions in effect", entry->filename, fullpath); efree(fullpath); return FAILURE; @@ -4285,7 +4285,11 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char * return SUCCESS; } +#if PHP_API_VERSION < 20100412 fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL); +#endif if (!fp) { spprintf(error, 4096, "Cannot extract \"%s\", could not open for writing \"%s\"", entry->filename, fullpath); diff --git a/ext/phar/util.c b/ext/phar/util.c index 0aa2bd7bb9..985d9ac541 100644 --- a/ext/phar/util.c +++ b/ext/phar/util.c @@ -201,7 +201,7 @@ int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len, entry.tmp = estrndup(filename, filename_len); } } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && !is_phar && (!php_checkuid(entry.tmp, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { efree(entry.tmp); efree(entry.filename); @@ -850,7 +850,7 @@ int phar_open_archive_fp(phar_archive_data *phar TSRMLS_DC) /* {{{ */ if (phar_get_pharfp(phar TSRMLS_CC)) { return SUCCESS; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(phar->fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { return FAILURE; } diff --git a/ext/posix/posix.c b/ext/posix/posix.c index f030356fb8..7212de3c90 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -840,8 +840,7 @@ PHP_FUNCTION(posix_mkfifo) RETURN_FALSE; } - if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || - (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) { + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) { RETURN_FALSE; } @@ -875,8 +874,7 @@ PHP_FUNCTION(posix_mknod) RETURN_FALSE; } - if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || - (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) { + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) { RETURN_FALSE; } @@ -961,8 +959,7 @@ PHP_FUNCTION(posix_access) RETURN_FALSE; } - if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || - (PG(safe_mode) && (!php_checkuid_ex(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS)))) { + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) { efree(path); POSIX_G(last_error) = EPERM; RETURN_FALSE; diff --git a/ext/posix/tests/posix_access.phpt b/ext/posix/tests/posix_access.phpt index 1bd601ad4b..08d9bf2ed9 100644 --- a/ext/posix/tests/posix_access.phpt +++ b/ext/posix/tests/posix_access.phpt @@ -13,6 +13,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} ?> --INI-- safe_mode = 1 diff --git a/ext/posix/tests/posix_access_error_modes.phpt b/ext/posix/tests/posix_access_error_modes.phpt index 0d79996bd1..e79d24329b 100644 --- a/ext/posix/tests/posix_access_error_modes.phpt +++ b/ext/posix/tests/posix_access_error_modes.phpt @@ -13,6 +13,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} ?> --INI-- safe_mode = 1 diff --git a/ext/posix/tests/posix_access_error_wrongparams.phpt b/ext/posix/tests/posix_access_error_wrongparams.phpt index 7f938a8492..882c43b636 100644 --- a/ext/posix/tests/posix_access_error_wrongparams.phpt +++ b/ext/posix/tests/posix_access_error_wrongparams.phpt @@ -13,6 +13,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} ?> --INI-- safe_mode = 1 diff --git a/ext/posix/tests/posix_access_safemode.phpt b/ext/posix/tests/posix_access_safemode.phpt index 1e156f9515..e346149fb5 100644 --- a/ext/posix/tests/posix_access_safemode.phpt +++ b/ext/posix/tests/posix_access_safemode.phpt @@ -11,6 +11,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} --INI-- safe_mode = 1 --FILE-- diff --git a/ext/posix/tests/posix_mkfifo_safemode.phpt b/ext/posix/tests/posix_mkfifo_safemode.phpt index 9dbddc2611..47caf5d3ee 100644 --- a/ext/posix/tests/posix_mkfifo_safemode.phpt +++ b/ext/posix/tests/posix_mkfifo_safemode.phpt @@ -17,6 +17,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} ?> --INI-- safe_mode = 1 diff --git a/ext/pspell/pspell.c b/ext/pspell/pspell.c index 0d508180d8..bc4af64094 100644 --- a/ext/pspell/pspell.c +++ b/ext/pspell/pspell.c @@ -402,11 +402,6 @@ static PHP_FUNCTION(pspell_new_personal) } #endif - if (PG(safe_mode) && (!php_checkuid(personal, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - delete_pspell_config(config); - RETURN_FALSE; - } - if (php_check_open_basedir(personal TSRMLS_CC)) { delete_pspell_config(config); RETURN_FALSE; @@ -836,10 +831,6 @@ static void pspell_config_path(INTERNAL_FUNCTION_PARAMETERS, char *option) PSPELL_FETCH_CONFIG; - if (PG(safe_mode) && (!php_checkuid(value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(value TSRMLS_CC)) { RETURN_FALSE; } @@ -891,10 +882,6 @@ static PHP_FUNCTION(pspell_config_repl) pspell_config_replace(config, "save-repl", "true"); - if (PG(safe_mode) && (!php_checkuid(repl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(repl TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index acb1ea0dec..71584ce71d 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -171,20 +171,14 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) if (data->fd != -1) { #ifndef PHP_WIN32 /* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */ - if (PG(safe_mode) || PG(open_basedir)) { + if (PG(open_basedir)) { struct stat sbuf; if (fstat(data->fd, &sbuf)) { close(data->fd); return; } - if ( - S_ISLNK(sbuf.st_mode) && - ( - php_check_open_basedir(buf TSRMLS_CC) || - (PG(safe_mode) && !php_checkuid(buf, NULL, CHECKUID_CHECK_FILE_AND_DIR)) - ) - ) { + if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { close(data->fd); return; } @@ -274,9 +268,6 @@ PS_OPEN_FUNC(files) /* if save path is an empty string, determine the temporary dir */ save_path = php_get_temporary_directory(); - if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } if (php_check_open_basedir(save_path TSRMLS_CC)) { return FAILURE; } diff --git a/ext/session/session.c b/ext/session/session.c index 03055cfca9..c7a23a5747 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -567,10 +567,6 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */ p = new_value; } - if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } - if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { return FAILURE; } diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 6257e79151..c3ad0e00dd 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -118,7 +118,7 @@ static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, ph namelen = spprintf(&name, 0, "%s://%s:%d", (use_ssl && !*use_proxy)? "ssl" : "tcp", host, port); stream = php_stream_xport_create(name, namelen, - ENFORCE_SAFE_MODE | REPORT_ERRORS, + REPORT_ERRORS, STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, NULL /*persistent_id*/, timeout, diff --git a/ext/soap/php_xml.c b/ext/soap/php_xml.c index af4f395327..fa5a26b361 100644 --- a/ext/soap/php_xml.c +++ b/ext/soap/php_xml.c @@ -179,7 +179,7 @@ int php_stream_xmlIO_match_wrapper(const char *filename) void *php_stream_xmlIO_open_wrapper(const char *filename) { TSRMLS_FETCH(); - return php_stream_open_wrapper((char*)filename, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + return php_stream_open_wrapper((char*)filename, "rb", REPORT_ERRORS, NULL); } int php_stream_xmlIO_read(void *context, char *buffer, int len) diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c index d83d5ebe00..663baec014 100755 --- a/ext/spl/php_spl.c +++ b/ext/spl/php_spl.c @@ -231,7 +231,7 @@ static int spl_autoload(const char *class_name, const char * lc_name, int class_ class_file_len = spprintf(&class_file, 0, "%s%s", lc_name, file_extension); - ret = php_stream_open_for_zend_ex(class_file, &file_handle, ENFORCE_SAFE_MODE|USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); + ret = php_stream_open_for_zend_ex(class_file, &file_handle, USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); if (ret == SUCCESS) { if (!file_handle.opened_path) { diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c index 3b47374206..9b114fc0ad 100755 --- a/ext/spl/spl_directory.c +++ b/ext/spl/spl_directory.c @@ -221,7 +221,7 @@ static void spl_filesystem_dir_open(spl_filesystem_object* intern, char *path TS intern->type = SPL_FS_DIR; intern->_path_len = strlen(path); - intern->u.dir.dirp = php_stream_opendir(path, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + intern->u.dir.dirp = php_stream_opendir(path, REPORT_ERRORS, NULL); if (intern->_path_len > 1 && IS_SLASH_AT(path, intern->_path_len-1)) { intern->_path = estrndup(path, --intern->_path_len); @@ -245,7 +245,7 @@ static int spl_filesystem_file_open(spl_filesystem_object *intern, int use_inclu { intern->type = SPL_FS_FILE; intern->u.file.context = php_stream_context_from_zval(intern->u.file.zcontext, 0); - intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, intern->u.file.context); + intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, intern->u.file.context); if (!intern->file_name_len || !intern->u.file.stream) { if (!EG(exception)) { diff --git a/ext/sqlite/pdo_sqlite2.c b/ext/sqlite/pdo_sqlite2.c index 89f0520cd9..3eeb1f2bd9 100644 --- a/ext/sqlite/pdo_sqlite2.c +++ b/ext/sqlite/pdo_sqlite2.c @@ -522,11 +522,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) return NULL; } - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(fullpath); - return NULL; - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); return NULL; @@ -585,7 +580,7 @@ static int pdo_sqlite2_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRML if (!filename) { zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, - "safe_mode/open_basedir prohibits opening %s", + "open_basedir prohibits opening %s", dbh->data_source); goto cleanup; } diff --git a/ext/sqlite/sess_sqlite.c b/ext/sqlite/sess_sqlite.c index 37f01576b5..30ebc0e38d 100644 --- a/ext/sqlite/sess_sqlite.c +++ b/ext/sqlite/sess_sqlite.c @@ -42,7 +42,6 @@ PS_OPEN_FUNC(sqlite) char *errmsg = NULL; sqlite *db; - /* TODO: do we need a safe_mode check here? */ db = sqlite_open(save_path, 0666, &errmsg); if (db == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index 4017dc7fbc..4c1b3f11b1 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -1066,9 +1066,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg case SQLITE_COPY: if (strncmp(arg4, ":memory:", sizeof(":memory:") - 1)) { TSRMLS_FETCH(); - if (PG(safe_mode) && (!php_checkuid(arg4, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return SQLITE_DENY; - } if (php_check_open_basedir(arg4 TSRMLS_CC)) { return SQLITE_DENY; @@ -1079,9 +1076,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg case SQLITE_ATTACH: if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) { TSRMLS_FETCH(); - if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return SQLITE_DENY; - } if (php_check_open_basedir(arg3 TSRMLS_CC)) { return SQLITE_DENY; @@ -1510,7 +1504,7 @@ static struct php_sqlite_db *php_sqlite_open(char *filename, int mode, char *per /* authorizer hook so we can enforce safe mode * Note: the declaration of php_sqlite_authorizer is correct for 2.8.2 of libsqlite, * and IS backwards binary compatible with earlier versions */ - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + if (PG(open_basedir) && *PG(open_basedir)) { sqlite_set_authorizer(sdb, php_sqlite_authorizer, NULL); } @@ -1566,8 +1560,7 @@ PHP_FUNCTION(sqlite_popen) RETURN_FALSE; } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); RETURN_FALSE; } @@ -1648,8 +1641,7 @@ PHP_FUNCTION(sqlite_open) } } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); zend_restore_error_handling(&error_handling TSRMLS_CC); if (object) { @@ -1697,8 +1689,7 @@ PHP_FUNCTION(sqlite_factory) RETURN_NULL(); } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); zend_restore_error_handling(&error_handling TSRMLS_CC); RETURN_NULL(); diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 7f7bbe9a95..00364b0dd4 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -120,11 +120,13 @@ PHP_METHOD(sqlite3, open) return; } +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "safe_mode prohibits opening %s", fullpath); efree(fullpath); return; } +#endif if (php_check_open_basedir(fullpath TSRMLS_CC)) { zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "open_basedir prohibits opening %s", fullpath); @@ -158,7 +160,11 @@ PHP_METHOD(sqlite3, open) } #endif +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { +#else + if (PG(open_basedir) && *PG(open_basedir)) { +#endif sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL); } @@ -1779,14 +1785,18 @@ static zend_function_entry php_sqlite3_result_class_methods[] = { */ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *arg3, const char *arg4, const char *arg5, const char *arg6) { - TSRMLS_FETCH(); switch (access_type) { case SQLITE_ATTACH: { if (strncmp(arg3, ":memory:", sizeof(":memory:")-1)) { + TSRMLS_FETCH(); + +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return SQLITE_DENY; } +#endif + if (php_check_open_basedir(arg3 TSRMLS_CC)) { return SQLITE_DENY; } diff --git a/ext/sqlite3/tests/sqlite3_21_security.phpt b/ext/sqlite3/tests/sqlite3_21_security.phpt index 5061a595c3..7e83bb23e1 100644 --- a/ext/sqlite3/tests/sqlite3_21_security.phpt +++ b/ext/sqlite3/tests/sqlite3_21_security.phpt @@ -1,5 +1,5 @@ --TEST-- -SQLite3 open_basedir / safe_mode checks +SQLite3 open_basedir checks --SKIPIF-- --INI-- diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 4555814e17..26c6d5aed0 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -34,7 +34,6 @@ #include "zend_operators.h" #include "ext/standard/php_dns.h" #include "ext/standard/php_uuencode.h" -#include "safe_mode.h" #ifdef PHP_WIN32 #include "win32/php_win32_globals.h" @@ -3351,41 +3350,6 @@ const zend_function_entry basic_functions[] = { /* {{{ */ }; /* }}} */ -static PHP_INI_MH(OnUpdateSafeModeProtectedEnvVars) /* {{{ */ -{ - char *protected_vars, *protected_var; - char *token_buf; - int dummy = 1; - - protected_vars = estrndup(new_value, new_value_length); - zend_hash_clean(&BG(sm_protected_env_vars)); - - protected_var = php_strtok_r(protected_vars, ", ", &token_buf); - while (protected_var) { - zend_hash_update(&BG(sm_protected_env_vars), protected_var, strlen(protected_var), &dummy, sizeof(int), NULL); - protected_var = php_strtok_r(NULL, ", ", &token_buf); - } - efree(protected_vars); - return SUCCESS; -} -/* }}} */ - -static PHP_INI_MH(OnUpdateSafeModeAllowedEnvVars) /* {{{ */ -{ - if (BG(sm_allowed_env_vars)) { - free(BG(sm_allowed_env_vars)); - } - BG(sm_allowed_env_vars) = zend_strndup(new_value, new_value_length); - return SUCCESS; -} -/* }}} */ - -PHP_INI_BEGIN() /* {{{ */ - PHP_INI_ENTRY_EX("safe_mode_protected_env_vars", SAFE_MODE_PROTECTED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeProtectedEnvVars, NULL) - PHP_INI_ENTRY_EX("safe_mode_allowed_env_vars", SAFE_MODE_ALLOWED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeAllowedEnvVars, NULL) -PHP_INI_END() -/* }}} */ - static const zend_module_dep standard_deps[] = { /* {{{ */ ZEND_MOD_OPTIONAL("session") {NULL, NULL, NULL} @@ -3462,8 +3426,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /* BG(left) = -1; BG(user_tick_functions) = NULL; BG(user_filter_map) = NULL; - zend_hash_init(&BG(sm_protected_env_vars), 5, NULL, NULL, 1); - BG(sm_allowed_env_vars) = NULL; memset(&BG(url_adapt_state_ex), 0, sizeof(BG(url_adapt_state_ex))); @@ -3479,10 +3441,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /* static void basic_globals_dtor(php_basic_globals *basic_globals_p TSRMLS_DC) /* {{{ */ { - zend_hash_destroy(&BG(sm_protected_env_vars)); - if (BG(sm_allowed_env_vars)) { - free(BG(sm_allowed_env_vars)); - } if (BG(url_adapt_state_ex).tags) { zend_hash_destroy(BG(url_adapt_state_ex).tags); free(BG(url_adapt_state_ex).tags); @@ -3594,8 +3552,6 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */ test_class_startup(); #endif - REGISTER_INI_ENTRIES(); - register_phpinfo_constants(INIT_FUNC_ARGS_PASSTHRU); register_html_constants(INIT_FUNC_ARGS_PASSTHRU); register_string_constants(INIT_FUNC_ARGS_PASSTHRU); @@ -3676,8 +3632,6 @@ PHP_MSHUTDOWN_FUNCTION(basic) /* {{{ */ php_unregister_url_stream_wrapper("ftp" TSRMLS_CC); #endif - UNREGISTER_INI_ENTRIES(); - PHP_MSHUTDOWN(browscap)(SHUTDOWN_FUNC_ARGS_PASSTHRU); PHP_MSHUTDOWN(array)(SHUTDOWN_FUNC_ARGS_PASSTHRU); PHP_MSHUTDOWN(assert)(SHUTDOWN_FUNC_ARGS_PASSTHRU); @@ -4061,39 +4015,6 @@ PHP_FUNCTION(putenv) } #endif - if (PG(safe_mode)) { - /* Check the protected list */ - if (zend_hash_exists(&BG(sm_protected_env_vars), pe.key, pe.key_len)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", pe.key); - efree(pe.putenv_string); - efree(pe.key); - RETURN_FALSE; - } - - /* Check the allowed list */ - if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) { - char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars)); - char *strtok_buf = NULL; - char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf); - zend_bool allowed = 0; - - while (allowed_prefix) { - if (!strncmp(allowed_prefix, pe.key, strlen(allowed_prefix))) { - allowed = 1; - break; - } - allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf); - } - efree(allowed_env_vars); - if (!allowed) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", pe.key); - efree(pe.putenv_string); - efree(pe.key); - RETURN_FALSE; - } - } - } - zend_hash_del(&BG(putenv_ht), pe.key, pe.key_len+1); /* find previous value */ @@ -4694,7 +4615,7 @@ PHPAPI int _php_error_log_ex(int opt_err, char *message, int message_len, char * break; case 3: /*save to a file */ - stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | REPORT_ERRORS, NULL); if (!stream) { return FAILURE; } @@ -5141,10 +5062,6 @@ PHP_FUNCTION(highlight_file) RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_ONLY_FILE))) { - RETURN_FALSE; - } - if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } @@ -5391,18 +5308,14 @@ PHP_FUNCTION(ini_set) } #define _CHECK_PATH(var, var_len, ini) php_ini_check_path(var, var_len, ini, sizeof(ini)) - /* safe_mode & basedir check */ - if (PG(safe_mode) || PG(open_basedir)) { + /* open basedir check */ + if (PG(open_basedir)) { if (_CHECK_PATH(varname, varname_len, "error_log") || _CHECK_PATH(varname, varname_len, "java.class.path") || _CHECK_PATH(varname, varname_len, "java.home") || _CHECK_PATH(varname, varname_len, "mail.log") || _CHECK_PATH(varname, varname_len, "java.library.path") || _CHECK_PATH(varname, varname_len, "vpopmail.directory")) { - if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - zval_dtor(return_value); - RETURN_FALSE; - } if (php_check_open_basedir(new_value TSRMLS_CC)) { zval_dtor(return_value); RETURN_FALSE; @@ -5410,17 +5323,6 @@ PHP_FUNCTION(ini_set) } } - /* checks that ensure the user does not overwrite certain ini settings when safe_mode is enabled */ - if (PG(safe_mode)) { - if (!strncmp("max_execution_time", varname, sizeof("max_execution_time")) || - !strncmp("memory_limit", varname, sizeof("memory_limit")) || - !strncmp("child_terminate", varname, sizeof("child_terminate")) - ) { - zval_dtor(return_value); - RETURN_FALSE; - } - } - if (zend_alter_ini_entry_ex(varname, varname_len + 1, new_value, new_value_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME, 0 TSRMLS_CC) == FAILURE) { zval_dtor(return_value); RETURN_FALSE; @@ -5797,10 +5699,6 @@ PHP_FUNCTION(move_uploaded_file) RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(new_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(new_path TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/basic_functions.h b/ext/standard/basic_functions.h index e2190066f0..b7b5264de8 100644 --- a/ext/standard/basic_functions.h +++ b/ext/standard/basic_functions.h @@ -175,9 +175,6 @@ typedef struct _php_basic_globals { zend_llist *user_tick_functions; zval *active_ini_file_section; - - HashTable sm_protected_env_vars; - char *sm_allowed_env_vars; /* pageinfo.c */ long page_uid; @@ -240,11 +237,6 @@ typedef struct { } putenv_entry; #endif -/* Values are comma-delimited - */ -#define SAFE_MODE_PROTECTED_ENV_VARS "LD_LIBRARY_PATH" -#define SAFE_MODE_ALLOWED_ENV_VARS "PHP_" - PHPAPI double php_get_nan(void); PHPAPI double php_get_inf(void); diff --git a/ext/standard/dir.c b/ext/standard/dir.c index 25f6139487..e2bf1ef72d 100644 --- a/ext/standard/dir.c +++ b/ext/standard/dir.c @@ -215,7 +215,7 @@ static void _php_do_opendir(INTERNAL_FUNCTION_PARAMETERS, int createobject) context = php_stream_context_from_zval(zcontext, 0); - dirp = php_stream_opendir(dirname, ENFORCE_SAFE_MODE|REPORT_ERRORS, context); + dirp = php_stream_opendir(dirname, REPORT_ERRORS, context); if (dirp == NULL) { RETURN_FALSE; @@ -319,7 +319,7 @@ PHP_FUNCTION(chdir) RETURN_FALSE; } - if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) { + if (php_check_open_basedir(str TSRMLS_CC)) { RETURN_FALSE; } ret = VCWD_CHDIR(str); @@ -481,7 +481,7 @@ PHP_FUNCTION(glob) /* now catch the FreeBSD style of "no matches" */ if (!globbuf.gl_pathc || !globbuf.gl_pathv) { no_results: - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + if (PG(open_basedir) && *PG(open_basedir)) { struct stat s; if (0 != VCWD_STAT(pattern, &s) || S_IFDIR != (s.st_mode & S_IFMT)) { @@ -494,11 +494,8 @@ no_results: array_init(return_value); for (n = 0; n < globbuf.gl_pathc; n++) { - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { - if (PG(safe_mode) && (!php_checkuid_ex(globbuf.gl_pathv[n], NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS))) { - basedir_limit = 1; - continue; - } else if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) { + if (PG(open_basedir) && *PG(open_basedir)) { + if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) { basedir_limit = 1; continue; } diff --git a/ext/standard/dl.c b/ext/standard/dl.c index 8bb97d7f91..22e5faedff 100644 --- a/ext/standard/dl.c +++ b/ext/standard/dl.c @@ -63,9 +63,6 @@ PHPAPI PHP_FUNCTION(dl) if (!PG(enable_dl)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't enabled"); RETURN_FALSE; - } else if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't allowed when running in Safe Mode"); - RETURN_FALSE; } if (filename_len >= MAXPATHLEN) { diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 5850026e17..5bca15d229 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -22,7 +22,6 @@ #include "php.h" #include #include "php_string.h" -#include "safe_mode.h" #include "ext/standard/head.h" #include "ext/standard/file.h" #include "basic_functions.h" @@ -63,51 +62,21 @@ PHPAPI int php_exec(int type, char *cmd, zval *array, zval *return_value TSRMLS_ FILE *fp; char *buf, *tmp=NULL; int l = 0, pclose_return; - char *cmd_p, *b, *c, *d=NULL; + char *b, *c, *d=NULL; php_stream *stream; size_t buflen, bufl = 0; #if PHP_SIGCHILD void (*sig_handler)() = NULL; #endif - if (PG(safe_mode)) { - if ((c = strchr(cmd, ' '))) { - *c = '\0'; - c++; - } - if (strstr(cmd, "..")) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path"); - goto err; - } - - b = strrchr(cmd, PHP_DIR_SEPARATOR); - -#ifdef PHP_WIN32 - if (b && *b == '\\' && b == cmd) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path."); - goto err; - } -#endif - - spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : "")); - if (c) { - *(c - 1) = ' '; - } - cmd_p = php_escape_shell_cmd(d); - efree(d); - d = cmd_p; - } else { - cmd_p = cmd; - } - #if PHP_SIGCHILD sig_handler = signal (SIGCHLD, SIG_DFL); #endif #ifdef PHP_WIN32 - fp = VCWD_POPEN(cmd_p, "rb"); + fp = VCWD_POPEN(cmd, "rb"); #else - fp = VCWD_POPEN(cmd_p, "r"); + fp = VCWD_POPEN(cmd, "r"); #endif if (!fp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd); @@ -484,11 +453,6 @@ PHP_FUNCTION(shell_exec) return; } - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute using backquotes in Safe Mode"); - RETURN_FALSE; - } - #ifdef PHP_WIN32 if ((in=VCWD_POPEN(command, "rt"))==NULL) { #else diff --git a/ext/standard/file.c b/ext/standard/file.c index 704ef1231f..f21f1bb5e0 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -70,7 +70,6 @@ #endif #include "ext/standard/head.h" -#include "safe_mode.h" #include "php_string.h" #include "file.h" @@ -386,7 +385,7 @@ PHP_FUNCTION(get_meta_tags) } md.stream = php_stream_open_wrapper(filename, "rb", - (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, + (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL); if (!md.stream) { RETURN_FALSE; @@ -546,7 +545,7 @@ PHP_FUNCTION(file_get_contents) context = php_stream_context_from_zval(zcontext, 0); stream = php_stream_open_wrapper_ex(filename, "rb", - (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, + (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (!stream) { RETURN_FALSE; @@ -615,7 +614,7 @@ PHP_FUNCTION(file_put_contents) } mode[2] = '\0'; - stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (stream == NULL) { RETURN_FALSE; } @@ -750,7 +749,7 @@ PHP_FUNCTION(file) context = php_stream_context_from_zval(zcontext, flags & PHP_FILE_NO_DEFAULT_CONTEXT); - stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (!stream) { RETURN_FALSE; } @@ -836,10 +835,6 @@ PHP_FUNCTION(tempnam) return; } - if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(dir TSRMLS_CC)) { RETURN_FALSE; } @@ -896,7 +891,7 @@ PHP_NAMED_FUNCTION(php_if_fopen) context = php_stream_context_from_zval(zcontext, 0); - stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (stream == NULL) { RETURN_FALSE; @@ -942,7 +937,7 @@ PHP_FUNCTION(popen) int command_len, mode_len; FILE *fp; php_stream *stream; - char *posix_mode, *b, *buf = 0, *tmp; + char *posix_mode, *buf = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &command, &command_len, &mode, &mode_len) == FAILURE) { return; @@ -957,49 +952,14 @@ PHP_FUNCTION(popen) } } #endif - if (PG(safe_mode)){ - b = strchr(command, ' '); - if (!b) { - b = strrchr(command, '/'); - } else { - char *c; - - c = command; - while((*b != '/') && (b != c)) { - b--; - } - if (b == c) { - b = NULL; - } - } - - if (b) { - spprintf(&buf, 0, "%s%s", PG(safe_mode_exec_dir), b); - } else { - spprintf(&buf, 0, "%s/%s", PG(safe_mode_exec_dir), command); - } - - tmp = php_escape_shell_cmd(buf); - fp = VCWD_POPEN(tmp, posix_mode); - efree(tmp); - - if (!fp) { - php_error_docref2(NULL TSRMLS_CC, buf, posix_mode, E_WARNING, "%s", strerror(errno)); - efree(posix_mode); - efree(buf); - RETURN_FALSE; - } - efree(buf); - - } else { - fp = VCWD_POPEN(command, posix_mode); - if (!fp) { - php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno)); - efree(posix_mode); - RETURN_FALSE; - } + fp = VCWD_POPEN(command, posix_mode); + if (!fp) { + php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno)); + efree(posix_mode); + RETURN_FALSE; } + stream = php_stream_fopen_from_pipe(fp, mode); if (stream == NULL) { @@ -1361,10 +1321,6 @@ PHPAPI int php_mkdir_ex(char *dir, long mode, int options TSRMLS_DC) { int ret; - if (PG(safe_mode) && (!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return -1; - } - if (php_check_open_basedir(dir TSRMLS_CC)) { return -1; } @@ -1440,7 +1396,7 @@ PHP_FUNCTION(readfile) context = php_stream_context_from_zval(zcontext, 0); - stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (stream) { size = php_stream_passthru(stream); php_stream_close(stream); @@ -1561,7 +1517,7 @@ PHP_FUNCTION(unlink) php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s does not allow unlinking", wrapper->wops->label ? wrapper->wops->label : "Wrapper"); RETURN_FALSE; } - RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, ENFORCE_SAFE_MODE | REPORT_ERRORS, context TSRMLS_CC)); + RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, REPORT_ERRORS, context TSRMLS_CC)); } /* }}} */ @@ -1684,10 +1640,6 @@ PHP_FUNCTION(copy) return; } - if (PG(safe_mode) &&(!php_checkuid(source, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(source TSRMLS_CC)) { RETURN_FALSE; } @@ -1704,13 +1656,13 @@ PHP_FUNCTION(copy) PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC) /* {{{ */ { - return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC); + return php_copy_file_ex(src, dest, 0 TSRMLS_CC); } /* }}} */ /* {{{ php_copy_file */ -PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC) +PHPAPI int php_copy_file_ex(char *src, char *dest, int src_flg TSRMLS_DC) { php_stream *srcstream = NULL, *deststream = NULL; int ret = FAILURE; @@ -1781,13 +1733,13 @@ no_stat: } safe_to_copy: - srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL); + srcstream = php_stream_open_wrapper(src, "rb", src_flg | REPORT_ERRORS, NULL); if (!srcstream) { return ret; } - deststream = php_stream_open_wrapper(dest, "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + deststream = php_stream_open_wrapper(dest, "wb", REPORT_ERRORS, NULL); if (srcstream && deststream) { ret = php_stream_copy_to_stream_ex(srcstream, deststream, PHP_STREAM_COPY_ALL, NULL); @@ -2376,10 +2328,6 @@ PHP_FUNCTION(realpath) } if (VCWD_REALPATH(filename, resolved_path_buff)) { - if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(resolved_path_buff TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c index b38e6e78b9..ddb23bd9e9 100644 --- a/ext/standard/filestat.c +++ b/ext/standard/filestat.c @@ -19,7 +19,6 @@ /* $Id$ */ #include "php.h" -#include "safe_mode.h" #include "fopen_wrappers.h" #include "php_globals.h" @@ -434,10 +433,6 @@ static void php_do_chgrp(INTERNAL_FUNCTION_PARAMETERS, int do_lchgrp) /* {{{ */ RETURN_FALSE; } - if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; @@ -535,10 +530,6 @@ static void php_do_chown(INTERNAL_FUNCTION_PARAMETERS, int do_lchown) /* {{{ */ RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; @@ -603,36 +594,12 @@ PHP_FUNCTION(chmod) return; } - if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } imode = (mode_t) mode; - /* In safe mode, do not allow to setuid files. - * Setuiding files could allow users to gain privileges - * that safe mode doesn't give them. */ - - if (PG(safe_mode)) { - php_stream_statbuf ssb; - if (php_stream_stat_path_ex(filename, 0, &ssb, NULL)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "stat failed for %s", filename); - RETURN_FALSE; - } - if ((imode & 04000) != 0 && (ssb.sb.st_mode & 04000) == 0) { - imode ^= 04000; - } - if ((imode & 02000) != 0 && (ssb.sb.st_mode & 02000) == 0) { - imode ^= 02000; - } - if ((imode & 01000) != 0 && (ssb.sb.st_mode & 01000) == 0) { - imode ^= 01000; - } - } ret = VCWD_CHMOD(filename, imode); if (ret == -1) { @@ -680,11 +647,6 @@ PHP_FUNCTION(touch) WRONG_PARAM_COUNT; } - /* Safe-mode */ - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; @@ -771,28 +733,13 @@ PHPAPI void php_stat(const char *filename, php_stat_len filename_length, int typ }; char *local; php_stream_wrapper *wrapper; - char safe_mode_buf[MAXPATHLEN]; if (!filename_length) { RETURN_FALSE; } - if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper) { - if (php_check_open_basedir(local TSRMLS_CC)) { - RETURN_FALSE; - } else if (PG(safe_mode)) { - if (type == FS_IS_X) { - if (strstr(local, "..")) { - RETURN_FALSE; - } else { - char *b = strrchr(local, PHP_DIR_SEPARATOR); - snprintf(safe_mode_buf, MAXPATHLEN, "%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : local)); - local = (char *)&safe_mode_buf; - } - } else if (!php_checkuid_ex(local, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS, CHECKUID_NO_ERRORS)) { - RETURN_FALSE; - } - } + if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper && php_check_open_basedir(local TSRMLS_CC)) { + RETURN_FALSE; } if (IS_ACCESS_CHECK(type)) { diff --git a/ext/standard/fsock.c b/ext/standard/fsock.c index 7501dce928..4e6ce128dd 100644 --- a/ext/standard/fsock.c +++ b/ext/standard/fsock.c @@ -76,7 +76,7 @@ static void php_fsockopen_stream(INTERNAL_FUNCTION_PARAMETERS, int persistent) ZVAL_STRING(zerrstr, "", 1); } - stream = php_stream_xport_create(hostname, hostname_len, ENFORCE_SAFE_MODE | REPORT_ERRORS, + stream = php_stream_xport_create(hostname, hostname_len, REPORT_ERRORS, STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, hashkey, &tv, NULL, &errstr, &err); if (port > 0) { diff --git a/ext/standard/ftok.c b/ext/standard/ftok.c index 81d1c189e3..5ad73cff88 100644 --- a/ext/standard/ftok.c +++ b/ext/standard/ftok.c @@ -47,9 +47,9 @@ PHP_FUNCTION(ftok) if (proj_len != 1){ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Project identifier is invalid"); RETURN_LONG(-1); - } + } - if ((PG(safe_mode) && (!php_checkuid(pathname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pathname TSRMLS_CC)) { + if (php_check_open_basedir(pathname TSRMLS_CC)) { RETURN_LONG(-1); } diff --git a/ext/standard/head.c b/ext/standard/head.c index ac8c9b1a72..5b297b9a8d 100644 --- a/ext/standard/head.c +++ b/ext/standard/head.c @@ -31,7 +31,6 @@ #endif #include "php_globals.h" -#include "safe_mode.h" /* Implementation of the language Header() function */ diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 68098451b3..c730d450aa 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -131,7 +131,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, Z_TYPE_PP(tmpzval) != IS_STRING || Z_STRLEN_PP(tmpzval) <= 0) { php_url_free(resource); - return php_stream_open_wrapper_ex(path, mode, ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context); } /* Called from a non-http wrapper with http proxying requested (i.e. ftp) */ request_fulluri = 1; diff --git a/ext/standard/image.c b/ext/standard/image.c index df8cd4b3a9..4ce895438e 100644 --- a/ext/standard/image.c +++ b/ext/standard/image.c @@ -1313,7 +1313,7 @@ PHP_FUNCTION(getimagesize) array_init(*info); } - stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH, NULL); if (!stream) { RETURN_FALSE; diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c index 2eb2fab4c1..d863e3dd8f 100644 --- a/ext/standard/iptc.c +++ b/ext/standard/iptc.c @@ -190,10 +190,6 @@ PHP_FUNCTION(iptcembed) return; } - if (PG(safe_mode) && (!php_checkuid(jpeg_file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(jpeg_file TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/link.c b/ext/standard/link.c index 3d7cd8c85c..7029a20d02 100644 --- a/ext/standard/link.c +++ b/ext/standard/link.c @@ -47,7 +47,6 @@ #include #include -#include "safe_mode.h" #include "php_link.h" #include "php_string.h" @@ -64,10 +63,6 @@ PHP_FUNCTION(readlink) return; } - if (PG(safe_mode) && !php_checkuid(link, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(link TSRMLS_CC)) { RETURN_FALSE; } @@ -144,14 +139,6 @@ PHP_FUNCTION(symlink) RETURN_FALSE; } - if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - - if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } @@ -200,14 +187,6 @@ PHP_FUNCTION(link) RETURN_FALSE; } - if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - - if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/link_win32.c b/ext/standard/link_win32.c index 37575077ad..ff4e33f3b5 100644 --- a/ext/standard/link_win32.c +++ b/ext/standard/link_win32.c @@ -39,7 +39,6 @@ #include #include -#include "safe_mode.h" #include "php_link.h" #include "php_string.h" @@ -91,7 +90,7 @@ PHP_FUNCTION(readlink) return; } - if (OPENBASEDIR_CHECKPATH(link)) { + if (php_check_open_basedir(link TSRMLS_CC)) { RETURN_FALSE; } if (!expand_filepath(link, path_resolved TSRMLS_CC)) { @@ -209,11 +208,11 @@ PHP_FUNCTION(symlink) RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(dest_p)) { + if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(source_p)) { + if (php_check_open_basedir(source_p TSRMLS_CC)) { RETURN_FALSE; } @@ -264,11 +263,11 @@ PHP_FUNCTION(link) RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(source_p)) { + if (php_check_open_basedir(source_p TSRMLS_CC)) { RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(dest_p)) { + if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 6d5435f2ff..4f9254d2f8 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -41,7 +41,6 @@ #include "php_mail.h" #include "php_ini.h" -#include "safe_mode.h" #include "exec.h" #ifdef PHP_WIN32 @@ -105,14 +104,7 @@ PHP_FUNCTION(mail) char *to_r, *subject_r; char *p, *e; - if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE"); - RETURN_FALSE; - } - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len, - &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE - ) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE) { return; } diff --git a/ext/standard/md5.c b/ext/standard/md5.c index d7a905d5ee..a5b0f9b819 100644 --- a/ext/standard/md5.c +++ b/ext/standard/md5.c @@ -89,7 +89,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file) return; } - stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } diff --git a/ext/standard/pack.c b/ext/standard/pack.c index 32714795b3..5888039dc4 100644 --- a/ext/standard/pack.c +++ b/ext/standard/pack.c @@ -39,7 +39,6 @@ #include #endif #include "ext/standard/head.h" -#include "safe_mode.h" #include "php_string.h" #include "pack.h" #if HAVE_PWD_H diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c index 0d6ad5fc67..8c54277fcb 100644 --- a/ext/standard/proc_open.c +++ b/ext/standard/proc_open.c @@ -28,7 +28,6 @@ #include #include #include "php_string.h" -#include "safe_mode.h" #include "ext/standard/head.h" #include "ext/standard/basic_functions.h" #include "ext/standard/file.h" @@ -153,33 +152,6 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent if (string_length == 0) { continue; } - if (PG(safe_mode)) { - /* Check the protected list */ - if (zend_hash_exists(&BG(sm_protected_env_vars), string_key, string_length - 1)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", string_key); - return env; - } - /* Check the allowed list */ - if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) { - char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars)); - char *strtok_buf = NULL; - char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf); - zend_bool allowed = 0; - - while (allowed_prefix) { - if (!strncmp(allowed_prefix, string_key, strlen(allowed_prefix))) { - allowed = 1; - break; - } - allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf); - } - efree(allowed_env_vars); - if (!allowed) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", string_key); - return env; - } - } - } l = string_length + el_len + 1; memcpy(p, string_key, string_length); @@ -278,53 +250,6 @@ static void proc_open_rsrc_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) } /* }}} */ -/* {{{ php_make_safe_mode_command */ -static int php_make_safe_mode_command(char *cmd, char **safecmd, int is_persistent TSRMLS_DC) -{ - int lcmd, larg0; - char *space, *sep, *arg0; - - if (!PG(safe_mode)) { - *safecmd = pestrdup(cmd, is_persistent); - return SUCCESS; - } - - lcmd = strlen(cmd); - - arg0 = estrndup(cmd, lcmd); - - space = memchr(arg0, ' ', lcmd); - if (space) { - *space = '\0'; - larg0 = space - arg0; - } else { - larg0 = lcmd; - } - - if (php_memnstr(arg0, "..", sizeof("..")-1, arg0 + larg0)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path"); - efree(arg0); - return FAILURE; - } - - sep = zend_memrchr(arg0, PHP_DIR_SEPARATOR, larg0); - - spprintf(safecmd, 0, "%s%s%s%s", PG(safe_mode_exec_dir), (sep ? sep : "/"), (sep ? "" : arg0), (space ? cmd + larg0 : "")); - - efree(arg0); - arg0 = php_escape_shell_cmd(*safecmd); - efree(*safecmd); - if (is_persistent) { - *safecmd = pestrdup(arg0, 1); - efree(arg0); - } else { - *safecmd = arg0; - } - - return SUCCESS; -} -/* }}} */ - /* {{{ PHP_MINIT_FUNCTION(proc_open) */ PHP_MINIT_FUNCTION(proc_open) { @@ -541,9 +466,7 @@ PHP_FUNCTION(proc_open) RETURN_FALSE; } - if (FAILURE == php_make_safe_mode_command(command, &command, is_persistent TSRMLS_CC)) { - RETURN_FALSE; - } + command = pestrdup(command, is_persistent); #ifdef PHP_WIN32 if (other_options) { @@ -695,7 +618,7 @@ PHP_FUNCTION(proc_open) /* try a wrapper */ stream = php_stream_open_wrapper(Z_STRVAL_PP(zfile), Z_STRVAL_PP(zmode), - ENFORCE_SAFE_MODE|REPORT_ERRORS|STREAM_WILL_CAST, NULL); + REPORT_ERRORS|STREAM_WILL_CAST, NULL); /* force into an fd */ if (stream == NULL || FAILURE == php_stream_cast(stream, diff --git a/ext/standard/sha1.c b/ext/standard/sha1.c index 0a81f18c8a..414018d2a5 100644 --- a/ext/standard/sha1.c +++ b/ext/standard/sha1.c @@ -79,7 +79,7 @@ PHP_FUNCTION(sha1_file) return; } - stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c index 170618f76c..3f44a5c0a6 100644 --- a/ext/standard/streamsfuncs.c +++ b/ext/standard/streamsfuncs.c @@ -128,7 +128,7 @@ PHP_FUNCTION(stream_socket_client) ZVAL_STRING(zerrstr, "", 1); } - stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS, + stream = php_stream_xport_create(host, host_len, REPORT_ERRORS, STREAM_XPORT_CLIENT | (flags & PHP_STREAM_CLIENT_CONNECT ? STREAM_XPORT_CONNECT : 0) | (flags & PHP_STREAM_CLIENT_ASYNC_CONNECT ? STREAM_XPORT_CONNECT_ASYNC : 0), hashkey, &tv, context, &errstr, &err); @@ -204,7 +204,7 @@ PHP_FUNCTION(stream_socket_server) ZVAL_STRING(zerrstr, "", 1); } - stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS, + stream = php_stream_xport_create(host, host_len, REPORT_ERRORS, STREAM_XPORT_SERVER | flags, NULL, NULL, context, &errstr, &err); diff --git a/ext/standard/tests/file/bug22414.phpt b/ext/standard/tests/file/bug22414.phpt index 90e4c58bd9..fcd85489f3 100644 --- a/ext/standard/tests/file/bug22414.phpt +++ b/ext/standard/tests/file/bug22414.phpt @@ -1,7 +1,6 @@ --TEST-- Bug #22414 (passthru() does not read data correctly) --INI-- -safe_mode= output_handler= --FILE-- ---FILE-- - ---EXPECTF-- -Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in %s on line 0 -*** Test by calling method or function with deprecated option *** -string(1) "1" - +--TEST-- +Test function get_cfg_var() by calling deprecated option +--CREDITS-- +Francesco Fullone ff@ideato.it +#PHPTestFest Cesena Italia on 2009-06-20 +--INI-- +magic_quotes_gpc=1 +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in %s on line 0 +*** Test by calling method or function with deprecated option *** +string(1) "1" + diff --git a/ext/standard/tests/general_functions/putenv_error1.phpt b/ext/standard/tests/general_functions/putenv_error1.phpt index c4b49f3f87..6339a7c160 100644 --- a/ext/standard/tests/general_functions/putenv_error1.phpt +++ b/ext/standard/tests/general_functions/putenv_error1.phpt @@ -5,6 +5,8 @@ Brian DeShong --INI-- safe_mode=1 safe_mode_allowed_env_vars=TESTING_ +--SKIPIF-- + --FILE-- --INI-- safe_mode=1 safe_mode_protected_env_vars=FOO,BAZ +--SKIPIF-- + --FILE-- #endif -#include "safe_mode.h" #include "ext/standard/head.h" #include "ext/standard/php_standard.h" #include "zend_compile.h" @@ -312,55 +311,6 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC) } /* }}} */ -/* {{{ php_check_safe_mode_include_dir - */ -PHPAPI int php_check_safe_mode_include_dir(const char *path TSRMLS_DC) -{ - if (PG(safe_mode)) { - if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) { - char *pathbuf; - char *ptr; - char *end; - char resolved_name[MAXPATHLEN]; - - /* Resolve the real path into resolved_name */ - if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) { - return -1; - } - pathbuf = estrdup(PG(safe_mode_include_dir)); - ptr = pathbuf; - - while (ptr && *ptr) { - end = strchr(ptr, DEFAULT_DIR_SEPARATOR); - if (end != NULL) { - *end = '\0'; - end++; - } - - /* Check the path */ -#ifdef PHP_WIN32 - if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0) -#else - if (strncmp(ptr, resolved_name, strlen(ptr)) == 0) -#endif - { - /* File is in the right directory */ - efree(pathbuf); - return 0; - } - - ptr = end; - } - efree(pathbuf); - } - return -1; - } - - /* Nothing to check... */ - return 0; -} -/* }}} */ - /* {{{ php_fopen_and_set_opened_path */ static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, char **opened_path TSRMLS_DC) @@ -650,7 +600,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c char *pathbuf, *ptr, *end; char *exec_fname; char trypath[MAXPATHLEN]; - struct stat sb; FILE *fp; int path_length; int filename_length; @@ -668,33 +617,15 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c /* Relative path open */ if (*filename == '.') { - if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { - return NULL; - } return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } - /* - * files in safe_mode_include_dir (or subdir) are excluded from - * safe mode GID/UID checks - */ - /* Absolute path open */ if (IS_ABSOLUTE_PATH(filename, filename_length)) { - if (php_check_safe_mode_include_dir(filename TSRMLS_CC) == 0) { - /* filename is in safe_mode_include_dir (or subdir) */ - return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); - } - if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { - return NULL; - } return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } if (!path || (path && !*path)) { - if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { - return NULL; - } return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } @@ -733,21 +664,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN); } - if (PG(safe_mode)) { - if (VCWD_STAT(trypath, &sb) == 0) { - /* file exists ... check permission */ - if (php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0 || - php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM) - ) { - /* UID ok, or trypath is in safe_mode_include_dir */ - fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); - } else { - fp = NULL; - } - efree(pathbuf); - return fp; - } - } fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); if (fp) { efree(pathbuf); diff --git a/main/main.c b/main/main.c index 41496d26cf..3de188e0be 100644 --- a/main/main.c +++ b/main/main.c @@ -352,14 +352,9 @@ static PHP_INI_MH(OnUpdateErrorLog) { /* Only do the safemode/open_basedir check at runtime */ if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && new_value && strcmp(new_value, "syslog")) { - if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } - if (PG(open_basedir) && php_check_open_basedir(new_value TSRMLS_CC)) { return FAILURE; } - } OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); return SUCCESS; @@ -372,14 +367,9 @@ static PHP_INI_MH(OnUpdateMailLog) { /* Only do the safemode/open_basedir check at runtime */ if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && new_value) { - if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } - if (PG(open_basedir) && php_check_open_basedir(new_value TSRMLS_CC)) { return FAILURE; } - } OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); return SUCCESS; @@ -399,10 +389,7 @@ static PHP_INI_MH(OnChangeMailForceExtra) /* }}} */ -/* Need to convert to strings and make use of: - * PHP_SAFE_MODE - * - * Need to be read from the environment (?): +/* Need to be read from the environment (?): * PHP_AUTO_PREPEND_FILE * PHP_AUTO_APPEND_FILE * PHP_DOCUMENT_ROOT @@ -410,10 +397,6 @@ static PHP_INI_MH(OnChangeMailForceExtra) * PHP_INCLUDE_PATH */ -#ifndef PHP_SAFE_MODE_EXEC_DIR -# define PHP_SAFE_MODE_EXEC_DIR "" -#endif - /* Windows and Netware use the internal mail */ #if defined(PHP_WIN32) || defined(NETWARE) # define DEFAULT_SENDMAIL_PATH NULL @@ -458,13 +441,6 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("output_handler", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("register_argc_argv", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("auto_globals_jit", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, auto_globals_jit, php_core_globals, core_globals) -#if PHP_SAFE_MODE - STD_PHP_INI_BOOLEAN("safe_mode", "1", PHP_INI_SYSTEM, OnUpdateBool, safe_mode, php_core_globals, core_globals) -#else - STD_PHP_INI_BOOLEAN("safe_mode", "0", PHP_INI_SYSTEM, OnUpdateBool, safe_mode, php_core_globals, core_globals) -#endif - STD_PHP_INI_ENTRY("safe_mode_include_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, safe_mode_include_dir, php_core_globals, core_globals) - STD_PHP_INI_BOOLEAN("safe_mode_gid", "0", PHP_INI_SYSTEM, OnUpdateBool, safe_mode_gid, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("short_open_tag", DEFAULT_SHORT_OPEN_TAG, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, short_tags, zend_compiler_globals, compiler_globals) STD_PHP_INI_BOOLEAN("sql.safe_mode", "0", PHP_INI_SYSTEM, OnUpdateBool, sql_safe_mode, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("track_errors", "0", PHP_INI_ALL, OnUpdateBool, track_errors, php_core_globals, core_globals) @@ -484,7 +460,6 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("include_path", PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty, include_path, php_core_globals, core_globals) PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout) STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir, open_basedir, php_core_globals, core_globals) - STD_PHP_INI_ENTRY("safe_mode_exec_dir", PHP_SAFE_MODE_EXEC_DIR, PHP_INI_SYSTEM, OnUpdateString, safe_mode_exec_dir, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("file_uploads", "1", PHP_INI_SYSTEM, OnUpdateBool, file_uploads, php_core_globals, core_globals) STD_PHP_INI_ENTRY("upload_max_filesize", "2M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, upload_max_filesize, php_core_globals, core_globals) @@ -1117,6 +1092,70 @@ static void php_error_cb(int type, const char *error_filename, const uint error_ } /* }}} */ +/* {{{ php_get_current_user + */ +PHPAPI char *php_get_current_user(void) +{ + struct stat *pstat; + TSRMLS_FETCH(); + + if (SG(request_info).current_user) { + return SG(request_info).current_user; + } + + /* FIXME: I need to have this somehow handled if + USE_SAPI is defined, because cgi will also be + interfaced in USE_SAPI */ + + pstat = sapi_get_stat(TSRMLS_C); + + if (!pstat) { + return ""; + } else { +#ifdef PHP_WIN32 + char name[256]; + DWORD len = sizeof(name)-1; + + if (!GetUserName(name, &len)) { + return ""; + } + name[len] = '\0'; + SG(request_info).current_user_length = len; + SG(request_info).current_user = estrndup(name, len); + return SG(request_info).current_user; +#else + struct passwd *pwd; +#if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX) + struct passwd _pw; + struct passwd *retpwptr = NULL; + int pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); + char *pwbuf; + + if (pwbuflen < 1) { + return ""; + } + pwbuf = emalloc(pwbuflen); + if (getpwuid_r(pstat->st_uid, &_pw, pwbuf, pwbuflen, &retpwptr) != 0) { + efree(pwbuf); + return ""; + } + pwd = &_pw; +#else + if ((pwd=getpwuid(pstat->st_uid))==NULL) { + return ""; + } +#endif + SG(request_info).current_user_length = strlen(pwd->pw_name); + SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length); +#if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX) + efree(pwbuf); +#endif + return SG(request_info).current_user; +#endif + } +} +/* }}} */ + /* {{{ proto bool set_time_limit(int seconds) Sets the maximum time a script can run */ PHP_FUNCTION(set_time_limit) @@ -1125,11 +1164,6 @@ PHP_FUNCTION(set_time_limit) char *new_timeout_str; int new_timeout_strlen; - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot set time limit in safe mode"); - RETURN_FALSE; - } - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &new_timeout) == FAILURE) { return; } @@ -1149,7 +1183,7 @@ PHP_FUNCTION(set_time_limit) */ static FILE *php_fopen_wrapper_for_zend(const char *filename, char **opened_path TSRMLS_DC) { - return php_stream_open_wrapper_as_file((char *)filename, "rb", ENFORCE_SAFE_MODE|USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE, opened_path); + return php_stream_open_wrapper_as_file((char *)filename, "rb", USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE, opened_path); } /* }}} */ @@ -1178,7 +1212,7 @@ static size_t php_zend_stream_fsizer(void *handle TSRMLS_DC) /* {{{ */ static int php_stream_open_for_zend(const char *filename, zend_file_handle *handle TSRMLS_DC) /* {{{ */ { - return php_stream_open_for_zend_ex(filename, handle, ENFORCE_SAFE_MODE|USE_PATH|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); + return php_stream_open_for_zend_ex(filename, handle, USE_PATH|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); } /* }}} */ @@ -1412,8 +1446,8 @@ int php_request_startup(TSRMLS_D) zend_set_timeout(PG(max_input_time), 1); } - /* Disable realpath cache if safe_mode or open_basedir are set */ - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + /* Disable realpath cache if an open_basedir is set */ + if (PG(open_basedir) && *PG(open_basedir)) { CWDG(realpath_cache_size_limit) = 0; } @@ -1976,8 +2010,8 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod /* Register Zend ini entries */ zend_register_standard_ini_entries(TSRMLS_C); - /* Disable realpath cache if safe_mode or open_basedir are set */ - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + /* Disable realpath cache if an open_basedir is set */ + if (PG(open_basedir) && *PG(open_basedir)) { CWDG(realpath_cache_size_limit) = 0; } @@ -2065,13 +2099,12 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod struct { const long error_level; const char *phrase; - const char *directives[7]; /* Remember to change this if the number of directives change */ - } directives[] = { + const char *directives[13]; /* Remember to change this if the number of directives change */ + } directives[2] = { { E_CORE_WARNING, "Directive '%s' is deprecated in PHP 5.3 and greater", { - "safe_mode", "magic_quotes_gpc", "magic_quotes_runtime", "magic_quotes_sybase", @@ -2082,12 +2115,18 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod E_CORE_ERROR, "Directive '%s' is no longer available in PHP", { + "allow_call_time_pass_reference", "define_syslog_variables", "highlight.bg", "register_globals", "register_long_arrays", + "safe_mode", + "safe_mode_gid", + "safe_mode_include_dir", + "safe_mode_exec_dir", + "safe_mode_allowed_env_vars", + "safe_mode_protected_env_vars", "zend.ze1_compatibility_mode", - "allow_call_time_pass_reference", NULL } } diff --git a/main/network.c b/main/network.c index 32337d2f44..99d4ed8437 100644 --- a/main/network.c +++ b/main/network.c @@ -1046,7 +1046,7 @@ PHPAPI php_stream *_php_stream_sock_open_host(const char *host, unsigned short p reslen = spprintf(&res, 0, "tcp://%s:%d", host, port); - stream = php_stream_xport_create(res, reslen, ENFORCE_SAFE_MODE | REPORT_ERRORS, + stream = php_stream_xport_create(res, reslen, REPORT_ERRORS, STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, persistent_id, timeout, NULL, NULL, NULL); efree(res); diff --git a/main/php.h b/main/php.h index 8bdc8c7aeb..ccb0012d4f 100644 --- a/main/php.h +++ b/main/php.h @@ -196,8 +196,6 @@ typedef unsigned int socklen_t; # endif #endif -#include "safe_mode.h" - #ifndef HAVE_STRERROR char *strerror(int); #endif @@ -331,6 +329,7 @@ PHPAPI int php_register_internal_extensions(TSRMLS_D); PHPAPI int php_mergesort(void *base, size_t nmemb, register size_t size, int (*cmp)(const void *, const void * TSRMLS_DC) TSRMLS_DC); PHPAPI void php_register_pre_request_shutdown(void (*func)(void *), void *userdata); PHPAPI void php_com_initialize(TSRMLS_D); +PHPAPI char *php_get_current_user(void); END_EXTERN_C() /* PHP-named Zend macro wrappers */ diff --git a/main/php_globals.h b/main/php_globals.h index 09615738c8..921168e8c4 100644 --- a/main/php_globals.h +++ b/main/php_globals.h @@ -58,14 +58,10 @@ struct _php_core_globals { zend_bool magic_quotes_runtime; zend_bool magic_quotes_sybase; - zend_bool safe_mode; - zend_bool implicit_flush; long output_buffering; - char *safe_mode_include_dir; - zend_bool safe_mode_gid; zend_bool sql_safe_mode; zend_bool enable_dl; @@ -74,8 +70,6 @@ struct _php_core_globals { char *unserialize_callback_func; long serialize_precision; - char *safe_mode_exec_dir; - long memory_limit; long max_input_time; diff --git a/main/php_ini.c b/main/php_ini.c index e6c71a14d4..40cd7efe06 100644 --- a/main/php_ini.c +++ b/main/php_ini.c @@ -365,7 +365,6 @@ int php_init_config(TSRMLS_D) char *php_ini_file_name = NULL; char *php_ini_search_path = NULL; int php_ini_scanned_path_len; - int safe_mode_state; char *open_basedir; int free_ini_search_path = 0; zend_file_handle fh; @@ -381,7 +380,6 @@ int php_init_config(TSRMLS_D) zend_llist_init(&extension_lists.engine, sizeof(char *), (llist_dtor_func_t) free_estring, 1); zend_llist_init(&extension_lists.functions, sizeof(char *), (llist_dtor_func_t) free_estring, 1); - safe_mode_state = PG(safe_mode); open_basedir = PG(open_basedir); if (sapi_module.php_ini_path_override) { @@ -528,7 +526,6 @@ int php_init_config(TSRMLS_D) #endif } - PG(safe_mode) = 0; PG(open_basedir) = NULL; /* @@ -581,7 +578,6 @@ int php_init_config(TSRMLS_D) efree(php_ini_search_path); } - PG(safe_mode) = safe_mode_state; PG(open_basedir) = open_basedir; if (fh.handle.fp) { diff --git a/main/php_streams.h b/main/php_streams.h index 7a960dbbfe..fee033ab4b 100755 --- a/main/php_streams.h +++ b/main/php_streams.h @@ -479,7 +479,6 @@ END_EXTERN_C() #define IGNORE_PATH 0x00000000 #define USE_PATH 0x00000001 #define IGNORE_URL 0x00000002 -#define ENFORCE_SAFE_MODE 0x00000004 #define REPORT_ERRORS 0x00000008 /* If you don't need to write to the stream, but really need to diff --git a/main/safe_mode.c b/main/safe_mode.c deleted file mode 100644 index a858d11921..0000000000 --- a/main/safe_mode.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - +----------------------------------------------------------------------+ - | PHP Version 5 | - +----------------------------------------------------------------------+ - | Copyright (c) 1997-2010 The PHP Group | - +----------------------------------------------------------------------+ - | This source file is subject to version 3.01 of the PHP license, | - | that is bundled with this package in the file LICENSE, and is | - | available through the world-wide-web at the following url: | - | http://www.php.net/license/3_01.txt | - | If you did not receive a copy of the PHP license and are unable to | - | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | - +----------------------------------------------------------------------+ - | Author: Rasmus Lerdorf | - +----------------------------------------------------------------------+ - */ - -/* $Id$ */ - -#include "php.h" - -#include -#include - -#if HAVE_UNISTD_H -#include -#endif -#include -#include "ext/standard/pageinfo.h" -#include "safe_mode.h" -#include "SAPI.h" -#include "php_globals.h" - -/* - * php_checkuid - * - * This function has six modes: - * - * 0 - return invalid (0) if file does not exist - * 1 - return valid (1) if file does not exist - * 2 - if file does not exist, check directory - * 3 - only check directory (needed for mkdir) - * 4 - check mode and param - * 5 - only check file - */ - -PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mode, int flags) -{ - struct stat sb; - int ret, nofile=0; - long uid=0L, gid=0L, duid=0L, dgid=0L; - char path[MAXPATHLEN]; - char *s, filenamecopy[MAXPATHLEN]; - TSRMLS_FETCH(); - - path[0] = '\0'; - - if (!filename) { - return 0; /* path must be provided */ - } - - if (strlcpy(filenamecopy, filename, MAXPATHLEN)>=MAXPATHLEN) { - return 0; - } - filename=(char *)&filenamecopy; - - if (fopen_mode) { - if (fopen_mode[0] == 'r') { - mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS; - } else { - mode = CHECKUID_CHECK_FILE_AND_DIR; - } - } - - /* First we see if the file is owned by the same user... - * If that fails, passthrough and check directory... - */ - if (mode != CHECKUID_ALLOW_ONLY_DIR) { -#if HAVE_BROKEN_GETCWD - char ftest[MAXPATHLEN]; - - strcpy(ftest, filename); - if (VCWD_GETCWD(ftest, sizeof(ftest)) == NULL) { - strcpy(path, filename); - } else -#endif - expand_filepath(filename, path TSRMLS_CC); - - ret = VCWD_STAT(path, &sb); - if (ret < 0) { - if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) { - if ((flags & CHECKUID_NO_ERRORS) == 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); - } - return 0; - } else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) { - if ((flags & CHECKUID_NO_ERRORS) == 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); - } - return 1; - } - nofile = 1; - } else { - uid = sb.st_uid; - gid = sb.st_gid; - if (uid == php_getuid(TSRMLS_C)) { - return 1; - } else if (PG(safe_mode_gid) && gid == php_getgid(TSRMLS_C)) { - return 1; - } - } - - /* Trim off filename */ - if ((s = strrchr(path, DEFAULT_SLASH))) { - if (*(s + 1) == '\0' && s != path) { /* make sure that the / is not the last character */ - *s = '\0'; - s = strrchr(path, DEFAULT_SLASH); - } - if (s) { - if (s == path) { - path[1] = '\0'; - } else { - *s = '\0'; - } - } - } - } else { /* CHECKUID_ALLOW_ONLY_DIR */ - s = strrchr(filename, DEFAULT_SLASH); - - if (s == filename) { - /* root dir */ - path[0] = DEFAULT_SLASH; - path[1] = '\0'; - } else if (s && *(s + 1) != '\0') { /* make sure that the / is not the last character */ - *s = '\0'; - VCWD_REALPATH(filename, path); - *s = DEFAULT_SLASH; - } else { - /* Under Solaris, getcwd() can fail if there are no - * read permissions on a component of the path, even - * though it has the required x permissions */ - path[0] = '.'; - path[1] = '\0'; - VCWD_GETCWD(path, sizeof(path)); - } - } /* end CHECKUID_ALLOW_ONLY_DIR */ - - if (mode != CHECKUID_ALLOW_ONLY_FILE) { - /* check directory */ - ret = VCWD_STAT(path, &sb); - if (ret < 0) { - if ((flags & CHECKUID_NO_ERRORS) == 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); - } - return 0; - } - duid = sb.st_uid; - dgid = sb.st_gid; - if (duid == php_getuid(TSRMLS_C)) { - return 1; - } else if (PG(safe_mode_gid) && dgid == php_getgid(TSRMLS_C)) { - return 1; - } else { - if (SG(rfc1867_uploaded_files)) { - if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) filename, strlen(filename)+1)) { - return 1; - } - } - } - } - - if (mode == CHECKUID_ALLOW_ONLY_DIR) { - uid = duid; - gid = dgid; - if (s) { - *s = 0; - } - } - - if (nofile) { - uid = duid; - gid = dgid; - filename = path; - } - - if ((flags & CHECKUID_NO_ERRORS) == 0) { - if (PG(safe_mode_gid)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld", php_getuid(TSRMLS_C), php_getgid(TSRMLS_C), filename, uid, gid); - } else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", php_getuid(TSRMLS_C), filename, uid); - } - } - - return 0; -} - -PHPAPI int php_checkuid(const char *filename, const char *fopen_mode, int mode) -{ -#ifdef NETWARE -/* NetWare don't have uid*/ - return 1; -#else - return php_checkuid_ex(filename, fopen_mode, mode, 0); -#endif -} - -PHPAPI char *php_get_current_user(void) -{ - struct stat *pstat; - TSRMLS_FETCH(); - - if (SG(request_info).current_user) { - return SG(request_info).current_user; - } - - /* FIXME: I need to have this somehow handled if - USE_SAPI is defined, because cgi will also be - interfaced in USE_SAPI */ - - pstat = sapi_get_stat(TSRMLS_C); - - if (!pstat) { - return ""; - } else { -#ifdef PHP_WIN32 - char name[256]; - DWORD len = sizeof(name)-1; - - if (!GetUserName(name, &len)) { - return ""; - } - name[len] = '\0'; - SG(request_info).current_user_length = len; - SG(request_info).current_user = estrndup(name, len); - return SG(request_info).current_user; -#else - struct passwd *pwd; -#if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX) - struct passwd _pw; - struct passwd *retpwptr = NULL; - int pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); - char *pwbuf; - - if (pwbuflen < 1) { - return ""; - } - pwbuf = emalloc(pwbuflen); - if (getpwuid_r(pstat->st_uid, &_pw, pwbuf, pwbuflen, &retpwptr) != 0) { - efree(pwbuf); - return ""; - } - pwd = &_pw; -#else - if ((pwd=getpwuid(pstat->st_uid))==NULL) { - return ""; - } -#endif - SG(request_info).current_user_length = strlen(pwd->pw_name); - SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length); -#if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX) - efree(pwbuf); -#endif - return SG(request_info).current_user; -#endif - } -} - -/* - * Local variables: - * tab-width: 4 - * c-basic-offset: 4 - * End: - * vim600: sw=4 ts=4 fdm=marker - * vim<600: sw=4 ts=4 - */ diff --git a/main/safe_mode.h b/main/safe_mode.h deleted file mode 100644 index 3c3769da61..0000000000 --- a/main/safe_mode.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - +----------------------------------------------------------------------+ - | PHP Version 5 | - +----------------------------------------------------------------------+ - | Copyright (c) 1997-2010 The PHP Group | - +----------------------------------------------------------------------+ - | This source file is subject to version 3.01 of the PHP license, | - | that is bundled with this package in the file LICENSE, and is | - | available through the world-wide-web at the following url: | - | http://www.php.net/license/3_01.txt | - | If you did not receive a copy of the PHP license and are unable to | - | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | - +----------------------------------------------------------------------+ - | Author: | - +----------------------------------------------------------------------+ -*/ - -/* $Id$ */ - -#ifndef SAFE_MODE_H -#define SAFE_MODE_H - -/* mode's for php_checkuid() */ -#define CHECKUID_DISALLOW_FILE_NOT_EXISTS 0 -#define CHECKUID_ALLOW_FILE_NOT_EXISTS 1 -#define CHECKUID_CHECK_FILE_AND_DIR 2 -#define CHECKUID_ALLOW_ONLY_DIR 3 -#define CHECKUID_CHECK_MODE_PARAM 4 -#define CHECKUID_ALLOW_ONLY_FILE 5 - -/* flags for php_checkuid_ex() */ -#define CHECKUID_NO_ERRORS 0x01 - -BEGIN_EXTERN_C() -PHPAPI int php_checkuid(const char *filename, const char *fopen_mode, int mode); -PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mode, int flags); -PHPAPI char *php_get_current_user(void); -END_EXTERN_C() - -#endif diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c index 23b9ccbb86..0f1d8375c1 100644 --- a/main/streams/plain_wrapper.c +++ b/main/streams/plain_wrapper.c @@ -859,10 +859,6 @@ static php_stream *php_plain_files_dir_opener(php_stream_wrapper *wrapper, char return NULL; } - if (PG(safe_mode) &&(!php_checkuid(path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return NULL; - } - dir = VCWD_OPENDIR(path); #ifdef PHP_WIN32 @@ -992,13 +988,6 @@ static php_stream *php_plain_files_stream_opener(php_stream_wrapper *wrapper, ch return NULL; } - if ((php_check_safe_mode_include_dir(path TSRMLS_CC)) == 0) { - return php_stream_fopen_rel(path, mode, opened_path, options); - } - - if ((options & ENFORCE_SAFE_MODE) && PG(safe_mode) && (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM))) - return NULL; - return php_stream_fopen_rel(path, mode, opened_path, options); } @@ -1009,10 +998,6 @@ static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url, in url += sizeof("file://") - 1; } - if (PG(safe_mode) &&(!php_checkuid_ex(url, NULL, CHECKUID_CHECK_FILE_AND_DIR, (flags & PHP_STREAM_URL_STAT_QUIET) ? CHECKUID_NO_ERRORS : 0))) { - return -1; - } - if (php_check_open_basedir_ex(url, (flags & PHP_STREAM_URL_STAT_QUIET) ? 0 : 1 TSRMLS_CC)) { return -1; } @@ -1034,16 +1019,6 @@ static int php_plain_files_unlink(php_stream_wrapper *wrapper, char *url, int op url = p + 3; } - if (options & ENFORCE_SAFE_MODE) { - if (PG(safe_mode) && !php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - return 0; - } - - if (php_check_open_basedir(url TSRMLS_CC)) { - return 0; - } - } - ret = VCWD_UNLINK(url); if (ret == -1) { if (options & REPORT_ERRORS) { @@ -1086,11 +1061,6 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, char *url_from, c url_to = p + 3; } - if (PG(safe_mode) && (!php_checkuid(url_from, NULL, CHECKUID_CHECK_FILE_AND_DIR) || - !php_checkuid(url_to, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return 0; - } - if (php_check_open_basedir(url_from TSRMLS_CC) || php_check_open_basedir(url_to TSRMLS_CC)) { return 0; } @@ -1246,10 +1216,6 @@ static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int opt #if PHP_WIN32 int url_len = strlen(url); #endif - if (PG(safe_mode) &&(!php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return 0; - } - if (php_check_open_basedir(url TSRMLS_CC)) { return 0; } @@ -1298,7 +1264,6 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char char *pathbuf, *ptr, *end; char *exec_fname; char trypath[MAXPATHLEN]; - struct stat sb; php_stream *stream; int path_length; int filename_length; @@ -1330,17 +1295,9 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char return NULL; } - if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { - return NULL; - } return php_stream_fopen_rel(filename, mode, opened_path, options); } - /* - * files in safe_mode_include_dir (or subdir) are excluded from - * safe mode GID/UID checks - */ - not_relative_path: /* Absolute path open */ @@ -1350,13 +1307,6 @@ not_relative_path: return NULL; } - if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) - /* filename is in safe_mode_include_dir (or subdir) */ - return php_stream_fopen_rel(filename, mode, opened_path, options); - - if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) - return NULL; - return php_stream_fopen_rel(filename, mode, opened_path, options); } @@ -1377,21 +1327,12 @@ not_relative_path: if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(trypath TSRMLS_CC)) { return NULL; } - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC)) == 0) { - return php_stream_fopen_rel(trypath, mode, opened_path, options); - } - if (PG(safe_mode) && (!php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM))) { - return NULL; - } return php_stream_fopen_rel(trypath, mode, opened_path, options); } #endif if (!path || (path && !*path)) { - if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { - return NULL; - } return php_stream_fopen_rel(filename, mode, opened_path, options); } @@ -1439,21 +1380,8 @@ not_relative_path: goto stream_skip; } - if (PG(safe_mode)) { - if (VCWD_STAT(trypath, &sb) == 0) { - /* file exists ... check permission */ - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || - php_checkuid_ex(trypath, mode, CHECKUID_CHECK_MODE_PARAM, CHECKUID_NO_ERRORS)) { - /* UID ok, or trypath is in safe_mode_include_dir */ - stream = php_stream_fopen_rel(trypath, mode, opened_path, options); - goto stream_done; - } - } - goto stream_skip; - } stream = php_stream_fopen_rel(trypath, mode, opened_path, options); if (stream) { -stream_done: efree(pathbuf); return stream; } diff --git a/main/streams/streams.c b/main/streams/streams.c index ccb7e34632..cbfccb4471 100755 --- a/main/streams/streams.c +++ b/main/streams/streams.c @@ -1693,7 +1693,7 @@ PHPAPI int _php_stream_mkdir(char *path, int mode, int options, php_stream_conte { php_stream_wrapper *wrapper = NULL; - wrapper = php_stream_locate_url_wrapper(path, NULL, ENFORCE_SAFE_MODE TSRMLS_CC); + wrapper = php_stream_locate_url_wrapper(path, NULL, 0 TSRMLS_CC); if (!wrapper || !wrapper->wops || !wrapper->wops->stream_mkdir) { return 0; } @@ -1708,7 +1708,7 @@ PHPAPI int _php_stream_rmdir(char *path, int options, php_stream_context *contex { php_stream_wrapper *wrapper = NULL; - wrapper = php_stream_locate_url_wrapper(path, NULL, ENFORCE_SAFE_MODE TSRMLS_CC); + wrapper = php_stream_locate_url_wrapper(path, NULL, 0 TSRMLS_CC); if (!wrapper || !wrapper->wops || !wrapper->wops->stream_rmdir) { return 0; } @@ -1737,7 +1737,7 @@ PHPAPI int _php_stream_stat_path(char *path, int flags, php_stream_statbuf *ssb, } } - wrapper = php_stream_locate_url_wrapper(path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC); + wrapper = php_stream_locate_url_wrapper(path, &path_to_open, 0 TSRMLS_CC); if (wrapper && wrapper->wops->url_stat) { ret = wrapper->wops->url_stat(wrapper, path_to_open, flags, ssb, context TSRMLS_CC); if (ret == 0) { @@ -2151,7 +2151,7 @@ PHPAPI int _php_stream_scandir(char *dirname, char **namelist[], int flags, php_ return FAILURE; } - stream = php_stream_opendir(dirname, ENFORCE_SAFE_MODE | REPORT_ERRORS, context); + stream = php_stream_opendir(dirname, REPORT_ERRORS, context); if (!stream) { return FAILURE; } diff --git a/main/streams/userspace.c b/main/streams/userspace.c index ccc4affafa..d532a168d2 100644 --- a/main/streams/userspace.c +++ b/main/streams/userspace.c @@ -77,7 +77,6 @@ PHP_MINIT_FUNCTION(user_streams) REGISTER_LONG_CONSTANT("STREAM_USE_PATH", USE_PATH, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_IGNORE_URL", IGNORE_URL, CONST_CS|CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("STREAM_ENFORCE_SAFE_MODE", ENFORCE_SAFE_MODE, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_REPORT_ERRORS", REPORT_ERRORS, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_MUST_SEEK", STREAM_MUST_SEEK, CONST_CS|CONST_PERSISTENT); diff --git a/pear/Makefile.frag b/pear/Makefile.frag index 1f6f70ec04..00bacae2df 100644 --- a/pear/Makefile.frag +++ b/pear/Makefile.frag @@ -3,7 +3,7 @@ peardir=$(PEAR_INSTALLDIR) # Skip all php.ini files altogether -PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dsafe_mode=0 -dopen_basedir= -derror_reporting=1803 -dmemory_limit=-1 -ddetect_unicode=0 +PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dopen_basedir= -derror_reporting=1803 -dmemory_limit=-1 -ddetect_unicode=0 WGET = `which wget 2>/dev/null` FETCH = `which fetch 2>/dev/null` diff --git a/php.ini-development b/php.ini-development index cd716d0d02..ab8091f538 100644 --- a/php.ini-development +++ b/php.ini-development @@ -305,44 +305,6 @@ unserialize_callback_func = ; are decoded with unserialize, the data will remain the same. serialize_precision = 100 -; Safe Mode -; http://php.net/safe-mode -safe_mode = Off - -; By default, Safe Mode does a UID compare check when -; opening files. If you want to relax this to a GID compare, -; then turn on safe_mode_gid. -; http://php.net/safe-mode-gid -safe_mode_gid = Off - -; When safe_mode is on, UID/GID checks are bypassed when -; including files from this directory and its subdirectories. -; (directory must also be in include_path or full path must -; be used when including) -; http://php.net/safe-mode-include-dir -safe_mode_include_dir = - -; When safe_mode is on, only executables located in the safe_mode_exec_dir -; will be allowed to be executed via the exec family of functions. -; http://php.net/safe-mode-exec-dir -safe_mode_exec_dir = - -; Setting certain environment variables may be a potential security breach. -; This directive contains a comma-delimited list of prefixes. In Safe Mode, -; the user may only alter environment variables whose names begin with the -; prefixes supplied here. By default, users will only be able to set -; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). -; Note: If this directive is empty, PHP will let the user modify ANY -; environment variable! -; http://php.net/safe-mode-allowed-env-vars -safe_mode_allowed_env_vars = PHP_ - -; This directive contains a comma-delimited list of environment variables that -; the end user won't be able to change using putenv(). These variables will be -; protected even if safe_mode_allowed_env_vars is set to allow to change them. -; http://php.net/safe-mode-protected-env-vars -safe_mode_protected_env_vars = LD_LIBRARY_PATH - ; open_basedir, if set, limits all file operations to the defined directory ; and below. This directive makes most sense if used in a per-directory ; or per-virtualhost web server configuration file. This directive is diff --git a/php.ini-production b/php.ini-production index 2f6c1c01d1..37e7aff7ff 100644 --- a/php.ini-production +++ b/php.ini-production @@ -305,44 +305,6 @@ unserialize_callback_func = ; are decoded with unserialize, the data will remain the same. serialize_precision = 100 -; Safe Mode -; http://php.net/safe-mode -safe_mode = Off - -; By default, Safe Mode does a UID compare check when -; opening files. If you want to relax this to a GID compare, -; then turn on safe_mode_gid. -; http://php.net/safe-mode-gid -safe_mode_gid = Off - -; When safe_mode is on, UID/GID checks are bypassed when -; including files from this directory and its subdirectories. -; (directory must also be in include_path or full path must -; be used when including) -; http://php.net/safe-mode-include-dir -safe_mode_include_dir = - -; When safe_mode is on, only executables located in the safe_mode_exec_dir -; will be allowed to be executed via the exec family of functions. -; http://php.net/safe-mode-exec-dir -safe_mode_exec_dir = - -; Setting certain environment variables may be a potential security breach. -; This directive contains a comma-delimited list of prefixes. In Safe Mode, -; the user may only alter environment variables whose names begin with the -; prefixes supplied here. By default, users will only be able to set -; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). -; Note: If this directive is empty, PHP will let the user modify ANY -; environment variable! -; http://php.net/safe-mode-allowed-env-vars -safe_mode_allowed_env_vars = PHP_ - -; This directive contains a comma-delimited list of environment variables that -; the end user won't be able to change using putenv(). These variables will be -; protected even if safe_mode_allowed_env_vars is set to allow to change them. -; http://php.net/safe-mode-protected-env-vars -safe_mode_protected_env_vars = LD_LIBRARY_PATH - ; open_basedir, if set, limits all file operations to the defined directory ; and below. This directive makes most sense if used in a per-directory ; or per-virtualhost web server configuration file. This directive is diff --git a/sapi/apache/mod_php5.c b/sapi/apache/mod_php5.c index 6b287c1a6b..25b5ef77cd 100644 --- a/sapi/apache/mod_php5.c +++ b/sapi/apache/mod_php5.c @@ -542,7 +542,7 @@ static void init_request_info(TSRMLS_D) SG(request_info).auth_password = NULL; SG(request_info).auth_digest = NULL; - if (authorization && (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r)))) { + if (authorization) { char *p = getword(r->pool, &authorization, ' '); if (!strcasecmp(p, "Basic")) { tmp = uudecode(r->pool, authorization); diff --git a/sapi/apache/php_apache.c b/sapi/apache/php_apache.c index 20a5160935..2eb9277354 100644 --- a/sapi/apache/php_apache.c +++ b/sapi/apache/php_apache.c @@ -272,7 +272,7 @@ PHP_MINFO_FUNCTION(apache) env_arr = table_elts(r->headers_in); env = (table_entry *)env_arr->elts; for (i = 0; i < env_arr->nelts; ++i) { - if (env[i].key && (!PG(safe_mode) || (PG(safe_mode) && strncasecmp(env[i].key, "authorization", 13)))) { + if (env[i].key) { php_info_print_table_row(2, env[i].key, env[i].val); } } @@ -401,9 +401,7 @@ PHP_FUNCTION(apache_request_headers) env_arr = table_elts(((request_rec *) SG(server_context))->headers_in); tenv = (table_entry *)env_arr->elts; for (i = 0; i < env_arr->nelts; ++i) { - if (!tenv[i].key || - (PG(safe_mode) && - !strncasecmp(tenv[i].key, "authorization", 13))) { + if (!tenv[i].key) { continue; } if (add_assoc_string(return_value, tenv[i].key, (tenv[i].val==NULL) ? "" : tenv[i].val, 1)==FAILURE) { @@ -594,11 +592,6 @@ PHP_FUNCTION(apache_get_modules) Reset the Apache write timer */ PHP_FUNCTION(apache_reset_timeout) { - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot reset the Apache timeout in safe mode"); - RETURN_FALSE; - } - ap_reset_timeout((request_rec *)SG(server_context)); RETURN_TRUE; } diff --git a/sapi/apache2filter/sapi_apache2.c b/sapi/apache2filter/sapi_apache2.c index c9719b5ed7..2a7d5b7dd0 100644 --- a/sapi/apache2filter/sapi_apache2.c +++ b/sapi/apache2filter/sapi_apache2.c @@ -426,17 +426,16 @@ static void php_apache_request_ctor(ap_filter_t *f, php_struct *ctx TSRMLS_DC) apr_table_unset(f->r->headers_out, "Last-Modified"); apr_table_unset(f->r->headers_out, "Expires"); apr_table_unset(f->r->headers_out, "ETag"); - if (!PG(safe_mode) || (PG(safe_mode) && !ap_auth_type(f->r))) { - auth = apr_table_get(f->r->headers_in, "Authorization"); - php_handle_auth_data(auth TSRMLS_CC); - if (SG(request_info).auth_user == NULL && f->r->user) { - SG(request_info).auth_user = estrdup(f->r->user); - } - ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user); - } else { - SG(request_info).auth_user = NULL; - SG(request_info).auth_password = NULL; + + auth = apr_table_get(f->r->headers_in, "Authorization"); + php_handle_auth_data(auth TSRMLS_CC); + + if (SG(request_info).auth_user == NULL && f->r->user) { + SG(request_info).auth_user = estrdup(f->r->user); } + + ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user); + php_request_startup(TSRMLS_C); } diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 386bef0dbc..22e879237e 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -476,17 +476,16 @@ static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC) apr_table_unset(r->headers_out, "Last-Modified"); apr_table_unset(r->headers_out, "Expires"); apr_table_unset(r->headers_out, "ETag"); - if (!PG(safe_mode) || (PG(safe_mode) && !ap_auth_type(r))) { - auth = apr_table_get(r->headers_in, "Authorization"); - php_handle_auth_data(auth TSRMLS_CC); - if (SG(request_info).auth_user == NULL && r->user) { - SG(request_info).auth_user = estrdup(r->user); - } - ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user); - } else { - SG(request_info).auth_user = NULL; - SG(request_info).auth_password = NULL; + + auth = apr_table_get(r->headers_in, "Authorization"); + php_handle_auth_data(auth TSRMLS_CC); + + if (SG(request_info).auth_user == NULL && r->user) { + SG(request_info).auth_user = estrdup(r->user); } + + ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user); + return php_request_startup(TSRMLS_C); } diff --git a/sapi/apache_hooks/php_apache.c b/sapi/apache_hooks/php_apache.c index 20425ba151..c0fd59ee07 100644 --- a/sapi/apache_hooks/php_apache.c +++ b/sapi/apache_hooks/php_apache.c @@ -44,7 +44,7 @@ extern module **ap_loaded_modules; static int le_apachereq; static zend_class_entry *apacherequest_class_entry; -static void apache_table_to_zval(table *, int safe_mode, zval *return_value); +static void apache_table_to_zval(table *, zval *return_value); PHP_FUNCTION(virtual); PHP_FUNCTION(apache_request_headers); @@ -567,7 +567,7 @@ PHP_FUNCTION(apache_request_headers_in) APREQ_GET_REQUEST(id, r); - apache_table_to_zval(r->headers_in, 0, return_value); + apache_table_to_zval(r->headers_in, return_value); } /* }}} */ @@ -664,7 +664,7 @@ PHP_FUNCTION(apache_request_headers_out) add_header_to_table(r->headers_out, INTERNAL_FUNCTION_PARAM_PASSTHRU); } - apache_table_to_zval(r->headers_out, 0, return_value); + apache_table_to_zval(r->headers_out, return_value); } /* }}} */ @@ -683,7 +683,7 @@ PHP_FUNCTION(apache_request_err_headers_out) add_header_to_table(r->err_headers_out, INTERNAL_FUNCTION_PARAM_PASSTHRU); } - apache_table_to_zval(r->err_headers_out, 0, return_value); + apache_table_to_zval(r->err_headers_out, return_value); } /* }}} */ @@ -1683,7 +1683,7 @@ PHP_MINFO_FUNCTION(apache) env_arr = table_elts(r->headers_in); env = (table_entry *)env_arr->elts; for (i = 0; i < env_arr->nelts; ++i) { - if (env[i].key && (!PG(safe_mode) || (PG(safe_mode) && strncasecmp(env[i].key, "authorization", 13)))) { + if (env[i].key) { php_info_print_table_row(2, env[i].key, env[i].val); } } @@ -1751,9 +1751,9 @@ PHP_FUNCTION(virtual) /* }}} */ -/* {{{ apache_table_to_zval(table *, int safe_mode, zval *return_value) +/* {{{ apache_table_to_zval(table *, zval *return_value) Fetch all HTTP request headers */ -static void apache_table_to_zval(table *t, int safe_mode, zval *return_value) +static void apache_table_to_zval(table *t, zval *return_value) { array_header *env_arr; table_entry *tenv; @@ -1763,8 +1763,7 @@ static void apache_table_to_zval(table *t, int safe_mode, zval *return_value) env_arr = table_elts(t); tenv = (table_entry *)env_arr->elts; for (i = 0; i < env_arr->nelts; ++i) { - if (!tenv[i].key || - (safe_mode && !strncasecmp(tenv[i].key, "authorization", 13))) { + if (!tenv[i].key) { continue; } if (add_assoc_string(return_value, tenv[i].key, (tenv[i].val==NULL) ? "" : tenv[i].val, 1)==FAILURE) { @@ -1789,7 +1788,7 @@ PHP_FUNCTION(apache_request_headers) return; } - apache_table_to_zval(((request_rec *)SG(server_context))->headers_in, PG(safe_mode), return_value); + apache_table_to_zval(((request_rec *)SG(server_context))->headers_in, return_value); } /* }}} */ @@ -1801,7 +1800,7 @@ PHP_FUNCTION(apache_response_headers) return; } - apache_table_to_zval(((request_rec *) SG(server_context))->headers_out, 0, return_value); + apache_table_to_zval(((request_rec *) SG(server_context))->headers_out, return_value); } /* }}} */ diff --git a/sapi/nsapi/nsapi.c b/sapi/nsapi/nsapi.c index 8d8363c01c..e2048fd98a 100644 --- a/sapi/nsapi/nsapi.c +++ b/sapi/nsapi/nsapi.c @@ -414,9 +414,7 @@ PHP_FUNCTION(nsapi_request_headers) for (i=0; i < rc->rq->headers->hsize; i++) { entry=rc->rq->headers->ht[i]; while (entry) { - if (!PG(safe_mode) || strncasecmp(entry->param->name, "authorization", 13)) { - add_assoc_string(return_value, entry->param->name, entry->param->value, 1); - } + add_assoc_string(return_value, entry->param->name, entry->param->value, 1); entry=entry->next; } } @@ -676,24 +674,22 @@ static void sapi_nsapi_register_server_variables(zval *track_vars_array TSRMLS_D for (i=0; i < rc->rq->headers->hsize; i++) { entry=rc->rq->headers->ht[i]; while (entry) { - if (!PG(safe_mode) || strncasecmp(entry->param->name, "authorization", 13)) { - if (strcasecmp(entry->param->name, "content-length")==0 || strcasecmp(entry->param->name, "content-type")==0) { - value=estrdup(entry->param->name); - pos = 0; - } else { - spprintf(&value, 0, "HTTP_%s", entry->param->name); - pos = 5; - } - if (value) { - for(p = value + pos; *p; p++) { - *p = toupper(*p); - if (*p < 'A' || *p > 'Z') { - *p = '_'; - } + if (strcasecmp(entry->param->name, "content-length")==0 || strcasecmp(entry->param->name, "content-type")==0) { + value=estrdup(entry->param->name); + pos = 0; + } else { + spprintf(&value, 0, "HTTP_%s", entry->param->name); + pos = 5; + } + if (value) { + for(p = value + pos; *p; p++) { + *p = toupper(*p); + if (*p < 'A' || *p > 'Z') { + *p = '_'; } - php_register_variable(value, entry->param->value, track_vars_array TSRMLS_CC); - efree(value); } + php_register_variable(value, entry->param->value, track_vars_array TSRMLS_CC); + efree(value); } entry=entry->next; } @@ -1033,7 +1029,7 @@ int NSAPI_PUBLIC php5_execute(pblock *pb, Session *sn, Request *rq) nsapi_php_ini_entries(NSLS_C TSRMLS_CC); - if (!PG(safe_mode)) php_handle_auth_data(pblock_findval("authorization", rq->headers) TSRMLS_CC); + php_handle_auth_data(pblock_findval("authorization", rq->headers) TSRMLS_CC); file_handle.type = ZEND_HANDLE_FILENAME; file_handle.filename = SG(request_info).path_translated; diff --git a/win32/build/config.w32 b/win32/build/config.w32 index d876566e14..0bc2e96425 100644 --- a/win32/build/config.w32 +++ b/win32/build/config.w32 @@ -331,7 +331,7 @@ if (VCVERS == 1200) { AC_DEFINE('ZEND_DVAL_TO_LVAL_CAST_OK', 1); } -ADD_SOURCES("main", "main.c snprintf.c spprintf.c safe_mode.c getopt.c fopen_wrappers.c \ +ADD_SOURCES("main", "main.c snprintf.c spprintf.c getopt.c fopen_wrappers.c \ php_scandir.c php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c network.c \ php_open_temporary_file.c php_logos.c output.c internal_functions.c php_sprintf.c"); diff --git a/win32/build/config.w32.h.in b/win32/build/config.w32.h.in index 119e1c1112..fffa87634b 100644 --- a/win32/build/config.w32.h.in +++ b/win32/build/config.w32.h.in @@ -33,7 +33,6 @@ /* PHP Runtime Configuration */ #define PHP_URL_FOPEN 1 -#define PHP_SAFE_MODE 0 #define MAGIC_QUOTES 0 #define USE_CONFIG_FILE 1 #define DEFAULT_SHORT_OPEN_TAG "1" diff --git a/win32/install.txt b/win32/install.txt index 0368e918c8..a97be80deb 100644 --- a/win32/install.txt +++ b/win32/install.txt @@ -1488,7 +1488,7 @@ Running PHP as an Apache module Example 5-2. Apache configuration example php_value include_path ".:/usr/local/lib/php" - php_admin_flag safe_mode on + php_admin_flag engine on Caution -- cgit v1.2.1