summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKalle Sommer Nielsen <kalle@php.net>2010-04-26 23:53:30 (GMT)
committerKalle Sommer Nielsen <kalle@php.net>2010-04-26 23:53:30 (GMT)
commitdd8e59da8f5aafd9d77a0f1f17e5e272d09f643f (patch)
tree6c3e808cb0300c72f869478fbbc9dea69e5cf697
parent3c78ad763ebb0e09ad5524ba08fa6e83feffe102 (diff)
downloadphp-dd8e59da8f5aafd9d77a0f1f17e5e272d09f643f.tar.gz
Removed safe_mode
* Removed ini options, safe_mode* * Removed --enable-safe-mode --with-exec-dir configure options on Unix * Updated extensions, SAPI's and core * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
-rw-r--r--INSTALL8
-rw-r--r--Makefile.gcov4
-rw-r--r--Makefile.global2
-rw-r--r--NEWS3
-rw-r--r--configure.in24
-rw-r--r--ext/bz2/bz2.c6
-rwxr-xr-xext/com_dotnet/com_persist.c6
-rw-r--r--ext/curl/interface.c26
-rw-r--r--ext/curl/streams.c4
-rw-r--r--ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt4
-rw-r--r--ext/curl/tests/curl_setopt_basic001.phpt2
-rw-r--r--ext/dba/dba.c6
-rw-r--r--ext/dba/libflatfile/flatfile.c1
-rw-r--r--ext/dba/libinifile/inifile.c1
-rwxr-xr-xext/enchant/enchant.c4
-rw-r--r--ext/exif/exif.c4
-rw-r--r--ext/fileinfo/fileinfo.c9
-rw-r--r--ext/fileinfo/libmagic.patch18
-rw-r--r--ext/fileinfo/libmagic/apprentice.c6
-rw-r--r--ext/fileinfo/libmagic/cdf.c2
-rw-r--r--ext/fileinfo/libmagic/cdf.h2
-rw-r--r--ext/fileinfo/libmagic/magic.c2
-rw-r--r--ext/fileinfo/libmagic/readcdf.c2
-rw-r--r--ext/ftp/php_ftp.c18
-rw-r--r--ext/gd/gd.c4
-rw-r--r--ext/gd/php_gd.h10
-rw-r--r--ext/hash/hash.c6
-rw-r--r--ext/hash/hash_md.c2
-rw-r--r--ext/hash/hash_sha.c2
-rw-r--r--ext/imap/php_imap.c14
-rw-r--r--ext/libxml/libxml.c4
-rw-r--r--ext/mbstring/mbstring.c5
-rw-r--r--ext/mysql/php_mysql.c4
-rw-r--r--ext/mysql/tests/mysql_query_load_data_openbasedir.phpt1
-rw-r--r--ext/mysqli/mysqli_api.c4
-rw-r--r--ext/mysqlnd/mysqlnd_net.c4
-rw-r--r--ext/oci8/oci8.c7
-rw-r--r--ext/oci8/oci8_interface.c12
-rw-r--r--ext/oci8/oci8_lob.c2
-rw-r--r--ext/oci8/tests/oci8safemode.phpt2
-rw-r--r--ext/odbc/php_odbc.c7
-rw-r--r--ext/openssl/openssl.c37
-rwxr-xr-xext/pdo/pdo_dbh.c2
-rwxr-xr-xext/pdo_mysql/mysql_driver.c2
-rw-r--r--ext/pdo_sqlite/sqlite_driver.c9
-rw-r--r--ext/pgsql/pgsql.c10
-rw-r--r--ext/phar/phar.c6
-rwxr-xr-xext/phar/phar_object.c16
-rw-r--r--ext/phar/util.c4
-rw-r--r--ext/posix/posix.c9
-rw-r--r--ext/posix/tests/posix_access.phpt3
-rw-r--r--ext/posix/tests/posix_access_error_modes.phpt3
-rw-r--r--ext/posix/tests/posix_access_error_wrongparams.phpt3
-rw-r--r--ext/posix/tests/posix_access_safemode.phpt3
-rw-r--r--ext/posix/tests/posix_mkfifo_safemode.phpt3
-rw-r--r--ext/pspell/pspell.c13
-rw-r--r--ext/session/mod_files.c13
-rw-r--r--ext/session/session.c4
-rw-r--r--ext/soap/php_http.c2
-rw-r--r--ext/soap/php_xml.c2
-rwxr-xr-xext/spl/php_spl.c2
-rwxr-xr-xext/spl/spl_directory.c4
-rw-r--r--ext/sqlite/pdo_sqlite2.c7
-rw-r--r--ext/sqlite/sess_sqlite.c1
-rw-r--r--ext/sqlite/sqlite.c17
-rw-r--r--ext/sqlite3/sqlite3.c12
-rw-r--r--ext/sqlite3/tests/sqlite3_21_security.phpt2
-rw-r--r--ext/standard/basic_functions.c108
-rw-r--r--ext/standard/basic_functions.h8
-rw-r--r--ext/standard/dir.c13
-rw-r--r--ext/standard/dl.c3
-rw-r--r--ext/standard/exec.c42
-rw-r--r--ext/standard/file.c88
-rw-r--r--ext/standard/filestat.c57
-rw-r--r--ext/standard/fsock.c2
-rw-r--r--ext/standard/ftok.c4
-rw-r--r--ext/standard/head.c1
-rw-r--r--ext/standard/http_fopen_wrapper.c2
-rw-r--r--ext/standard/image.c2
-rw-r--r--ext/standard/iptc.c4
-rw-r--r--ext/standard/link.c21
-rw-r--r--ext/standard/link_win32.c11
-rw-r--r--ext/standard/mail.c10
-rw-r--r--ext/standard/md5.c2
-rw-r--r--ext/standard/pack.c1
-rw-r--r--ext/standard/proc_open.c81
-rw-r--r--ext/standard/sha1.c2
-rw-r--r--ext/standard/streamsfuncs.c4
-rw-r--r--ext/standard/tests/file/bug22414.phpt1
-rw-r--r--ext/standard/tests/general_functions/get_cfg_var_variation8.phpt40
-rw-r--r--ext/standard/tests/general_functions/putenv_error1.phpt2
-rw-r--r--ext/standard/tests/general_functions/putenv_error2.phpt2
-rw-r--r--ext/tidy/tidy.c9
-rw-r--r--ext/xmlwriter/php_xmlwriter.c2
-rw-r--r--ext/zip/php_zip.c16
-rw-r--r--ext/zip/php_zip.h8
-rw-r--r--ext/zip/zip_stream.c4
-rw-r--r--ext/zlib/zlib.c7
-rw-r--r--main/SAPI.c69
-rw-r--r--main/fopen_wrappers.c84
-rw-r--r--main/main.c121
-rw-r--r--main/network.c2
-rw-r--r--main/php.h3
-rw-r--r--main/php_globals.h6
-rw-r--r--main/php_ini.c4
-rwxr-xr-xmain/php_streams.h1
-rw-r--r--main/safe_mode.c276
-rw-r--r--main/safe_mode.h41
-rw-r--r--main/streams/plain_wrapper.c72
-rwxr-xr-xmain/streams/streams.c8
-rw-r--r--main/streams/userspace.c1
-rw-r--r--pear/Makefile.frag2
-rw-r--r--php.ini-development38
-rw-r--r--php.ini-production38
-rw-r--r--sapi/apache/mod_php5.c2
-rw-r--r--sapi/apache/php_apache.c11
-rw-r--r--sapi/apache2filter/sapi_apache2.c19
-rw-r--r--sapi/apache2handler/sapi_apache2.c19
-rw-r--r--sapi/apache_hooks/php_apache.c21
-rw-r--r--sapi/nsapi/nsapi.c36
-rw-r--r--win32/build/config.w322
-rw-r--r--win32/build/config.w32.h.in1
-rw-r--r--win32/install.txt2
123 files changed, 418 insertions, 1461 deletions
diff --git a/INSTALL b/INSTALL
index 7675ec0..3de5ca4 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1584,15 +1584,11 @@ Running PHP as an Apache module
Example 6-2. Apache configuration example
<IfModule mod_php5.c>
php_value include_path ".:/usr/local/lib/php"
- php_admin_flag safe_mode on
+ php_admin_flag engine on
</IfModule>
<IfModule mod_php4.c>
php_value include_path ".:/usr/local/lib/php"
- php_admin_flag safe_mode on
-</IfModule>
-<IfModule mod_php3.c>
- php3_include_path ".:/usr/local/lib/php"
- php3_safe_mode on
+ php_admin_flag engine on
</IfModule>
Caution
diff --git a/Makefile.gcov b/Makefile.gcov
index 01dad16..1181d3f 100644
--- a/Makefile.gcov
+++ b/Makefile.gcov
@@ -13,13 +13,13 @@ lcov-test: all
TEST_PHP_EXECUTABLE=$(PHP_EXECUTABLE) \
TEST_PHP_SRCDIR=$(top_srcdir) \
CC="$(CC)" \
- $(PHP_EXECUTABLE) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \
+ $(PHP_EXECUTABLE) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \
elif test ! -z "$(SAPI_CLI_PATH)" && test -x "$(SAPI_CLI_PATH)"; then \
NO_INTERACTION=1 \
TEST_PHP_EXECUTABLE=$(top_builddir)/$(SAPI_CLI_PATH) \
TEST_PHP_SRCDIR=$(top_srcdir) \
CC="$(CC)" \
- $(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \
+ $(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \
else \
echo "ERROR: Cannot run tests without CLI sapi."; \
fi
diff --git a/Makefile.global b/Makefile.global
index 10a3c56..7b0d87b 100644
--- a/Makefile.global
+++ b/Makefile.global
@@ -79,7 +79,7 @@ PHP_TEST_SHARED_EXTENSIONS = ` \
. $$i; $(top_srcdir)/build/shtool echo -n -- " -d $(ZEND_EXT_TYPE)=$(top_builddir)/modules/$$dlname"; \
done; \
fi`
-PHP_DEPRECATED_DIRECTIVES_REGEX = '^(safe_mode|magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*='
+PHP_DEPRECATED_DIRECTIVES_REGEX = '^(magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*='
test: all
-@if test ! -z "$(PHP_EXECUTABLE)" && test -x "$(PHP_EXECUTABLE)"; then \
diff --git a/NEWS b/NEWS
index fae2f6d..308dfeb 100644
--- a/NEWS
+++ b/NEWS
@@ -35,12 +35,13 @@
is present at compile time. (Rasmus)
- Removed legacy features:
+ . allow_call_time_pass_reference. (Pierrick)
. define_syslog_variables ini option and its associated function. (Kalle)
. highlight.bg ini option. (Kalle)
. import_request_variables(). (Kalle)
. register_globals. (Kalle)
- . allow_call_time_pass_reference. (Pierrick)
. register_long_arrays ini option. (Kalle)
+ . Safe mode. (Kalle)
. Session bug compatibility mode (session.bug_compat42 and
session.bug_compat_warn ini options). (Kalle)
. session_is_registered(), session_register() and session_unregister()
diff --git a/configure.in b/configure.in
index 3a9ff82..0ab2589 100644
--- a/configure.in
+++ b/configure.in
@@ -820,28 +820,6 @@ AC_MSG_RESULT([$PHP_CONFIG_FILE_SCAN_DIR])
test -n "$DEBUG_CFLAGS" && CFLAGS="$CFLAGS $DEBUG_CFLAGS"
-PHP_ARG_ENABLE(safe-mode, whether to enable safe mode by default,
-[ --enable-safe-mode Enable safe mode by default], no, no)
-
-if test "$PHP_SAFE_MODE" = "yes"; then
- AC_DEFINE(PHP_SAFE_MODE,1,[ ])
-else
- AC_DEFINE(PHP_SAFE_MODE,0,[ ])
-fi
-
-AC_MSG_CHECKING([for safe mode exec dir])
-PHP_ARG_WITH(exec-dir,,
-[ --with-exec-dir[=DIR] Only allow executables in DIR under safe-mode
- [/usr/local/php/bin]], no, no)
-
-if test "$PHP_EXEC_DIR" != "no" && test "$PHP_EXEC_DIR" != "yes" ; then
- AC_DEFINE_UNQUOTED(PHP_SAFE_MODE_EXEC_DIR, "$PHP_EXEC_DIR", [ ])
- AC_MSG_RESULT([$PHP_EXEC_DIR])
-else
- AC_DEFINE(PHP_SAFE_MODE_EXEC_DIR, "/usr/local/php/bin", [ ])
- AC_MSG_RESULT([/usr/local/php/bin])
-fi
-
PHP_ARG_ENABLE(sigchild, whether to enable PHP's own SIGCHLD handler,
[ --enable-sigchild Enable PHP's own SIGCHLD handler], no, no)
@@ -1410,7 +1388,7 @@ PHP_INSTALL_HEADERS([Zend/ TSRM/ include/ main/ main/streams/])
PHP_ADD_SOURCES(TSRM, TSRM.c tsrm_strtok_r.c tsrm_virtual_cwd.c)
PHP_ADD_SOURCES(main, main.c snprintf.c spprintf.c php_sprintf.c \
- safe_mode.c fopen_wrappers.c alloca.c php_scandir.c \
+ fopen_wrappers.c alloca.c php_scandir.c \
php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
network.c php_open_temporary_file.c php_logos.c \
diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c
index e5feaff..7f6f7db 100644
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@@ -219,7 +219,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
path_copy = path;
#endif
- if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) {
+ if (php_check_open_basedir(path_copy TSRMLS_CC)) {
return NULL;
}
@@ -233,7 +233,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
if (bz_file == NULL) {
/* that didn't work, so try and get something from the network/wrapper */
- stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
+ stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
if (stream) {
int fd;
@@ -386,7 +386,7 @@ static PHP_FUNCTION(bzopen)
stream = php_stream_bz2open(NULL,
Z_STRVAL_PP(file),
mode,
- ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ REPORT_ERRORS,
NULL);
} else if (Z_TYPE_PP(file) == IS_RESOURCE) {
/* If it is a resource, than its a stream resource */
diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c
index f14b167..cca51ec 100755
--- a/ext/com_dotnet/com_persist.c
+++ b/ext/com_dotnet/com_persist.c
@@ -386,8 +386,7 @@ CPH_METHOD(SaveToFile)
RETURN_FALSE;
}
- if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
- php_check_open_basedir(fullpath TSRMLS_CC)) {
+ if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
RETURN_FALSE;
}
@@ -449,8 +448,7 @@ CPH_METHOD(LoadFromFile)
RETURN_FALSE;
}
- if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
- php_check_open_basedir(fullpath TSRMLS_CC)) {
+ if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
RETURN_FALSE;
}
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 10331a5..cf8a389 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -10,7 +10,7 @@
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
- | license@php.net so we can mail you a copy immediately. |
+ | license@php.net so we can mail you 6 copy immediately. |
+----------------------------------------------------------------------+
| Author: Sterling Hughes <sterling@php.net> |
+----------------------------------------------------------------------+
@@ -169,8 +169,8 @@ static int php_curl_option_url(php_curl *ch, const char *url, const int len TSRM
#if LIBCURL_VERSION_NUM < 0x071100
char *copystr = NULL;
#endif
- /* Disable file:// if open_basedir or safe_mode are used */
- if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+ /* Disable file:// if open_basedir are used */
+ if (PG(open_basedir) && *PG(open_basedir)) {
#if LIBCURL_VERSION_NUM >= 0x071304
error = curl_easy_setopt(ch->cp, CURLOPT_PROTOCOLS, CURLPROTO_ALL & ~CURLPROTO_FILE);
#else
@@ -1664,8 +1664,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
convert_to_long_ex(zvalue);
#if LIBCURL_VERSION_NUM >= 0x71304
if ((option == CURLOPT_PROTOCOLS || option == CURLOPT_REDIR_PROTOCOLS) &&
- ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when in safe_mode or an open_basedir is set");
+ (PG(open_basedir) && *PG(open_basedir)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when an open_basedir is set");
RETVAL_FALSE;
return 1;
}
@@ -1674,9 +1674,9 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
break;
case CURLOPT_FOLLOWLOCATION:
convert_to_long_ex(zvalue);
- if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+ if (PG(open_basedir) && *PG(open_basedir)) {
if (Z_LVAL_PP(zvalue) != 0) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set");
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set");
RETVAL_FALSE;
return 1;
}
@@ -1728,7 +1728,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
option == CURLOPT_SSH_PUBLIC_KEYFILE || option == CURLOPT_SSH_PRIVATE_KEYFILE
) {
- if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}
@@ -1938,8 +1938,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
if ((filename = php_memnstr(postval, ";filename=", sizeof(";filename=") - 1, postval + Z_STRLEN_PP(current)))) {
*filename = '\0';
}
- /* safe_mode / open_basedir check */
- if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ /* open_basedir check */
+ if (php_check_open_basedir(postval TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}
@@ -2028,8 +2028,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
break;
}
- /* the following options deal with files, therefor safe_mode & open_basedir checks
- * are required.
+ /* the following options deal with files, therefore the open_basedir check
+ * is required.
*/
case CURLOPT_COOKIEJAR:
case CURLOPT_SSLCERT:
@@ -2041,7 +2041,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
convert_to_string_ex(zvalue);
- if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}
diff --git a/ext/curl/streams.c b/ext/curl/streams.c
index ce09b8a..f48fb04 100644
--- a/ext/curl/streams.c
+++ b/ext/curl/streams.c
@@ -395,7 +395,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
}
}
if (mr > 1) {
- if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+ if (PG(open_basedir) && *PG(open_basedir)) {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
} else {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
@@ -403,7 +403,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS, mr);
}
} else {
- if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+ if (PG(open_basedir) && *PG(open_basedir)) {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
} else {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
diff --git a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt b/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt
index c00e1d2..7a778f3 100644
--- a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt
+++ b/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt
@@ -1,5 +1,5 @@
--TEST--
-CURLOPT_FOLLOWLOCATION case check safe_mode and open_basedir
+CURLOPT_FOLLOWLOCATION case check open_basedir
--CREDITS--
WHITE new media architects - Dennis
--INI--
@@ -17,6 +17,6 @@ curl_close($ch);
var_dump($succes);
?>
--EXPECTF--
-Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when %r(safe_mode is enabled or an )?%ropen_basedir is set in %s.php on line %d
+Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s.php on line %d
bool(false)
diff --git a/ext/curl/tests/curl_setopt_basic001.phpt b/ext/curl/tests/curl_setopt_basic001.phpt
index 178fbf7..b8a28dd 100644
--- a/ext/curl/tests/curl_setopt_basic001.phpt
+++ b/ext/curl/tests/curl_setopt_basic001.phpt
@@ -6,7 +6,7 @@ Paul Sohier
--INI--
safe_mode=On
--SKIPIF--
-<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER')) print "skip"; ?>
+<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER') || PHP_VERSION_ID < 503099) print "skip"; ?>
--FILE--
<?php
diff --git a/ext/dba/dba.c b/ext/dba/dba.c
index 768f85f..3e710fd 100644
--- a/ext/dba/dba.c
+++ b/ext/dba/dba.c
@@ -838,7 +838,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
/* when in read only mode try to use existing .lck file first */
/* do not log errors for .lck file while in read ony mode on .lck file */
lock_file_mode = "rb";
- info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path);
+ info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|persistent_flag, &opened_path);
}
if (!info->lock.fp) {
/* when not in read mode or failed to open .lck file read only. now try again in create(write) mode and log errors */
@@ -853,7 +853,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
}
}
if (!info->lock.fp) {
- info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path);
+ info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, &opened_path);
if (info->lock.fp) {
if (lock_dbf) {
/* replace the path info with the real path of the opened file */
@@ -891,7 +891,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
if (info->lock.fp && lock_dbf) {
info->fp = info->lock.fp; /* use the same stream for locking and database access */
} else {
- info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, NULL);
+ info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, NULL);
}
if (!info->fp) {
dba_close(info TSRMLS_CC);
diff --git a/ext/dba/libflatfile/flatfile.c b/ext/dba/libflatfile/flatfile.c
index 4aadcce..50b84d2 100644
--- a/ext/dba/libflatfile/flatfile.c
+++ b/ext/dba/libflatfile/flatfile.c
@@ -27,7 +27,6 @@
#include "php.h"
#include "php_globals.h"
-#include "safe_mode.h"
#include <stdlib.h>
#include <string.h>
diff --git a/ext/dba/libinifile/inifile.c b/ext/dba/libinifile/inifile.c
index b40dd8c..4c85087 100644
--- a/ext/dba/libinifile/inifile.c
+++ b/ext/dba/libinifile/inifile.c
@@ -24,7 +24,6 @@
#include "php.h"
#include "php_globals.h"
-#include "safe_mode.h"
#include <stdlib.h>
#include <string.h>
diff --git a/ext/enchant/enchant.c b/ext/enchant/enchant.c
index c123e67..78ad035 100755
--- a/ext/enchant/enchant.c
+++ b/ext/enchant/enchant.c
@@ -587,7 +587,11 @@ PHP_FUNCTION(enchant_broker_request_pwl_dict)
RETURN_FALSE;
}
+#if PHP_API_VERSION < 20100412
if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) {
+#else
+ if (php_check_open_basedir(pwl TSRMLS_CC)) {
+#endif
RETURN_FALSE;
}
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 1f9789c..6a4fcc4 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3861,7 +3861,7 @@ static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_t
ImageInfo->motorola_intel = -1; /* flag as unknown */
- ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL);
+ ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH, NULL);
if (!ImageInfo->infile) {
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Unable to open file");
return FALSE;
@@ -4166,7 +4166,7 @@ PHP_FUNCTION(exif_imagetype)
return;
}
- stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+ stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|REPORT_ERRORS, NULL);
if (stream == NULL) {
RETURN_FALSE;
diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c
index e0e9868..75862e7 100644
--- a/ext/fileinfo/fileinfo.c
+++ b/ext/fileinfo/fileinfo.c
@@ -297,7 +297,11 @@ PHP_FUNCTION(finfo_open)
}
file = resolved_path;
+#if PHP_API_VERSION < 20100412
if ((PG(safe_mode) && (!php_checkuid(file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file TSRMLS_CC)) {
+#else
+ if (php_check_open_basedir(file TSRMLS_CC)) {
+#endif
RETURN_FALSE;
}
}
@@ -492,8 +496,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime
if (wrap) {
php_stream_context *context = php_stream_context_from_zval(zcontext, 0);
-
+#if PHP_API_VERSION < 20100412
php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+#else
+ php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context);
+#endif
if (!stream) {
RETVAL_FALSE;
diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch
index dc8e03f..276bb01 100644
--- a/ext/fileinfo/libmagic.patch
+++ b/ext/fileinfo/libmagic.patch
@@ -257,7 +257,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
+
+ TSRMLS_FETCH();
+
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
+ stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@@ -490,7 +490,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
goto error2;
- if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1)
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
+ stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@@ -647,7 +647,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
- if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) {
+/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
+ stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL);
@@ -799,7 +799,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c
break;
case CDF_FILETIME:
tp = info[i].pi_tp;
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
++#if defined(PHP_WIN32) && _MSC_VER <= 1500
+ if (tp < 1000000000000000i64) {
+#else
if (tp < 1000000000000000LL) {
@@ -822,7 +822,7 @@ diff -u libmagic.orig/cdf.h libmagic/cdf.h
typedef struct {
uint64_t h_magic;
-#define CDF_MAGIC 0xE11AB1A1E011CFD0LL
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
++#if defined(PHP_WIN32) && _MSC_VER <= 1500
+# define CDF_MAGIC 0xE11AB1A1E011CFD0i64
+#else
+# define CDF_MAGIC 0xE11AB1A1E011CFD0LL
@@ -2019,7 +2019,7 @@ diff -u libmagic.orig/magic.c libmagic/magic.c
+
+ if (!stream && inname) {
+ no_in_stream = 1;
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
+ stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL);
@@ -2392,7 +2392,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c
case CDF_FILETIME:
tp = info[i].pi_tp;
if (tp != 0) {
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
++#if defined(PHP_WIN32) && _MSC_VER <= 1500
+ if (tp < 1000000000000000i64) {
+#else
if (tp < 1000000000000000LL) {
@@ -2773,7 +2773,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
+
+ convert_libmagic_pattern(pattern, options);
+
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
+ if ((pce = pcre_get_compiled_regex_cache(Z_STRVAL_P(pattern), Z_STRLEN_P(pattern) TSRMLS_CC)) == NULL) {
#else
- pmatch[0].rm_so = 0;
@@ -2800,7 +2800,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
+ haystack = estrndup(ms->search.s, ms->search.s_len);
+
+ /* match v = 0, no match v = 1 */
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
+ php_pcre_match_impl(pce, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC);
+#else
+ php_pcre_match_impl(pce, IS_STRING, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC);
diff --git a/ext/fileinfo/libmagic/apprentice.c b/ext/fileinfo/libmagic/apprentice.c
index ffa2cb5..53fa8d5 100644
--- a/ext/fileinfo/libmagic/apprentice.c
+++ b/ext/fileinfo/libmagic/apprentice.c
@@ -597,7 +597,7 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs,
TSRMLS_FETCH();
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@@ -2041,7 +2041,7 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
if (dbname == NULL)
goto error2;
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@@ -2165,7 +2165,7 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp,
}
/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL);
diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c
index a3b4a11..a3f7022 100644
--- a/ext/fileinfo/libmagic/cdf.c
+++ b/ext/fileinfo/libmagic/cdf.c
@@ -1131,7 +1131,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count)
break;
case CDF_FILETIME:
tp = info[i].pi_tp;
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
if (tp < 1000000000000000i64) {
#else
if (tp < 1000000000000000LL) {
diff --git a/ext/fileinfo/libmagic/cdf.h b/ext/fileinfo/libmagic/cdf.h
index 1fa69cf..c056a82 100644
--- a/ext/fileinfo/libmagic/cdf.h
+++ b/ext/fileinfo/libmagic/cdf.h
@@ -42,7 +42,7 @@ typedef int32_t cdf_secid_t;
typedef struct {
uint64_t h_magic;
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
# define CDF_MAGIC 0xE11AB1A1E011CFD0i64
#else
# define CDF_MAGIC 0xE11AB1A1E011CFD0LL
diff --git a/ext/fileinfo/libmagic/magic.c b/ext/fileinfo/libmagic/magic.c
index 849896b..a8bf6d8 100644
--- a/ext/fileinfo/libmagic/magic.c
+++ b/ext/fileinfo/libmagic/magic.c
@@ -290,7 +290,7 @@ file_or_stream(struct magic_set *ms, const char *inname, php_stream *stream)
if (!stream && inname) {
no_in_stream = 1;
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL);
diff --git a/ext/fileinfo/libmagic/readcdf.c b/ext/fileinfo/libmagic/readcdf.c
index 56d6504..117dc78 100644
--- a/ext/fileinfo/libmagic/readcdf.c
+++ b/ext/fileinfo/libmagic/readcdf.c
@@ -110,7 +110,7 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info,
case CDF_FILETIME:
tp = info[i].pi_tp;
if (tp != 0) {
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
if (tp < 1000000000000000i64) {
#else
if (tp < 1000000000000000LL) {
diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c
index 0cd6d00..55fcf49 100644
--- a/ext/ftp/php_ftp.c
+++ b/ext/ftp/php_ftp.c
@@ -41,7 +41,7 @@
#include "php_ftp.h"
#include "ftp.h"
-static int le_ftpbuf;
+static int le_ftpbuf;
#define le_ftpbuf_name "FTP Buffer"
/* {{{ arginfo */
@@ -874,9 +874,9 @@ PHP_FUNCTION(ftp_get)
#endif
if (ftp->autoseek && resumepos) {
- outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL);
if (outstream == NULL) {
- outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
}
if (outstream != NULL) {
/* if autoresume is wanted seek to end */
@@ -888,7 +888,7 @@ PHP_FUNCTION(ftp_get)
}
}
} else {
- outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
}
if (outstream == NULL) {
@@ -935,9 +935,9 @@ PHP_FUNCTION(ftp_nb_get)
mode = FTPTYPE_IMAGE;
#endif
if (ftp->autoseek && resumepos) {
- outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL);
if (outstream == NULL) {
- outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
}
if (outstream != NULL) {
/* if autoresume is wanted seek to end */
@@ -949,7 +949,7 @@ PHP_FUNCTION(ftp_nb_get)
}
}
} else {
- outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
}
if (outstream == NULL) {
@@ -1131,7 +1131,7 @@ PHP_FUNCTION(ftp_put)
ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
XTYPE(xtype, mode);
- if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) {
+ if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) {
RETURN_FALSE;
}
@@ -1184,7 +1184,7 @@ PHP_FUNCTION(ftp_nb_put)
ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
XTYPE(xtype, mode);
- if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) {
+ if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) {
RETURN_FALSE;
}
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 7b4d780..a4d7cc6 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -1470,7 +1470,7 @@ PHP_FUNCTION(imageloadfont)
return;
}
- stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
+ stream = php_stream_open_wrapper(file, "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
if (stream == NULL) {
RETURN_FALSE;
}
@@ -2422,7 +2422,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type,
}
}
- stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+ stream = php_stream_open_wrapper(file, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
if (stream == NULL) {
RETURN_FALSE;
}
diff --git a/ext/gd/php_gd.h b/ext/gd/php_gd.h
index 10a18fb..7fbedbe 100644
--- a/ext/gd/php_gd.h
+++ b/ext/gd/php_gd.h
@@ -33,12 +33,10 @@
#if HAVE_LIBGD
/* open_basedir and safe_mode checks */
-#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \
- if (!filename || php_check_open_basedir(filename TSRMLS_CC) || \
- (PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR)) \
- ) { \
- php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \
- RETURN_FALSE; \
+#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \
+ if (!filename || php_check_open_basedir(filename TSRMLS_CC)) { \
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \
+ RETURN_FALSE; \
}
#define PHP_GDIMG_TYPE_GIF 1
diff --git a/ext/hash/hash.c b/ext/hash/hash.c
index 4c1222f..85d67f9 100644
--- a/ext/hash/hash.c
+++ b/ext/hash/hash.c
@@ -141,7 +141,7 @@ static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_
RETURN_FALSE;
}
if (isfilename) {
- stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT);
+ stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT);
if (!stream) {
/* Stream will report errors opening file */
RETURN_FALSE;
@@ -219,7 +219,7 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename,
RETURN_FALSE;
}
if (isfilename) {
- stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT);
+ stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT);
if (!stream) {
/* Stream will report errors opening file */
RETURN_FALSE;
@@ -453,7 +453,7 @@ PHP_FUNCTION(hash_update_file)
ZEND_FETCH_RESOURCE(hash, php_hash_data*, &zhash, -1, PHP_HASH_RESNAME, php_hash_le_hash);
context = php_stream_context_from_zval(zcontext, 0);
- stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, context);
+ stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS, NULL, context);
if (!stream) {
/* Stream will report errors opening file */
RETURN_FALSE;
diff --git a/ext/hash/hash_md.c b/ext/hash/hash_md.c
index b688b4e..fd0e3ef 100644
--- a/ext/hash/hash_md.c
+++ b/ext/hash/hash_md.c
@@ -148,7 +148,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file)
return;
}
- stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
+ stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
}
diff --git a/ext/hash/hash_sha.c b/ext/hash/hash_sha.c
index 6f873f2..3524c98 100644
--- a/ext/hash/hash_sha.c
+++ b/ext/hash/hash_sha.c
@@ -132,7 +132,7 @@ PHP_FUNCTION(sha1_file)
return;
}
- stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
+ stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
}
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 5432d84..5781eb2 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -1215,10 +1215,8 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
efree(IMAPG(imap_password));
}
- /* local filename, need to perform open_basedir and safe_mode checks */
- if (mailbox[0] != '{' &&
- (php_check_open_basedir(mailbox TSRMLS_CC) ||
- (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
+ /* local filename, need to perform open_basedir check */
+ if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -1292,10 +1290,8 @@ PHP_FUNCTION(imap_reopen)
mail_parameters(NIL, SET_MAXLOGINTRIALS, (void *) retries);
}
#endif
- /* local filename, need to perform open_basedir and safe_mode checks */
- if (mailbox[0] != '{' &&
- (php_check_open_basedir(mailbox TSRMLS_CC) ||
- (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
+ /* local filename, need to perform open_basedir check */
+ if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -2394,7 +2390,7 @@ PHP_FUNCTION(imap_savebody)
default:
convert_to_string_ex(out);
- writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+ writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS, NULL);
break;
}
diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
index d49f142..83e879d 100644
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -300,7 +300,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char
that the streams layer puts out at times, but for libxml we
may try to open files that don't exist, but it is not a failure
in xml processing (eg. DTD files) */
- wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC);
+ wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, 0 TSRMLS_CC);
if (wrapper && read_only && wrapper->wops->url_stat) {
if (wrapper->wops->url_stat(wrapper, path_to_open, PHP_STREAM_URL_STAT_QUIET, &ssbuf, NULL TSRMLS_CC) == -1) {
if (isescaped) {
@@ -314,7 +314,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char
context = zend_fetch_resource(&LIBXML(stream_context) TSRMLS_CC, -1, "Stream-Context", NULL, 1, php_le_stream_context());
}
- ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, context);
+ ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, REPORT_ERRORS, NULL, context);
if (isescaped) {
xmlFree(resolved_path);
}
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index 1291ce2..982c201 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -3862,11 +3862,6 @@ PHP_FUNCTION(mb_send_mail)
extern void mbfl_memory_device_unput(mbfl_memory_device *device);
char *pp, *ee;
- if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE.");
- RETURN_FALSE;
- }
-
/* initialize */
mbfl_memory_device_init(&device, 0, 0);
mbfl_string_init(&orig_str);
diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c
index 2c3085f..b948fd2 100644
--- a/ext/mysql/php_mysql.c
+++ b/ext/mysql/php_mysql.c
@@ -664,7 +664,11 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
}
/* disable local infile option for open_basedir */
+#if PHP_API_VERSION < 20100412
if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
+#else
+ if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') && (client_flags & CLIENT_LOCAL_FILES)) {
+#endif
client_flags ^= CLIENT_LOCAL_FILES;
}
diff --git a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
index a257f5f..ff62f42 100644
--- a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
+++ b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
@@ -26,7 +26,6 @@ if ($socket == "" && $host != NULL && $host != 'localhost' && $host != '.') {
}
?>
--INI--
-safe_mode=0
open_basedir="."
--FILE--
<?php
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 556b266..bd2cdcb 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -1674,7 +1674,11 @@ PHP_FUNCTION(mysqli_options)
}
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
+#if PHP_API_VERSION < 20100412
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
+#else
+ if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
+#endif
if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
RETURN_FALSE;
}
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index 4ade74b..2859c78 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -102,7 +102,11 @@ MYSQLND_METHOD(mysqlnd_net, network_write)(MYSQLND * const conn, const zend_ucha
static enum_func_status
MYSQLND_METHOD(mysqlnd_net, connect)(MYSQLND_NET * net, const char * const scheme, size_t scheme_len, zend_bool persistent, char **errstr, int * errcode TSRMLS_DC)
{
+#if PHP_API_VERSION < 20100412
unsigned int streams_options = ENFORCE_SAFE_MODE;
+#else
+ unsigned int streams_options = 0;
+#endif
unsigned int streams_flags = STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT;
char * hashed_details = NULL;
int hashed_details_len = 0;
diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c
index 74a3e00..0969263 100644
--- a/ext/oci8/oci8.c
+++ b/ext/oci8/oci8.c
@@ -1741,13 +1741,6 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled. Enable oci8.privileged_connect to be able to connect as SYSOPER or SYSDBA");
return NULL;
}
- /* Disable privileged connections in Safe Mode (N.b. safe mode has been removed in PHP
- * 6 anyway)
- */
- if (PG(safe_mode)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled in Safe Mode");
- return NULL;
- }
}
}
diff --git a/ext/oci8/oci8_interface.c b/ext/oci8/oci8_interface.c
index b12c8dc..2f01f27 100644
--- a/ext/oci8/oci8_interface.c
+++ b/ext/oci8/oci8_interface.c
@@ -918,16 +918,12 @@ PHP_FUNCTION(oci_lob_export)
/* nothing to write, fail silently */
RETURN_FALSE;
}
-
- if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
}
- stream = php_stream_open_wrapper_ex(filename, "w", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL);
+ stream = php_stream_open_wrapper_ex(filename, "w", REPORT_ERRORS, NULL, NULL);
block_length = PHP_OCI_LOB_BUFFER_SIZE;
if (block_length > length) {
@@ -1871,12 +1867,6 @@ PHP_FUNCTION(oci_password_change)
int user_len, pass_old_len, pass_new_len, dbname_len;
php_oci_connection *connection;
- /* Disable in Safe Mode */
- if (PG(safe_mode)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "is disabled in Safe Mode");
- RETURN_FALSE;
- }
-
if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &z_connection, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) {
PHP_OCI_ZVAL_TO_CONNECTION(z_connection, connection);
diff --git a/ext/oci8/oci8_lob.c b/ext/oci8/oci8_lob.c
index 2b87dbb..af13237 100644
--- a/ext/oci8/oci8_lob.c
+++ b/ext/oci8/oci8_lob.c
@@ -724,7 +724,7 @@ int php_oci_lob_import (php_oci_descriptor *descriptor, char *filename TSRMLS_DC
char buf[8192];
ub4 offset = 1;
- if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) {
+ if (php_check_open_basedir(filename TSRMLS_CC)) {
return 1;
}
diff --git a/ext/oci8/tests/oci8safemode.phpt b/ext/oci8/tests/oci8safemode.phpt
index 1c62f36..1faebce 100644
--- a/ext/oci8/tests/oci8safemode.phpt
+++ b/ext/oci8/tests/oci8safemode.phpt
@@ -1,7 +1,7 @@
--TEST--
Test functionality disabled in safe mode
--SKIPIF--
-<?php if (!extension_loaded('oci8')) die("skip no oci8 extension"); ?>
+<?php if (!extension_loaded('oci8')){ die("skip no oci8 extension"); } if (PHP_VERSION_ID < 503099){ die("skip: safe_mode no longer available"); } ?>
--INI--
safe_mode=On
oci8.privileged_connect=On
diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c
index 7274d74..ac8564a 100644
--- a/ext/odbc/php_odbc.c
+++ b/ext/odbc/php_odbc.c
@@ -1296,13 +1296,6 @@ PHP_FUNCTION(odbc_execute)
filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2);
filename[strlen(filename)] = '\0';
- /* Check for safe mode. */
- if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- efree(filename);
- efree(params);
- RETURN_FALSE;
- }
-
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
efree(filename);
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 42f40c8..9c01fc6 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -489,12 +489,9 @@ static void php_csr_free(zend_rsrc_list_entry *rsrc TSRMLS_DC)
}
/* }}} */
-/* {{{ openssl safe_mode & open_basedir checks */
-inline static int php_openssl_safe_mode_chk(char *filename TSRMLS_DC)
+/* {{{ openssl open_basedir check */
+inline static int php_openssl_open_base_dir_chk(char *filename TSRMLS_DC)
{
- if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return -1;
- }
if (php_check_open_basedir(filename TSRMLS_CC)) {
return -1;
}
@@ -774,7 +771,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
/* read in the oids */
str = CONF_get_string(req->req_config, NULL, "oid_file");
- if (str && !php_openssl_safe_mode_chk(str TSRMLS_CC)) {
+ if (str && !php_openssl_open_base_dir_chk(str TSRMLS_CC)) {
BIO *oid_bio = BIO_new_file(str, "r");
if (oid_bio) {
OBJ_create_objects(oid_bio);
@@ -1163,7 +1160,7 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * r
/* read cert from the named file */
BIO *in;
- if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) {
return NULL;
}
@@ -1219,7 +1216,7 @@ PHP_FUNCTION(openssl_x509_export_to_file)
return;
}
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
return;
}
@@ -1449,7 +1446,7 @@ static STACK_OF(X509) * load_all_certs_from_file(char *certfile)
goto end;
}
- if (php_openssl_safe_mode_chk(certfile TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(certfile TSRMLS_CC)) {
sk_X509_free(stack);
goto end;
}
@@ -1776,7 +1773,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "private key does not correspond to cert");
goto cleanup;
}
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
goto cleanup;
}
@@ -2178,7 +2175,7 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long
filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1);
}
if (filename) {
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
return NULL;
}
in = BIO_new_file(filename, "r");
@@ -2214,7 +2211,7 @@ PHP_FUNCTION(openssl_csr_export_to_file)
return;
}
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
return;
}
@@ -2692,7 +2689,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char *
BIO *in;
if (filename) {
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
TMP_CLEAN;
}
in = BIO_new_file(filename, "r");
@@ -2999,7 +2996,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
RETURN_FALSE;
}
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -3287,7 +3284,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
if (!store) {
goto clean_exit;
}
- if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
goto clean_exit;
}
@@ -3305,7 +3302,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
if (datafilename) {
- if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(datafilename TSRMLS_CC)) {
goto clean_exit;
}
@@ -3325,7 +3322,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
if (signersfilename) {
BIO *certout;
- if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(signersfilename TSRMLS_CC)) {
goto clean_exit;
}
@@ -3385,7 +3382,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
return;
- if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
return;
}
@@ -3544,7 +3541,7 @@ PHP_FUNCTION(openssl_pkcs7_sign)
goto clean_exit;
}
- if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
goto clean_exit;
}
@@ -3639,7 +3636,7 @@ PHP_FUNCTION(openssl_pkcs7_decrypt)
goto clean_exit;
}
- if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+ if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
goto clean_exit;
}
diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
index b5af492..c916dc0 100755
--- a/ext/pdo/pdo_dbh.c
+++ b/ext/pdo/pdo_dbh.c
@@ -187,7 +187,7 @@ static char *dsn_from_uri(char *uri, char *buf, size_t buflen TSRMLS_DC) /* {{{
php_stream *stream;
char *dsn = NULL;
- stream = php_stream_open_wrapper(uri, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+ stream = php_stream_open_wrapper(uri, "rb", REPORT_ERRORS, NULL);
if (stream) {
dsn = php_stream_get_line(stream, buf, buflen, NULL);
php_stream_close(stream);
diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c
index 1bb6d2a..be500da 100755
--- a/ext/pdo_mysql/mysql_driver.c
+++ b/ext/pdo_mysql/mysql_driver.c
@@ -649,7 +649,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
goto cleanup;
}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
#else
if (PG(open_basedir) && PG(open_basedir)[0] != '\0')
diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c
index 7ad7722..e0f53be 100644
--- a/ext/pdo_sqlite/sqlite_driver.c
+++ b/ext/pdo_sqlite/sqlite_driver.c
@@ -643,11 +643,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC)
return NULL;
}
- if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- efree(fullpath);
- return NULL;
- }
-
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
return NULL;
@@ -705,7 +700,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS
if (!filename) {
zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC,
- "safe_mode/open_basedir prohibits opening %s",
+ "open_basedir prohibits opening %s",
dbh->data_source);
goto cleanup;
}
@@ -718,7 +713,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS
goto cleanup;
}
- if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+ if (PG(open_basedir) && *PG(open_basedir)) {
sqlite3_set_authorizer(H->db, authorizer, NULL);
}
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 70e9d0b..064173f 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2879,7 +2879,7 @@ PHP_FUNCTION(pg_trace)
ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
- stream = php_stream_open_wrapper(z_filename, mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+ stream = php_stream_open_wrapper(z_filename, mode, REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
@@ -3338,10 +3338,6 @@ PHP_FUNCTION(pg_lo_import)
else {
WRONG_PARAM_COUNT;
}
-
- if (PG(safe_mode) &&(!php_checkuid(file_in, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
if (php_check_open_basedir(file_in TSRMLS_CC)) {
RETURN_FALSE;
@@ -3475,10 +3471,6 @@ PHP_FUNCTION(pg_lo_export)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Requires 2 or 3 arguments");
RETURN_FALSE;
}
-
- if (PG(safe_mode) &&(!php_checkuid(file_out, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
if (php_check_open_basedir(file_out TSRMLS_CC)) {
RETURN_FALSE;
diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index ab6c4d0..8224918 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1327,7 +1327,7 @@ int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int a
if (!pphar) {
pphar = &mydata;
}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
return FAILURE;
}
@@ -1491,7 +1491,7 @@ int phar_open_from_filename(char *fname, int fname_len, char *alias, int alias_l
} else if (error && *error) {
return FAILURE;
}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
return FAILURE;
}
@@ -2357,7 +2357,7 @@ int phar_open_executed_filename(char *alias, int alias_len, char **error TSRMLS_
FREE_ZVAL(halt_constant);
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
return FAILURE;
}
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 41ae46c..9b534dc 100755
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1754,7 +1754,7 @@ phar_spl_fileinfo:
return ZEND_HASH_APPLY_STOP;
}
}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "Iterator %v returned a path \"%s\" that safe mode prevents opening", ce->name, fname);
@@ -3943,7 +3943,7 @@ PHP_METHOD(Phar, addFile)
return;
}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, safe_mode restrictions prevent this", fname);
return;
@@ -4187,11 +4187,11 @@ PHP_METHOD(Phar, delMetadata)
}
}
/* }}} */
-#if (PHP_MAJOR_VERSION < 6)
-#define OPENBASEDIR_CHECKPATH(filename) \
+#if PHP_API_VERSION < 20100412
+#define PHAR_OPENBASEDIR_CHECKPATH(filename) \
(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
#else
-#define OPENBASEDIR_CHECKPATH(filename) \
+#define PHAR_OPENBASEDIR_CHECKPATH(filename) \
php_check_open_basedir(filename TSRMLS_CC)
#endif
@@ -4235,7 +4235,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
return FAILURE;
}
- if (OPENBASEDIR_CHECKPATH(fullpath)) {
+ if (PHAR_OPENBASEDIR_CHECKPATH(fullpath)) {
spprintf(error, 4096, "Cannot extract \"%s\" to \"%s\", openbasedir/safe mode restrictions in effect", entry->filename, fullpath);
efree(fullpath);
return FAILURE;
@@ -4285,7 +4285,11 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
return SUCCESS;
}
+#if PHP_API_VERSION < 20100412
fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+ fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
+#endif
if (!fp) {
spprintf(error, 4096, "Cannot extract \"%s\", could not open for writing \"%s\"", entry->filename, fullpath);
diff --git a/ext/phar/util.c b/ext/phar/util.c
index 0aa2bd7..985d9ac 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -201,7 +201,7 @@ int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len,
entry.tmp = estrndup(filename, filename_len);
}
}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && !is_phar && (!php_checkuid(entry.tmp, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
efree(entry.tmp);
efree(entry.filename);
@@ -850,7 +850,7 @@ int phar_open_archive_fp(phar_archive_data *phar TSRMLS_DC) /* {{{ */
if (phar_get_pharfp(phar TSRMLS_CC)) {
return SUCCESS;
}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(phar->fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
return FAILURE;
}
diff --git a/ext/posix/posix.c b/ext/posix/posix.c
index f030356..7212de3 100644
--- a/ext/posix/posix.c
+++ b/ext/posix/posix.c
@@ -840,8 +840,7 @@ PHP_FUNCTION(posix_mkfifo)
RETURN_FALSE;
}
- if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
- (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
+ if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -875,8 +874,7 @@ PHP_FUNCTION(posix_mknod)
RETURN_FALSE;
}
- if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
- (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
+ if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -961,8 +959,7 @@ PHP_FUNCTION(posix_access)
RETURN_FALSE;
}
- if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
- (PG(safe_mode) && (!php_checkuid_ex(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS)))) {
+ if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
efree(path);
POSIX_G(last_error) = EPERM;
RETURN_FALSE;
diff --git a/ext/posix/tests/posix_access.phpt b/ext/posix/tests/posix_access.phpt
index 1bd601a..08d9bf2 100644
--- a/ext/posix/tests/posix_access.phpt
+++ b/ext/posix/tests/posix_access.phpt
@@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
+if (PHP_VERSION_ID < 503099) {
+ die('SKIP Safe mode is no longer available.');
+}
?>
--INI--
safe_mode = 1
diff --git a/ext/posix/tests/posix_access_error_modes.phpt b/ext/posix/tests/posix_access_error_modes.phpt
index 0d79996..e79d243 100644
--- a/ext/posix/tests/posix_access_error_modes.phpt
+++ b/ext/posix/tests/posix_access_error_modes.phpt
@@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
+if (PHP_VERSION_ID < 503099) {
+ die('SKIP Safe mode is no longer available.');
+}
?>
--INI--
safe_mode = 1
diff --git a/ext/posix/tests/posix_access_error_wrongparams.phpt b/ext/posix/tests/posix_access_error_wrongparams.phpt
index 7f938a8..882c43b 100644
--- a/ext/posix/tests/posix_access_error_wrongparams.phpt
+++ b/ext/posix/tests/posix_access_error_wrongparams.phpt
@@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
+if (PHP_VERSION_ID < 503099) {
+ die('SKIP Safe mode is no longer available.');
+}
?>
--INI--
safe_mode = 1
diff --git a/ext/posix/tests/posix_access_safemode.phpt b/ext/posix/tests/posix_access_safemode.phpt
index 1e156f9..e346149 100644
--- a/ext/posix/tests/posix_access_safemode.phpt
+++ b/ext/posix/tests/posix_access_safemode.phpt
@@ -11,6 +11,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
+if (PHP_VERSION_ID < 503099) {
+ die('SKIP Safe mode is no longer available.');
+}
--INI--
safe_mode = 1
--FILE--
diff --git a/ext/posix/tests/posix_mkfifo_safemode.phpt b/ext/posix/tests/posix_mkfifo_safemode.phpt
index 9dbddc2..47caf5d 100644
--- a/ext/posix/tests/posix_mkfifo_safemode.phpt
+++ b/ext/posix/tests/posix_mkfifo_safemode.phpt
@@ -17,6 +17,9 @@ if (!extension_loaded('posix')) {
if (posix_geteuid() == 0) {
die('SKIP Cannot run test as root.');
}
+if (PHP_VERSION_ID < 503099) {
+ die('SKIP Safe mode is no longer available.');
+}
?>
--INI--
safe_mode = 1
diff --git a/ext/pspell/pspell.c b/ext/pspell/pspell.c
index 0d50818..bc4af64 100644
--- a/ext/pspell/pspell.c
+++ b/ext/pspell/pspell.c
@@ -402,11 +402,6 @@ static PHP_FUNCTION(pspell_new_personal)
}
#endif
- if (PG(safe_mode) && (!php_checkuid(personal, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- delete_pspell_config(config);
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(personal TSRMLS_CC)) {
delete_pspell_config(config);
RETURN_FALSE;
@@ -836,10 +831,6 @@ static void pspell_config_path(INTERNAL_FUNCTION_PARAMETERS, char *option)
PSPELL_FETCH_CONFIG;
- if (PG(safe_mode) && (!php_checkuid(value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(value TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -891,10 +882,6 @@ static PHP_FUNCTION(pspell_config_repl)
pspell_config_replace(config, "save-repl", "true");
- if (PG(safe_mode) && (!php_checkuid(repl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(repl TSRMLS_CC)) {
RETURN_FALSE;
}
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index acb1ea0..71584ce 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -171,20 +171,14 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
if (data->fd != -1) {
#ifndef PHP_WIN32
/* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */
- if (PG(safe_mode) || PG(open_basedir)) {
+ if (PG(open_basedir)) {
struct stat sbuf;
if (fstat(data->fd, &sbuf)) {
close(data->fd);
return;
}
- if (
- S_ISLNK(sbuf.st_mode) &&
- (
- php_check_open_basedir(buf TSRMLS_CC) ||
- (PG(safe_mode) && !php_checkuid(buf, NULL, CHECKUID_CHECK_FILE_AND_DIR))
- )
- ) {
+ if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
close(data->fd);
return;
}
@@ -274,9 +268,6 @@ PS_OPEN_FUNC(files)
/* if save path is an empty string, determine the temporary dir */
save_path = php_get_temporary_directory();
- if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return FAILURE;
- }
if (php_check_open_basedir(save_path TSRMLS_CC)) {
return FAILURE;
}
diff --git a/ext/session/session.c b/ext/session/session.c
index 03055cf..c7a23a5 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -567,10 +567,6 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
p = new_value;
}
- if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return FAILURE;
- }
-
if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) {
return FAILURE;
}
diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 6257e79..c3ad0e0 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -118,7 +118,7 @@ static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, ph
namelen = spprintf(&name, 0, "%s://%s:%d", (use_ssl && !*use_proxy)? "ssl" : "tcp", host, port);
stream = php_stream_xport_create(name, namelen,
- ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ REPORT_ERRORS,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
NULL /*persistent_id*/,
timeout,
diff --git a/ext/soap/php_xml.c b/ext/soap/php_xml.c
index af4f395..fa5a26b 100644
--- a/ext/soap/php_xml.c
+++ b/ext/soap/php_xml.c
@@ -179,7 +179,7 @@ int php_stream_xmlIO_match_wrapper(const char *filename)
void *php_stream_xmlIO_open_wrapper(const char *filename)
{
TSRMLS_FETCH();
- return php_stream_open_wrapper((char*)filename, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+ return php_stream_open_wrapper((char*)filename, "rb", REPORT_ERRORS, NULL);
}
int php_stream_xmlIO_read(void *context, char *buffer, int len)
diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c
index d83d5eb..663baec 100755
--- a/ext/spl/php_spl.c
+++ b/ext/spl/php_spl.c
@@ -231,7 +231,7 @@ static int spl_autoload(const char *class_name, const char * lc_name, int class_
class_file_len = spprintf(&class_file, 0, "%s%s", lc_name, file_extension);
- ret = php_stream_open_for_zend_ex(class_file, &file_handle, ENFORCE_SAFE_MODE|USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
+ ret = php_stream_open_for_zend_ex(class_file, &file_handle, USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
if (ret == SUCCESS) {
if (!file_handle.opened_path) {
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index 3b47374..9b114fc 100755
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -221,7 +221,7 @@ static void spl_filesystem_dir_open(spl_filesystem_object* intern, char *path TS
intern->type = SPL_FS_DIR;
intern->_path_len = strlen(path);
- intern->u.dir.dirp = php_stream_opendir(path, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+ intern->u.dir.dirp = php_stream_opendir(path, REPORT_ERRORS, NULL);
if (intern->_path_len > 1 && IS_SLASH_AT(path, intern->_path_len-1)) {
intern->_path = estrndup(path, --intern->_path_len);
@@ -245,7 +245,7 @@ static int spl_filesystem_file_open(spl_filesystem_object *intern, int use_inclu
{
intern->type = SPL_FS_FILE;
intern->u.file.context = php_stream_context_from_zval(intern->u.file.zcontext, 0);
- intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, intern->u.file.context);
+ intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, intern->u.file.context);
if (!intern->file_name_len || !intern->u.file.stream) {
if (!EG(exception)) {
diff --git a/ext/sqlite/pdo_sqlite2.c b/ext/sqlite/pdo_sqlite2.c
index 89f0520..3eeb1f2 100644
--- a/ext/sqlite/pdo_sqlite2.c
+++ b/ext/sqlite/pdo_sqlite2.c
@@ -522,11 +522,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC)
return NULL;
}
- if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- efree(fullpath);
- return NULL;
- }
-
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
return NULL;
@@ -585,7 +580,7 @@ static int pdo_sqlite2_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRML
if (!filename) {
zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC,
- "safe_mode/open_basedir prohibits opening %s",
+ "open_basedir prohibits opening %s",
dbh->data_source);
goto cleanup;
}
diff --git a/ext/sqlite/sess_sqlite.c b/ext/sqlite/sess_sqlite.c
index 37f0157..30ebc0e 100644
--- a/ext/sqlite/sess_sqlite.c
+++ b/ext/sqlite/sess_sqlite.c
@@ -42,7 +42,6 @@ PS_OPEN_FUNC(sqlite)
char *errmsg = NULL;
sqlite *db;
- /* TODO: do we need a safe_mode check here? */
db = sqlite_open(save_path, 0666, &errmsg);
if (db == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index 4017dc7..4c1b3f1 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -1066,9 +1066,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg
case SQLITE_COPY:
if (strncmp(arg4, ":memory:", sizeof(":memory:") - 1)) {
TSRMLS_FETCH();
- if (PG(safe_mode) && (!php_checkuid(arg4, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return SQLITE_DENY;
- }
if (php_check_open_basedir(arg4 TSRMLS_CC)) {
return SQLITE_DENY;
@@ -1079,9 +1076,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg
case SQLITE_ATTACH:
if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) {
TSRMLS_FETCH();
- if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return SQLITE_DENY;
- }
if (php_check_open_basedir(arg3 TSRMLS_CC)) {
return SQLITE_DENY;
@@ -1510,7 +1504,7 @@ static struct php_sqlite_db *php_sqlite_open(char *filename, int mode, char *per
/* authorizer hook so we can enforce safe mode
* Note: the declaration of php_sqlite_authorizer is correct for 2.8.2 of libsqlite,
* and IS backwards binary compatible with earlier versions */
- if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+ if (PG(open_basedir) && *PG(open_basedir)) {
sqlite_set_authorizer(sdb, php_sqlite_authorizer, NULL);
}
@@ -1566,8 +1560,7 @@ PHP_FUNCTION(sqlite_popen)
RETURN_FALSE;
}
- if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
- php_check_open_basedir(fullpath TSRMLS_CC)) {
+ if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
RETURN_FALSE;
}
@@ -1648,8 +1641,7 @@ PHP_FUNCTION(sqlite_open)
}
}
- if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
- php_check_open_basedir(fullpath TSRMLS_CC)) {
+ if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
zend_restore_error_handling(&error_handling TSRMLS_CC);
if (object) {
@@ -1697,8 +1689,7 @@ PHP_FUNCTION(sqlite_factory)
RETURN_NULL();
}
- if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
- php_check_open_basedir(fullpath TSRMLS_CC)) {
+ if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
zend_restore_error_handling(&error_handling TSRMLS_CC);
RETURN_NULL();
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 7f7bbe9..00364b0 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -120,11 +120,13 @@ PHP_METHOD(sqlite3, open)
return;
}
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "safe_mode prohibits opening %s", fullpath);
efree(fullpath);
return;
}
+#endif
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "open_basedir prohibits opening %s", fullpath);
@@ -158,7 +160,11 @@ PHP_METHOD(sqlite3, open)
}
#endif
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+#else
+ if (PG(open_basedir) && *PG(open_basedir)) {
+#endif
sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL);
}
@@ -1779,14 +1785,18 @@ static zend_function_entry php_sqlite3_result_class_methods[] = {
*/
static int php_sqlite3_authorizer(void *autharg, int access_type, const char *arg3, const char *arg4, const char *arg5, const char *arg6)
{
- TSRMLS_FETCH();
switch (access_type) {
case SQLITE_ATTACH:
{
if (strncmp(arg3, ":memory:", sizeof(":memory:")-1)) {
+ TSRMLS_FETCH();
+
+#if PHP_API_VERSION < 20100412
if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return SQLITE_DENY;
}
+#endif
+
if (php_check_open_basedir(arg3 TSRMLS_CC)) {
return SQLITE_DENY;
}
diff --git a/ext/sqlite3/tests/sqlite3_21_security.phpt b/ext/sqlite3/tests/sqlite3_21_security.phpt
index 5061a59..7e83bb2 100644
--- a/ext/sqlite3/tests/sqlite3_21_security.phpt
+++ b/ext/sqlite3/tests/sqlite3_21_security.phpt
@@ -1,5 +1,5 @@
--TEST--
-SQLite3 open_basedir / safe_mode checks
+SQLite3 open_basedir checks
--SKIPIF--
<?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
--INI--
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index 4555814..26c6d5a 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -34,7 +34,6 @@
#include "zend_operators.h"
#include "ext/standard/php_dns.h"
#include "ext/standard/php_uuencode.h"
-#include "safe_mode.h"
#ifdef PHP_WIN32
#include "win32/php_win32_globals.h"
@@ -3351,41 +3350,6 @@ const zend_function_entry basic_functions[] = { /* {{{ */
};
/* }}} */
-static PHP_INI_MH(OnUpdateSafeModeProtectedEnvVars) /* {{{ */
-{
- char *protected_vars, *protected_var;
- char *token_buf;
- int dummy = 1;
-
- protected_vars = estrndup(new_value, new_value_length);
- zend_hash_clean(&BG(sm_protected_env_vars));
-
- protected_var = php_strtok_r(protected_vars, ", ", &token_buf);
- while (protected_var) {
- zend_hash_update(&BG(sm_protected_env_vars), protected_var, strlen(protected_var), &dummy, sizeof(int), NULL);
- protected_var = php_strtok_r(NULL, ", ", &token_buf);
- }
- efree(protected_vars);
- return SUCCESS;
-}
-/* }}} */
-
-static PHP_INI_MH(OnUpdateSafeModeAllowedEnvVars) /* {{{ */
-{
- if (BG(sm_allowed_env_vars)) {
- free(BG(sm_allowed_env_vars));
- }
- BG(sm_allowed_env_vars) = zend_strndup(new_value, new_value_length);
- return SUCCESS;
-}
-/* }}} */
-
-PHP_INI_BEGIN() /* {{{ */
- PHP_INI_ENTRY_EX("safe_mode_protected_env_vars", SAFE_MODE_PROTECTED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeProtectedEnvVars, NULL)
- PHP_INI_ENTRY_EX("safe_mode_allowed_env_vars", SAFE_MODE_ALLOWED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeAllowedEnvVars, NULL)
-PHP_INI_END()
-/* }}} */
-
static const zend_module_dep standard_deps[] = { /* {{{ */
ZEND_MOD_OPTIONAL("session")
{NULL, NULL, NULL}
@@ -3462,8 +3426,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /*
BG(left) = -1;
BG(user_tick_functions) = NULL;
BG(user_filter_map) = NULL;
- zend_hash_init(&BG(sm_protected_env_vars), 5, NULL, NULL, 1);
- BG(sm_allowed_env_vars) = NULL;
memset(&BG(url_adapt_state_ex), 0, sizeof(BG(url_adapt_state_ex)));
@@ -3479,10 +3441,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /*
static void basic_globals_dtor(php_basic_globals *basic_globals_p TSRMLS_DC) /* {{{ */
{
- zend_hash_destroy(&BG(sm_protected_env_vars));
- if (BG(sm_allowed_env_vars)) {
- free(BG(sm_allowed_env_vars));
- }
if (BG(url_adapt_state_ex).tags) {
zend_hash_destroy(BG(url_adapt_state_ex).tags);
free(BG(url_adapt_state_ex).tags);
@@ -3594,8 +3552,6 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */
test_class_startup();
#endif
- REGISTER_INI_ENTRIES();
-
register_phpinfo_constants(INIT_FUNC_ARGS_PASSTHRU);
register_html_constants(INIT_FUNC_ARGS_PASSTHRU);
register_string_constants(INIT_FUNC_ARGS_PASSTHRU);
@@ -3676,8 +3632,6 @@ PHP_MSHUTDOWN_FUNCTION(basic) /* {{{ */
php_unregister_url_stream_wrapper("ftp" TSRMLS_CC);
#endif
- UNREGISTER_INI_ENTRIES();
-
PHP_MSHUTDOWN(browscap)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
PHP_MSHUTDOWN(array)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
PHP_MSHUTDOWN(assert)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
@@ -4061,39 +4015,6 @@ PHP_FUNCTION(putenv)
}
#endif
- if (PG(safe_mode)) {
- /* Check the protected list */
- if (zend_hash_exists(&BG(sm_protected_env_vars), pe.key, pe.key_len)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", pe.key);
- efree(pe.putenv_string);
- efree(pe.key);
- RETURN_FALSE;
- }
-
- /* Check the allowed list */
- if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) {
- char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars));
- char *strtok_buf = NULL;
- char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf);
- zend_bool allowed = 0;
-
- while (allowed_prefix) {
- if (!strncmp(allowed_prefix, pe.key, strlen(allowed_prefix))) {
- allowed = 1;
- break;
- }
- allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf);
- }
- efree(allowed_env_vars);
- if (!allowed) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", pe.key);
- efree(pe.putenv_string);
- efree(pe.key);
- RETURN_FALSE;
- }
- }
- }
-
zend_hash_del(&BG(putenv_ht), pe.key, pe.key_len+1);
/* find previous value */
@@ -4694,7 +4615,7 @@ PHPAPI int _php_error_log_ex(int opt_err, char *message, int message_len, char *
break;
case 3: /*save to a file */
- stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | REPORT_ERRORS, NULL);
if (!stream) {
return FAILURE;
}
@@ -5141,10 +5062,6 @@ PHP_FUNCTION(highlight_file)
RETURN_FALSE;
}
- if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -5391,18 +5308,14 @@ PHP_FUNCTION(ini_set)
}
#define _CHECK_PATH(var, var_len, ini) php_ini_check_path(var, var_len, ini, sizeof(ini))
- /* safe_mode & basedir check */
- if (PG(safe_mode) || PG(open_basedir)) {
+ /* open basedir check */
+ if (PG(open_basedir)) {
if (_CHECK_PATH(varname, varname_len, "error_log") ||
_CHECK_PATH(varname, varname_len, "java.class.path") ||
_CHECK_PATH(varname, varname_len, "java.home") ||
_CHECK_PATH(varname, varname_len, "mail.log") ||
_CHECK_PATH(varname, varname_len, "java.library.path") ||
_CHECK_PATH(varname, varname_len, "vpopmail.directory")) {
- if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- zval_dtor(return_value);
- RETURN_FALSE;
- }
if (php_check_open_basedir(new_value TSRMLS_CC)) {
zval_dtor(return_value);
RETURN_FALSE;
@@ -5410,17 +5323,6 @@ PHP_FUNCTION(ini_set)
}
}
- /* checks that ensure the user does not overwrite certain ini settings when safe_mode is enabled */
- if (PG(safe_mode)) {
- if (!strncmp("max_execution_time", varname, sizeof("max_execution_time")) ||
- !strncmp("memory_limit", varname, sizeof("memory_limit")) ||
- !strncmp("child_terminate", varname, sizeof("child_terminate"))
- ) {
- zval_dtor(return_value);
- RETURN_FALSE;
- }
- }
-
if (zend_alter_ini_entry_ex(varname, varname_len + 1, new_value, new_value_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME, 0 TSRMLS_CC) == FAILURE) {
zval_dtor(return_value);
RETURN_FALSE;
@@ -5797,10 +5699,6 @@ PHP_FUNCTION(move_uploaded_file)
RETURN_FALSE;
}
- if (PG(safe_mode) && (!php_checkuid(new_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(new_path TSRMLS_CC)) {
RETURN_FALSE;
}
diff --git a/ext/standard/basic_functions.h b/ext/standard/basic_functions.h
index e219006..b7b5264 100644
--- a/ext/standard/basic_functions.h
+++ b/ext/standard/basic_functions.h
@@ -175,9 +175,6 @@ typedef struct _php_basic_globals {
zend_llist *user_tick_functions;
zval *active_ini_file_section;
-
- HashTable sm_protected_env_vars;
- char *sm_allowed_env_vars;
/* pageinfo.c */
long page_uid;
@@ -240,11 +237,6 @@ typedef struct {
} putenv_entry;
#endif
-/* Values are comma-delimited
- */
-#define SAFE_MODE_PROTECTED_ENV_VARS "LD_LIBRARY_PATH"
-#define SAFE_MODE_ALLOWED_ENV_VARS "PHP_"
-
PHPAPI double php_get_nan(void);
PHPAPI double php_get_inf(void);
diff --git a/ext/standard/dir.c b/ext/standard/dir.c
index 25f6139..e2bf1ef 100644
--- a/ext/standard/dir.c
+++ b/ext/standard/dir.c
@@ -215,7 +215,7 @@ static void _php_do_opendir(INTERNAL_FUNCTION_PARAMETERS, int createobject)
context = php_stream_context_from_zval(zcontext, 0);
- dirp = php_stream_opendir(dirname, ENFORCE_SAFE_MODE|REPORT_ERRORS, context);
+ dirp = php_stream_opendir(dirname, REPORT_ERRORS, context);
if (dirp == NULL) {
RETURN_FALSE;
@@ -319,7 +319,7 @@ PHP_FUNCTION(chdir)
RETURN_FALSE;
}
- if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
+ if (php_check_open_basedir(str TSRMLS_CC)) {
RETURN_FALSE;
}
ret = VCWD_CHDIR(str);
@@ -481,7 +481,7 @@ PHP_FUNCTION(glob)
/* now catch the FreeBSD style of "no matches" */
if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
no_results:
- if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+ if (PG(open_basedir) && *PG(open_basedir)) {
struct stat s;
if (0 != VCWD_STAT(pattern, &s) || S_IFDIR != (s.st_mode & S_IFMT)) {
@@ -494,11 +494,8 @@ no_results:
array_init(return_value);
for (n = 0; n < globbuf.gl_pathc; n++) {
- if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
- if (PG(safe_mode) && (!php_checkuid_ex(globbuf.gl_pathv[n], NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS))) {
- basedir_limit = 1;
- continue;
- } else if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) {
+ if (PG(open_basedir) && *PG(open_basedir)) {
+ if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) {
basedir_limit = 1;
continue;
}
diff --git a/ext/standard/dl.c b/ext/standard/dl.c
index 8bb97d7..22e5fae 100644
--- a/ext/standard/dl.c
+++ b/ext/standard/dl.c
@@ -63,9 +63,6 @@ PHPAPI PHP_FUNCTION(dl)
if (!PG(enable_dl)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't enabled");
RETURN_FALSE;
- } else if (PG(safe_mode)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't allowed when running in Safe Mode");
- RETURN_FALSE;
}
if (filename_len >= MAXPATHLEN) {
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 5850026..5bca15d 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -22,7 +22,6 @@
#include "php.h"
#include <ctype.h>
#include "php_string.h"
-#include "safe_mode.h"
#include "ext/standard/head.h"
#include "ext/standard/file.h"
#include "basic_functions.h"
@@ -63,51 +62,21 @@ PHPAPI int php_exec(int type, char *cmd, zval *array, zval *return_value TSRMLS_
FILE *fp;
char *buf, *tmp=NULL;
int l = 0, pclose_return;
- char *cmd_p, *b, *c, *d=NULL;
+ char *b, *c, *d=NULL;
php_stream *stream;
size_t buflen, bufl = 0;
#if PHP_SIGCHILD
void (*sig_handler)() = NULL;
#endif
- if (PG(safe_mode)) {
- if ((c = strchr(cmd, ' '))) {
- *c = '\0';
- c++;
- }
- if (strstr(cmd, "..")) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path");
- goto err;
- }
-
- b = strrchr(cmd, PHP_DIR_SEPARATOR);
-
-#ifdef PHP_WIN32
- if (b && *b == '\\' && b == cmd) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path.");
- goto err;
- }
-#endif
-
- spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : ""));
- if (c) {
- *(c - 1) = ' ';
- }
- cmd_p = php_escape_shell_cmd(d);
- efree(d);
- d = cmd_p;
- } else {
- cmd_p = cmd;
- }
-
#if PHP_SIGCHILD
sig_handler = signal (SIGCHLD, SIG_DFL);
#endif
#ifdef PHP_WIN32
- fp = VCWD_POPEN(cmd_p, "rb");
+ fp = VCWD_POPEN(cmd, "rb");
#else
- fp = VCWD_POPEN(cmd_p, "r");
+ fp = VCWD_POPEN(cmd, "r");
#endif
if (!fp) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd);
@@ -484,11 +453,6 @@ PHP_FUNCTION(shell_exec)
return;
}
- if (PG(safe_mode)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute using backquotes in Safe Mode");
- RETURN_FALSE;
- }
-
#ifdef PHP_WIN32
if ((in=VCWD_POPEN(command, "rt"))==NULL) {
#else
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 704ef12..f21f1bb 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -70,7 +70,6 @@
#endif
#include "ext/standard/head.h"
-#include "safe_mode.h"
#include "php_string.h"
#include "file.h"
@@ -386,7 +385,7 @@ PHP_FUNCTION(get_meta_tags)
}
md.stream = php_stream_open_wrapper(filename, "rb",
- (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ (use_include_path ? USE_PATH : 0) | REPORT_ERRORS,
NULL);
if (!md.stream) {
RETURN_FALSE;
@@ -546,7 +545,7 @@ PHP_FUNCTION(file_get_contents)
context = php_stream_context_from_zval(zcontext, 0);
stream = php_stream_open_wrapper_ex(filename, "rb",
- (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ (use_include_path ? USE_PATH : 0) | REPORT_ERRORS,
NULL, context);
if (!stream) {
RETURN_FALSE;
@@ -615,7 +614,7 @@ PHP_FUNCTION(file_put_contents)
}
mode[2] = '\0';
- stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+ stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
if (stream == NULL) {
RETURN_FALSE;
}
@@ -750,7 +749,7 @@ PHP_FUNCTION(file)
context = php_stream_context_from_zval(zcontext, flags & PHP_FILE_NO_DEFAULT_CONTEXT);
- stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+ stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
if (!stream) {
RETURN_FALSE;
}
@@ -836,10 +835,6 @@ PHP_FUNCTION(tempnam)
return;
}
- if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(dir TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -896,7 +891,7 @@ PHP_NAMED_FUNCTION(php_if_fopen)
context = php_stream_context_from_zval(zcontext, 0);
- stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+ stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
if (stream == NULL) {
RETURN_FALSE;
@@ -942,7 +937,7 @@ PHP_FUNCTION(popen)
int command_len, mode_len;
FILE *fp;
php_stream *stream;
- char *posix_mode, *b, *buf = 0, *tmp;
+ char *posix_mode, *buf = 0;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &command, &command_len, &mode, &mode_len) == FAILURE) {
return;
@@ -957,49 +952,14 @@ PHP_FUNCTION(popen)
}
}
#endif
- if (PG(safe_mode)){
- b = strchr(command, ' ');
- if (!b) {
- b = strrchr(command, '/');
- } else {
- char *c;
-
- c = command;
- while((*b != '/') && (b != c)) {
- b--;
- }
- if (b == c) {
- b = NULL;
- }
- }
-
- if (b) {
- spprintf(&buf, 0, "%s%s", PG(safe_mode_exec_dir), b);
- } else {
- spprintf(&buf, 0, "%s/%s", PG(safe_mode_exec_dir), command);
- }
-
- tmp = php_escape_shell_cmd(buf);
- fp = VCWD_POPEN(tmp, posix_mode);
- efree(tmp);
-
- if (!fp) {
- php_error_docref2(NULL TSRMLS_CC, buf, posix_mode, E_WARNING, "%s", strerror(errno));
- efree(posix_mode);
- efree(buf);
- RETURN_FALSE;
- }
- efree(buf);
-
- } else {
- fp = VCWD_POPEN(command, posix_mode);
- if (!fp) {
- php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno));
- efree(posix_mode);
- RETURN_FALSE;
- }
+ fp = VCWD_POPEN(command, posix_mode);
+ if (!fp) {
+ php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno));
+ efree(posix_mode);
+ RETURN_FALSE;
}
+
stream = php_stream_fopen_from_pipe(fp, mode);
if (stream == NULL) {
@@ -1361,10 +1321,6 @@ PHPAPI int php_mkdir_ex(char *dir, long mode, int options TSRMLS_DC)
{
int ret;
- if (PG(safe_mode) && (!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return -1;
- }
-
if (php_check_open_basedir(dir TSRMLS_CC)) {
return -1;
}
@@ -1440,7 +1396,7 @@ PHP_FUNCTION(readfile)
context = php_stream_context_from_zval(zcontext, 0);
- stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+ stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
if (stream) {
size = php_stream_passthru(stream);
php_stream_close(stream);
@@ -1561,7 +1517,7 @@ PHP_FUNCTION(unlink)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s does not allow unlinking", wrapper->wops->label ? wrapper->wops->label : "Wrapper");
RETURN_FALSE;
}
- RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, ENFORCE_SAFE_MODE | REPORT_ERRORS, context TSRMLS_CC));
+ RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, REPORT_ERRORS, context TSRMLS_CC));
}
/* }}} */
@@ -1684,10 +1640,6 @@ PHP_FUNCTION(copy)
return;
}
- if (PG(safe_mode) &&(!php_checkuid(source, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(source TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -1704,13 +1656,13 @@ PHP_FUNCTION(copy)
PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC) /* {{{ */
{
- return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC);
+ return php_copy_file_ex(src, dest, 0 TSRMLS_CC);
}
/* }}} */
/* {{{ php_copy_file
*/
-PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC)
+PHPAPI int php_copy_file_ex(char *src, char *dest, int src_flg TSRMLS_DC)
{
php_stream *srcstream = NULL, *deststream = NULL;
int ret = FAILURE;
@@ -1781,13 +1733,13 @@ no_stat:
}
safe_to_copy:
- srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL);
+ srcstream = php_stream_open_wrapper(src, "rb", src_flg | REPORT_ERRORS, NULL);
if (!srcstream) {
return ret;
}
- deststream = php_stream_open_wrapper(dest, "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ deststream = php_stream_open_wrapper(dest, "wb", REPORT_ERRORS, NULL);
if (srcstream && deststream) {
ret = php_stream_copy_to_stream_ex(srcstream, deststream, PHP_STREAM_COPY_ALL, NULL);
@@ -2376,10 +2328,6 @@ PHP_FUNCTION(realpath)
}
if (VCWD_REALPATH(filename, resolved_path_buff)) {
- if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(resolved_path_buff TSRMLS_CC)) {
RETURN_FALSE;
}
diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c
index b38e6e7..ddb23bd 100644
--- a/ext/standard/filestat.c
+++ b/ext/standard/filestat.c
@@ -19,7 +19,6 @@
/* $Id$ */
#include "php.h"
-#include "safe_mode.h"
#include "fopen_wrappers.h"
#include "php_globals.h"
@@ -434,10 +433,6 @@ static void php_do_chgrp(INTERNAL_FUNCTION_PARAMETERS, int do_lchgrp) /* {{{ */
RETURN_FALSE;
}
- if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
- RETURN_FALSE;
- }
-
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
@@ -535,10 +530,6 @@ static void php_do_chown(INTERNAL_FUNCTION_PARAMETERS, int do_lchown) /* {{{ */
RETURN_FALSE;
}
- if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
- RETURN_FALSE;
- }
-
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
@@ -603,36 +594,12 @@ PHP_FUNCTION(chmod)
return;
}
- if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
- RETURN_FALSE;
- }
-
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
}
imode = (mode_t) mode;
- /* In safe mode, do not allow to setuid files.
- * Setuiding files could allow users to gain privileges
- * that safe mode doesn't give them. */
-
- if (PG(safe_mode)) {
- php_stream_statbuf ssb;
- if (php_stream_stat_path_ex(filename, 0, &ssb, NULL)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "stat failed for %s", filename);
- RETURN_FALSE;
- }
- if ((imode & 04000) != 0 && (ssb.sb.st_mode & 04000) == 0) {
- imode ^= 04000;
- }
- if ((imode & 02000) != 0 && (ssb.sb.st_mode & 02000) == 0) {
- imode ^= 02000;
- }
- if ((imode & 01000) != 0 && (ssb.sb.st_mode & 01000) == 0) {
- imode ^= 01000;
- }
- }
ret = VCWD_CHMOD(filename, imode);
if (ret == -1) {
@@ -680,11 +647,6 @@ PHP_FUNCTION(touch)
WRONG_PARAM_COUNT;
}
- /* Safe-mode */
- if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
-
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
@@ -771,28 +733,13 @@ PHPAPI void php_stat(const char *filename, php_stat_len filename_length, int typ
};
char *local;
php_stream_wrapper *wrapper;
- char safe_mode_buf[MAXPATHLEN];
if (!filename_length) {
RETURN_FALSE;
}
- if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper) {
- if (php_check_open_basedir(local TSRMLS_CC)) {
- RETURN_FALSE;
- } else if (PG(safe_mode)) {
- if (type == FS_IS_X) {
- if (strstr(local, "..")) {
- RETURN_FALSE;
- } else {
- char *b = strrchr(local, PHP_DIR_SEPARATOR);
- snprintf(safe_mode_buf, MAXPATHLEN, "%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : local));
- local = (char *)&safe_mode_buf;
- }
- } else if (!php_checkuid_ex(local, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS, CHECKUID_NO_ERRORS)) {
- RETURN_FALSE;
- }
- }
+ if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper && php_check_open_basedir(local TSRMLS_CC)) {
+ RETURN_FALSE;
}
if (IS_ACCESS_CHECK(type)) {
diff --git a/ext/standard/fsock.c b/ext/standard/fsock.c
index 7501dce..4e6ce12 100644
--- a/ext/standard/fsock.c
+++ b/ext/standard/fsock.c
@@ -76,7 +76,7 @@ static void php_fsockopen_stream(INTERNAL_FUNCTION_PARAMETERS, int persistent)
ZVAL_STRING(zerrstr, "", 1);
}
- stream = php_stream_xport_create(hostname, hostname_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ stream = php_stream_xport_create(hostname, hostname_len, REPORT_ERRORS,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, hashkey, &tv, NULL, &errstr, &err);
if (port > 0) {
diff --git a/ext/standard/ftok.c b/ext/standard/ftok.c
index 81d1c18..5ad73cf 100644
--- a/ext/standard/ftok.c
+++ b/ext/standard/ftok.c
@@ -47,9 +47,9 @@ PHP_FUNCTION(ftok)
if (proj_len != 1){
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Project identifier is invalid");
RETURN_LONG(-1);
- }
+ }
- if ((PG(safe_mode) && (!php_checkuid(pathname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pathname TSRMLS_CC)) {
+ if (php_check_open_basedir(pathname TSRMLS_CC)) {
RETURN_LONG(-1);
}
diff --git a/ext/standard/head.c b/ext/standard/head.c
index ac8c9b1..5b297b9 100644
--- a/ext/standard/head.c
+++ b/ext/standard/head.c
@@ -31,7 +31,6 @@
#endif
#include "php_globals.h"
-#include "safe_mode.h"
/* Implementation of the language Header() function */
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 6809845..c730d45 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -131,7 +131,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
Z_TYPE_PP(tmpzval) != IS_STRING ||
Z_STRLEN_PP(tmpzval) <= 0) {
php_url_free(resource);
- return php_stream_open_wrapper_ex(path, mode, ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+ return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
}
/* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
request_fulluri = 1;
diff --git a/ext/standard/image.c b/ext/standard/image.c
index df8cd4b..4ce8954 100644
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -1313,7 +1313,7 @@ PHP_FUNCTION(getimagesize)
array_init(*info);
}
- stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL);
+ stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH, NULL);
if (!stream) {
RETURN_FALSE;
diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c
index 2eb2fab..d863e3d 100644
--- a/ext/standard/iptc.c
+++ b/ext/standard/iptc.c
@@ -190,10 +190,6 @@ PHP_FUNCTION(iptcembed)
return;
}
- if (PG(safe_mode) && (!php_checkuid(jpeg_file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(jpeg_file TSRMLS_CC)) {
RETURN_FALSE;
}
diff --git a/ext/standard/link.c b/ext/standard/link.c
index 3d7cd8c..7029a20 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -47,7 +47,6 @@
#include <errno.h>
#include <ctype.h>
-#include "safe_mode.h"
#include "php_link.h"
#include "php_string.h"
@@ -64,10 +63,6 @@ PHP_FUNCTION(readlink)
return;
}
- if (PG(safe_mode) && !php_checkuid(link, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(link TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -144,14 +139,6 @@ PHP_FUNCTION(symlink)
RETURN_FALSE;
}
- if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
- if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -200,14 +187,6 @@ PHP_FUNCTION(link)
RETURN_FALSE;
}
- if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
- if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}
diff --git a/ext/standard/link_win32.c b/ext/standard/link_win32.c
index 3757507..ff4e33f 100644
--- a/ext/standard/link_win32.c
+++ b/ext/standard/link_win32.c
@@ -39,7 +39,6 @@
#include <errno.h>
#include <ctype.h>
-#include "safe_mode.h"
#include "php_link.h"
#include "php_string.h"
@@ -91,7 +90,7 @@ PHP_FUNCTION(readlink)
return;
}
- if (OPENBASEDIR_CHECKPATH(link)) {
+ if (php_check_open_basedir(link TSRMLS_CC)) {
RETURN_FALSE;
}
if (!expand_filepath(link, path_resolved TSRMLS_CC)) {
@@ -209,11 +208,11 @@ PHP_FUNCTION(symlink)
RETURN_FALSE;
}
- if (OPENBASEDIR_CHECKPATH(dest_p)) {
+ if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}
- if (OPENBASEDIR_CHECKPATH(source_p)) {
+ if (php_check_open_basedir(source_p TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -264,11 +263,11 @@ PHP_FUNCTION(link)
RETURN_FALSE;
}
- if (OPENBASEDIR_CHECKPATH(source_p)) {
+ if (php_check_open_basedir(source_p TSRMLS_CC)) {
RETURN_FALSE;
}
- if (OPENBASEDIR_CHECKPATH(dest_p)) {
+ if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}
diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 6d5435f..4f9254d 100644
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -41,7 +41,6 @@
#include "php_mail.h"
#include "php_ini.h"
-#include "safe_mode.h"
#include "exec.h"
#ifdef PHP_WIN32
@@ -105,14 +104,7 @@ PHP_FUNCTION(mail)
char *to_r, *subject_r;
char *p, *e;
- if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE");
- RETURN_FALSE;
- }
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len,
- &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE
- ) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE) {
return;
}
diff --git a/ext/standard/md5.c b/ext/standard/md5.c
index d7a905d..a5b0f9b 100644
--- a/ext/standard/md5.c
+++ b/ext/standard/md5.c
@@ -89,7 +89,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file)
return;
}
- stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
+ stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
}
diff --git a/ext/standard/pack.c b/ext/standard/pack.c
index 3271479..5888039 100644
--- a/ext/standard/pack.c
+++ b/ext/standard/pack.c
@@ -39,7 +39,6 @@
#include <sys/param.h>
#endif
#include "ext/standard/head.h"
-#include "safe_mode.h"
#include "php_string.h"
#include "pack.h"
#if HAVE_PWD_H
diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c
index 0d6ad5f..8c54277 100644
--- a/ext/standard/proc_open.c
+++ b/ext/standard/proc_open.c
@@ -28,7 +28,6 @@
#include <stdio.h>
#include <ctype.h>
#include "php_string.h"
-#include "safe_mode.h"
#include "ext/standard/head.h"
#include "ext/standard/basic_functions.h"
#include "ext/standard/file.h"
@@ -153,33 +152,6 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent
if (string_length == 0) {
continue;
}
- if (PG(safe_mode)) {
- /* Check the protected list */
- if (zend_hash_exists(&BG(sm_protected_env_vars), string_key, string_length - 1)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", string_key);
- return env;
- }
- /* Check the allowed list */
- if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) {
- char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars));
- char *strtok_buf = NULL;
- char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf);
- zend_bool allowed = 0;
-
- while (allowed_prefix) {
- if (!strncmp(allowed_prefix, string_key, strlen(allowed_prefix))) {
- allowed = 1;
- break;
- }
- allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf);
- }
- efree(allowed_env_vars);
- if (!allowed) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", string_key);
- return env;
- }
- }
- }
l = string_length + el_len + 1;
memcpy(p, string_key, string_length);
@@ -278,53 +250,6 @@ static void proc_open_rsrc_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC)
}
/* }}} */
-/* {{{ php_make_safe_mode_command */
-static int php_make_safe_mode_command(char *cmd, char **safecmd, int is_persistent TSRMLS_DC)
-{
- int lcmd, larg0;
- char *space, *sep, *arg0;
-
- if (!PG(safe_mode)) {
- *safecmd = pestrdup(cmd, is_persistent);
- return SUCCESS;
- }
-
- lcmd = strlen(cmd);
-
- arg0 = estrndup(cmd, lcmd);
-
- space = memchr(arg0, ' ', lcmd);
- if (space) {
- *space = '\0';
- larg0 = space - arg0;
- } else {
- larg0 = lcmd;
- }
-
- if (php_memnstr(arg0, "..", sizeof("..")-1, arg0 + larg0)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path");
- efree(arg0);
- return FAILURE;
- }
-
- sep = zend_memrchr(arg0, PHP_DIR_SEPARATOR, larg0);
-
- spprintf(safecmd, 0, "%s%s%s%s", PG(safe_mode_exec_dir), (sep ? sep : "/"), (sep ? "" : arg0), (space ? cmd + larg0 : ""));
-
- efree(arg0);
- arg0 = php_escape_shell_cmd(*safecmd);
- efree(*safecmd);
- if (is_persistent) {
- *safecmd = pestrdup(arg0, 1);
- efree(arg0);
- } else {
- *safecmd = arg0;
- }
-
- return SUCCESS;
-}
-/* }}} */
-
/* {{{ PHP_MINIT_FUNCTION(proc_open) */
PHP_MINIT_FUNCTION(proc_open)
{
@@ -541,9 +466,7 @@ PHP_FUNCTION(proc_open)
RETURN_FALSE;
}
- if (FAILURE == php_make_safe_mode_command(command, &command, is_persistent TSRMLS_CC)) {
- RETURN_FALSE;
- }
+ command = pestrdup(command, is_persistent);
#ifdef PHP_WIN32
if (other_options) {
@@ -695,7 +618,7 @@ PHP_FUNCTION(proc_open)
/* try a wrapper */
stream = php_stream_open_wrapper(Z_STRVAL_PP(zfile), Z_STRVAL_PP(zmode),
- ENFORCE_SAFE_MODE|REPORT_ERRORS|STREAM_WILL_CAST, NULL);
+ REPORT_ERRORS|STREAM_WILL_CAST, NULL);
/* force into an fd */
if (stream == NULL || FAILURE == php_stream_cast(stream,
diff --git a/ext/standard/sha1.c b/ext/standard/sha1.c
index 0a81f18..414018d 100644
--- a/ext/standard/sha1.c
+++ b/ext/standard/sha1.c
@@ -79,7 +79,7 @@ PHP_FUNCTION(sha1_file)
return;
}
- stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
+ stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
if (!stream) {
RETURN_FALSE;
}
diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c
index 170618f..3f44a5c 100644
--- a/ext/standard/streamsfuncs.c
+++ b/ext/standard/streamsfuncs.c
@@ -128,7 +128,7 @@ PHP_FUNCTION(stream_socket_client)
ZVAL_STRING(zerrstr, "", 1);
}
- stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ stream = php_stream_xport_create(host, host_len, REPORT_ERRORS,
STREAM_XPORT_CLIENT | (flags & PHP_STREAM_CLIENT_CONNECT ? STREAM_XPORT_CONNECT : 0) |
(flags & PHP_STREAM_CLIENT_ASYNC_CONNECT ? STREAM_XPORT_CONNECT_ASYNC : 0),
hashkey, &tv, context, &errstr, &err);
@@ -204,7 +204,7 @@ PHP_FUNCTION(stream_socket_server)
ZVAL_STRING(zerrstr, "", 1);
}
- stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ stream = php_stream_xport_create(host, host_len, REPORT_ERRORS,
STREAM_XPORT_SERVER | flags,
NULL, NULL, context, &errstr, &err);
diff --git a/ext/standard/tests/file/bug22414.phpt b/ext/standard/tests/file/bug22414.phpt
index 90e4c58..fcd8548 100644
--- a/ext/standard/tests/file/bug22414.phpt
+++ b/ext/standard/tests/file/bug22414.phpt
@@ -1,7 +1,6 @@
--TEST--
Bug #22414 (passthru() does not read data correctly)
--INI--
-safe_mode=
output_handler=
--FILE--
<?php
diff --git a/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt b/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt
index c22fdd0..2c79668 100644
--- a/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt
+++ b/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt
@@ -1,20 +1,20 @@
---TEST--
-Test function get_cfg_var() by calling deprecated option
---CREDITS--
-Francesco Fullone ff@ideato.it
-#PHPTestFest Cesena Italia on 2009-06-20
---INI--
-safe_mode=1
---SKIPIF--
-<?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?>
---FILE--
-<?php
-echo "*** Test by calling method or function with deprecated option ***\n";
-var_dump(get_cfg_var( 'safe_mode' ) );
-
-?>
---EXPECTF--
-Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in %s on line 0
-*** Test by calling method or function with deprecated option ***
-string(1) "1"
-
+--TEST--
+Test function get_cfg_var() by calling deprecated option
+--CREDITS--
+Francesco Fullone ff@ideato.it
+#PHPTestFest Cesena Italia on 2009-06-20
+--INI--
+magic_quotes_gpc=1
+--SKIPIF--
+<?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?>
+--FILE--
+<?php
+echo "*** Test by calling method or function with deprecated option ***\n";
+var_dump(get_cfg_var( 'magic_quotes_gpc' ) );
+
+?>
+--EXPECTF--
+Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in %s on line 0
+*** Test by calling method or function with deprecated option ***
+string(1) "1"
+
diff --git a/ext/standard/tests/general_functions/putenv_error1.phpt b/ext/standard/tests/general_functions/putenv_error1.phpt
index c4b49f3..6339a7c 100644
--- a/ext/standard/tests/general_functions/putenv_error1.phpt
+++ b/ext/standard/tests/general_functions/putenv_error1.phpt
@@ -5,6 +5,8 @@ Brian DeShong <brian@deshong.net>
--INI--
safe_mode=1
safe_mode_allowed_env_vars=TESTING_
+--SKIPIF--
+<?php if (PHP_VERSION_ID < 503099) { die('SKIP Safe mode is no longer available'); } ?>
--FILE--
<?php
putenv('FOO=bar');
diff --git a/ext/standard/tests/general_functions/putenv_error2.phpt b/ext/standard/tests/general_functions/putenv_error2.phpt
index 456a7ab..4df2c4f 100644
--- a/ext/standard/tests/general_functions/putenv_error2.phpt
+++ b/ext/standard/tests/general_functions/putenv_error2.phpt
@@ -5,6 +5,8 @@ Brian DeShong <brian@deshong.net>
--INI--
safe_mode=1
safe_mode_protected_env_vars=FOO,BAZ
+--SKIPIF--
+<?php if (PHP_VERSION_ID < 503099) { die('SKIP Safe mode is no longer available'); } ?>
--FILE--
<?php
putenv('FOO=bar');
diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c
index dfc15d9..85d9740 100644
--- a/ext/tidy/tidy.c
+++ b/ext/tidy/tidy.c
@@ -29,7 +29,6 @@
#include "php_ini.h"
#include "ext/standard/info.h"
-#include "safe_mode.h"
#include "tidy.h"
#include "buffio.h"
@@ -74,7 +73,7 @@
_php_tidy_apply_config_array(_doc, HASH_OF(*_val) TSRMLS_CC); \
} else { \
convert_to_string_ex(_val); \
- TIDY_SAFE_MODE_CHECK(Z_STRVAL_PP(_val)); \
+ TIDY_OPEN_BASE_DIR_CHECK(Z_STRVAL_PP(_val)); \
switch (tidyLoadConfig(_doc, Z_STRVAL_PP(_val))) { \
case -1: \
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not load configuration file '%s'", Z_STRVAL_PP(_val)); \
@@ -156,8 +155,8 @@
zend_hash_update(_table, #_key, sizeof(#_key), (void *)&tmp, sizeof(zval *), NULL); \
}
-#define TIDY_SAFE_MODE_CHECK(filename) \
-if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { \
+#define TIDY_OPEN_BASE_DIR_CHECK(filename) \
+if (php_check_open_basedir(filename TSRMLS_CC)) { \
RETURN_FALSE; \
} \
@@ -641,7 +640,7 @@ static char *php_tidy_file_to_mem(char *filename, zend_bool use_include_path, in
php_stream *stream;
char *data = NULL;
- if (!(stream = php_stream_open_wrapper(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE, NULL))) {
+ if (!(stream = php_stream_open_wrapper(filename, "rb", (use_include_path ? USE_PATH : 0), NULL))) {
return NULL;
}
if ((*len = (int) php_stream_copy_to_mem(stream, &data, PHP_STREAM_COPY_ALL, 0)) == 0) {
diff --git a/ext/xmlwriter/php_xmlwriter.c b/ext/xmlwriter/php_xmlwriter.c
index 55bb699..e26c6dc 100644
--- a/ext/xmlwriter/php_xmlwriter.c
+++ b/ext/xmlwriter/php_xmlwriter.c
@@ -679,7 +679,7 @@ static void *php_xmlwriter_streams_IO_open_write_wrapper(const char *filename TS
php_stream_wrapper *wrapper = NULL;
void *ret_val = NULL;
- ret_val = php_stream_open_wrapper_ex((char *)filename, "wb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, NULL);
+ ret_val = php_stream_open_wrapper_ex((char *)filename, "wb", REPORT_ERRORS, NULL, NULL);
return ret_val;
}
/* }}} */
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index a2b5892..ba89cce 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -184,7 +184,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
- if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
efree(file_dirname_fullpath);
efree(file_basename);
free(new_state.cwd);
@@ -238,7 +238,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
* is required, does a file can have a different
* safemode status as its parent folder?
*/
- if (OPENBASEDIR_CHECKPATH(fullpath)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(fullpath)) {
efree(fullpath);
efree(file_dirname_fullpath);
efree(file_basename);
@@ -255,7 +255,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
return 0;
}
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
#else
stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
@@ -288,7 +288,7 @@ static int php_zip_add_file(struct zip *za, const char *filename, int filename_l
char resolved_path[MAXPATHLEN];
- if (OPENBASEDIR_CHECKPATH(filename)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
return -1;
}
@@ -530,7 +530,7 @@ int php_zip_glob(char *pattern, int pattern_len, long flags, zval *return_value
/* we assume that any glob pattern will match files from one directory only
so checking the dirname of the first match should be sufficient */
strncpy(cwd, globbuf.gl_pathv[0], MAXPATHLEN);
- if (OPENBASEDIR_CHECKPATH(cwd)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(cwd)) {
return -1;
}
@@ -592,7 +592,7 @@ int php_zip_pcre(char *regexp, int regexp_len, char *path, int path_len, zval *r
}
#endif
- if (OPENBASEDIR_CHECKPATH(path)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(path)) {
return -1;
}
@@ -1163,7 +1163,7 @@ static PHP_NAMED_FUNCTION(zif_zip_open)
RETURN_FALSE;
}
- if (OPENBASEDIR_CHECKPATH(filename)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
@@ -1452,7 +1452,7 @@ static ZIPARCHIVE_METHOD(open)
RETURN_FALSE;
}
- if (OPENBASEDIR_CHECKPATH(filename)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
diff --git a/ext/zip/php_zip.h b/ext/zip/php_zip.h
index ac39a9a..1d5f9b3 100644
--- a/ext/zip/php_zip.h
+++ b/ext/zip/php_zip.h
@@ -43,12 +43,12 @@ extern zend_module_entry zip_module_entry;
# endif
#endif
-/* {{{ OPENBASEDIR_CHECKPATH(filename) */
-#if (PHP_MAJOR_VERSION < 6)
-# define OPENBASEDIR_CHECKPATH(filename) \
+/* {{{ ZIP_OPENBASEDIR_CHECKPATH(filename) */
+#if PHP_API_VERSION < 20100412
+# define ZIP_OPENBASEDIR_CHECKPATH(filename) \
(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
#else
-#define OPENBASEDIR_CHECKPATH(filename) \
+#define ZIP_OPENBASEDIR_CHECKPATH(filename) \
php_check_open_basedir(filename TSRMLS_CC)
#endif
/* }}} */
diff --git a/ext/zip/zip_stream.c b/ext/zip/zip_stream.c
index bb676ef..c535dd4 100644
--- a/ext/zip/zip_stream.c
+++ b/ext/zip/zip_stream.c
@@ -120,7 +120,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D
}
if (filename) {
- if (OPENBASEDIR_CHECKPATH(filename)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
return NULL;
}
@@ -201,7 +201,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper,
php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
fragment++;
- if (OPENBASEDIR_CHECKPATH(file_dirname)) {
+ if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname)) {
efree(file_basename);
return NULL;
}
diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
index 69c05bb..af23b29 100644
--- a/ext/zlib/zlib.c
+++ b/ext/zlib/zlib.c
@@ -44,7 +44,6 @@
#endif
#include "ext/standard/head.h"
-#include "safe_mode.h"
#include "ext/standard/php_standard.h"
#include "ext/standard/info.h"
#include "php_zlib.h"
@@ -373,7 +372,7 @@ static PHP_FUNCTION(gzfile)
use_include_path = flags ? USE_PATH : 0;
/* using a stream here is a bit more efficient (resource wise) than php_gzopen_wrapper */
- stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
+ stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
if (stream == NULL) {
/* Error reporting is already done by stream code */
RETURN_FALSE;
@@ -415,7 +414,7 @@ static PHP_FUNCTION(gzopen)
use_include_path = flags ? USE_PATH : 0;
- stream = php_stream_gzopen(NULL, filename, mode, use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
+ stream = php_stream_gzopen(NULL, filename, mode, use_include_path | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
if (!stream) {
RETURN_FALSE;
@@ -444,7 +443,7 @@ static PHP_FUNCTION(readgzfile)
use_include_path = flags ? USE_PATH : 0;
- stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE, NULL, NULL STREAMS_CC TSRMLS_CC);
+ stream = php_stream_gzopen(NULL, filename, "rb", use_include_path, NULL, NULL STREAMS_CC TSRMLS_CC);
if (!stream) {
RETURN_FALSE;
}
diff --git a/main/SAPI.c b/main/SAPI.c
index 4cc5b85..22012d6 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -674,75 +674,12 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
}
}
} else if (!STRCASECMP(header_line, "WWW-Authenticate")) { /* HTTP Authentication */
-
sapi_update_response_code(401 TSRMLS_CC); /* authentication-required */
- if(PG(safe_mode))
-#if (HAVE_PCRE || HAVE_BUNDLED_PCRE) && !defined(COMPILE_DL_PCRE)
- {
- zval *repl_temp;
- char *ptr = colon_offset+1, *result, *newheader;
- int ptr_len=0, result_len = 0, newlen = 0;
-
- /* skip white space */
- while (isspace(*ptr)) {
- ptr++;
- }
+ myuid = php_getuid(TSRMLS_C);
+ efree(header_line);
- myuid = php_getuid(TSRMLS_C);
-
- ptr_len = strlen(ptr);
- MAKE_STD_ZVAL(repl_temp);
- Z_TYPE_P(repl_temp) = IS_STRING;
- Z_STRLEN_P(repl_temp) = spprintf(&Z_STRVAL_P(repl_temp), 0, "realm=\"\\1-%ld\"", myuid);
- /* Modify quoted realm value */
- result = php_pcre_replace("/realm=\"(.*?)\"/i", 16,
- ptr, ptr_len,
- repl_temp,
- 0, &result_len, -1, NULL TSRMLS_CC);
- if(result_len==ptr_len) {
- efree(result);
- efree(Z_STRVAL_P(repl_temp));
- Z_STRLEN_P(repl_temp) = spprintf(&Z_STRVAL_P(repl_temp), 0, "realm=\\1-%ld\\2", myuid);
- /* modify unquoted realm value */
- result = php_pcre_replace("/realm=([^\\s]+)(.*)/i", 21,
- ptr, ptr_len,
- repl_temp,
- 0, &result_len, -1, NULL TSRMLS_CC);
- if(result_len==ptr_len) {
- char *lower_temp = estrdup(ptr);
- char conv_temp[32];
- int conv_len;
-
- php_strtolower(lower_temp,strlen(lower_temp));
- /* If there is no realm string at all, append one */
- if(!strstr(lower_temp,"realm")) {
- efree(result);
- conv_len = slprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
- result = emalloc(ptr_len+conv_len+1);
- result_len = ptr_len+conv_len;
- memcpy(result, ptr, ptr_len);
- memcpy(result+ptr_len, conv_temp, conv_len);
- *(result+ptr_len+conv_len) = '\0';
- }
- efree(lower_temp);
- }
- }
- newlen = spprintf(&newheader, 0, "WWW-Authenticate: %s", result);
- efree(header_line);
- sapi_header.header = newheader;
- sapi_header.header_len = newlen;
- efree(result);
- efree(Z_STRVAL_P(repl_temp));
- efree(repl_temp);
- }
-#else
- {
- myuid = php_getuid();
- efree(header_line);
- sapi_header.header_len = spprintf(&sapi_header.header, 0, "WWW-Authenticate: Basic realm=\"%ld\"", myuid);
- }
-#endif
+ sapi_header.header_len = spprintf(&sapi_header.header, 0, "WWW-Authenticate: Basic realm=\"%ld\"", myuid);
}
if (sapi_header.header==header_line) {
*colon_offset = ':';
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index 70ae442..646ed9c 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -39,7 +39,6 @@
#include <sys/param.h>
#endif
-#include "safe_mode.h"
#include "ext/standard/head.h"
#include "ext/standard/php_standard.h"
#include "zend_compile.h"
@@ -312,55 +311,6 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
}
/* }}} */
-/* {{{ php_check_safe_mode_include_dir
- */
-PHPAPI int php_check_safe_mode_include_dir(const char *path TSRMLS_DC)
-{
- if (PG(safe_mode)) {
- if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) {
- char *pathbuf;
- char *ptr;
- char *end;
- char resolved_name[MAXPATHLEN];
-
- /* Resolve the real path into resolved_name */
- if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) {
- return -1;
- }
- pathbuf = estrdup(PG(safe_mode_include_dir));
- ptr = pathbuf;
-
- while (ptr && *ptr) {
- end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
- if (end != NULL) {
- *end = '\0';
- end++;
- }
-
- /* Check the path */
-#ifdef PHP_WIN32
- if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0)
-#else
- if (strncmp(ptr, resolved_name, strlen(ptr)) == 0)
-#endif
- {
- /* File is in the right directory */
- efree(pathbuf);
- return 0;
- }
-
- ptr = end;
- }
- efree(pathbuf);
- }
- return -1;
- }
-
- /* Nothing to check... */
- return 0;
-}
-/* }}} */
-
/* {{{ php_fopen_and_set_opened_path
*/
static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, char **opened_path TSRMLS_DC)
@@ -650,7 +600,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
char *pathbuf, *ptr, *end;
char *exec_fname;
char trypath[MAXPATHLEN];
- struct stat sb;
FILE *fp;
int path_length;
int filename_length;
@@ -668,33 +617,15 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
/* Relative path open */
if (*filename == '.') {
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
- /*
- * files in safe_mode_include_dir (or subdir) are excluded from
- * safe mode GID/UID checks
- */
-
/* Absolute path open */
if (IS_ABSOLUTE_PATH(filename, filename_length)) {
- if (php_check_safe_mode_include_dir(filename TSRMLS_CC) == 0) {
- /* filename is in safe_mode_include_dir (or subdir) */
- return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
- }
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
if (!path || (path && !*path)) {
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
@@ -733,21 +664,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) {
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN);
}
- if (PG(safe_mode)) {
- if (VCWD_STAT(trypath, &sb) == 0) {
- /* file exists ... check permission */
- if (php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0 ||
- php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)
- ) {
- /* UID ok, or trypath is in safe_mode_include_dir */
- fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
- } else {
- fp = NULL;
- }
- efree(pathbuf);
- return fp;
- }
- }
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
if (fp) {
efree(pathbuf);
diff --git a/main/main.c b/main/main.c
index 41496d2..3de188e 100644
--- a/main/main.c
+++ b/main/main.c
@@ -352,14 +352,9 @@ static PHP_INI_MH(OnUpdateErrorLog)
{
/* Only do the safemode/open_basedir check at runtime */
if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && new_value && strcmp(new_value, "syslog")) {
- if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return FAILURE;
- }
-
if (PG(open_basedir) && php_check_open_basedir(new_value TSRMLS_CC)) {
return FAILURE;
}
-
}
OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
return SUCCESS;
@@ -372,14 +367,9 @@ static PHP_INI_MH(OnUpdateMailLog)
{
/* Only do the safemode/open_basedir check at runtime */
if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && new_value) {
- if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return FAILURE;
- }
-
if (PG(open_basedir) && php_check_open_basedir(new_value TSRMLS_CC)) {
return FAILURE;
}
-
}
OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
return SUCCESS;
@@ -399,10 +389,7 @@ static PHP_INI_MH(OnChangeMailForceExtra)
/* }}} */
-/* Need to convert to strings and make use of:
- * PHP_SAFE_MODE
- *
- * Need to be read from the environment (?):
+/* Need to be read from the environment (?):
* PHP_AUTO_PREPEND_FILE
* PHP_AUTO_APPEND_FILE
* PHP_DOCUMENT_ROOT
@@ -410,10 +397,6 @@ static PHP_INI_MH(OnChangeMailForceExtra)
* PHP_INCLUDE_PATH
*/
-#ifndef PHP_SAFE_MODE_EXEC_DIR
-# define PHP_SAFE_MODE_EXEC_DIR ""
-#endif
-
/* Windows and Netware use the internal mail */
#if defined(PHP_WIN32) || defined(NETWARE)
# define DEFAULT_SENDMAIL_PATH NULL
@@ -458,13 +441,6 @@ PHP_INI_BEGIN()
STD_PHP_INI_ENTRY("output_handler", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("register_argc_argv", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("auto_globals_jit", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, auto_globals_jit, php_core_globals, core_globals)
-#if PHP_SAFE_MODE
- STD_PHP_INI_BOOLEAN("safe_mode", "1", PHP_INI_SYSTEM, OnUpdateBool, safe_mode, php_core_globals, core_globals)
-#else
- STD_PHP_INI_BOOLEAN("safe_mode", "0", PHP_INI_SYSTEM, OnUpdateBool, safe_mode, php_core_globals, core_globals)
-#endif
- STD_PHP_INI_ENTRY("safe_mode_include_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, safe_mode_include_dir, php_core_globals, core_globals)
- STD_PHP_INI_BOOLEAN("safe_mode_gid", "0", PHP_INI_SYSTEM, OnUpdateBool, safe_mode_gid, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("short_open_tag", DEFAULT_SHORT_OPEN_TAG, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, short_tags, zend_compiler_globals, compiler_globals)
STD_PHP_INI_BOOLEAN("sql.safe_mode", "0", PHP_INI_SYSTEM, OnUpdateBool, sql_safe_mode, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("track_errors", "0", PHP_INI_ALL, OnUpdateBool, track_errors, php_core_globals, core_globals)
@@ -484,7 +460,6 @@ PHP_INI_BEGIN()
STD_PHP_INI_ENTRY("include_path", PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty, include_path, php_core_globals, core_globals)
PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout)
STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir, open_basedir, php_core_globals, core_globals)
- STD_PHP_INI_ENTRY("safe_mode_exec_dir", PHP_SAFE_MODE_EXEC_DIR, PHP_INI_SYSTEM, OnUpdateString, safe_mode_exec_dir, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("file_uploads", "1", PHP_INI_SYSTEM, OnUpdateBool, file_uploads, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("upload_max_filesize", "2M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, upload_max_filesize, php_core_globals, core_globals)
@@ -1117,6 +1092,70 @@ static void php_error_cb(int type, const char *error_filename, const uint error_
}
/* }}} */
+/* {{{ php_get_current_user
+ */
+PHPAPI char *php_get_current_user(void)
+{
+ struct stat *pstat;
+ TSRMLS_FETCH();
+
+ if (SG(request_info).current_user) {
+ return SG(request_info).current_user;
+ }
+
+ /* FIXME: I need to have this somehow handled if
+ USE_SAPI is defined, because cgi will also be
+ interfaced in USE_SAPI */
+
+ pstat = sapi_get_stat(TSRMLS_C);
+
+ if (!pstat) {
+ return "";
+ } else {
+#ifdef PHP_WIN32
+ char name[256];
+ DWORD len = sizeof(name)-1;
+
+ if (!GetUserName(name, &len)) {
+ return "";
+ }
+ name[len] = '\0';
+ SG(request_info).current_user_length = len;
+ SG(request_info).current_user = estrndup(name, len);
+ return SG(request_info).current_user;
+#else
+ struct passwd *pwd;
+#if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX)
+ struct passwd _pw;
+ struct passwd *retpwptr = NULL;
+ int pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ char *pwbuf;
+
+ if (pwbuflen < 1) {
+ return "";
+ }
+ pwbuf = emalloc(pwbuflen);
+ if (getpwuid_r(pstat->st_uid, &_pw, pwbuf, pwbuflen, &retpwptr) != 0) {
+ efree(pwbuf);
+ return "";
+ }
+ pwd = &_pw;
+#else
+ if ((pwd=getpwuid(pstat->st_uid))==NULL) {
+ return "";
+ }
+#endif
+ SG(request_info).current_user_length = strlen(pwd->pw_name);
+ SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length);
+#if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX)
+ efree(pwbuf);
+#endif
+ return SG(request_info).current_user;
+#endif
+ }
+}
+/* }}} */
+
/* {{{ proto bool set_time_limit(int seconds)
Sets the maximum time a script can run */
PHP_FUNCTION(set_time_limit)
@@ -1125,11 +1164,6 @@ PHP_FUNCTION(set_time_limit)
char *new_timeout_str;
int new_timeout_strlen;
- if (PG(safe_mode)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot set time limit in safe mode");
- RETURN_FALSE;
- }
-
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &new_timeout) == FAILURE) {
return;
}
@@ -1149,7 +1183,7 @@ PHP_FUNCTION(set_time_limit)
*/
static FILE *php_fopen_wrapper_for_zend(const char *filename, char **opened_path TSRMLS_DC)
{
- return php_stream_open_wrapper_as_file((char *)filename, "rb", ENFORCE_SAFE_MODE|USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE, opened_path);
+ return php_stream_open_wrapper_as_file((char *)filename, "rb", USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE, opened_path);
}
/* }}} */
@@ -1178,7 +1212,7 @@ static size_t php_zend_stream_fsizer(void *handle TSRMLS_DC) /* {{{ */
static int php_stream_open_for_zend(const char *filename, zend_file_handle *handle TSRMLS_DC) /* {{{ */
{
- return php_stream_open_for_zend_ex(filename, handle, ENFORCE_SAFE_MODE|USE_PATH|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
+ return php_stream_open_for_zend_ex(filename, handle, USE_PATH|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
}
/* }}} */
@@ -1412,8 +1446,8 @@ int php_request_startup(TSRMLS_D)
zend_set_timeout(PG(max_input_time), 1);
}
- /* Disable realpath cache if safe_mode or open_basedir are set */
- if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+ /* Disable realpath cache if an open_basedir is set */
+ if (PG(open_basedir) && *PG(open_basedir)) {
CWDG(realpath_cache_size_limit) = 0;
}
@@ -1976,8 +2010,8 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod
/* Register Zend ini entries */
zend_register_standard_ini_entries(TSRMLS_C);
- /* Disable realpath cache if safe_mode or open_basedir are set */
- if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+ /* Disable realpath cache if an open_basedir is set */
+ if (PG(open_basedir) && *PG(open_basedir)) {
CWDG(realpath_cache_size_limit) = 0;
}
@@ -2065,13 +2099,12 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod
struct {
const long error_level;
const char *phrase;
- const char *directives[7]; /* Remember to change this if the number of directives change */
- } directives[] = {
+ const char *directives[13]; /* Remember to change this if the number of directives change */
+ } directives[2] = {
{
E_CORE_WARNING,
"Directive '%s' is deprecated in PHP 5.3 and greater",
{
- "safe_mode",
"magic_quotes_gpc",
"magic_quotes_runtime",
"magic_quotes_sybase",
@@ -2082,12 +2115,18 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod
E_CORE_ERROR,
"Directive '%s' is no longer available in PHP",
{
+ "allow_call_time_pass_reference",
"define_syslog_variables",
"highlight.bg",
"register_globals",
"register_long_arrays",
+ "safe_mode",
+ "safe_mode_gid",
+ "safe_mode_include_dir",
+ "safe_mode_exec_dir",
+ "safe_mode_allowed_env_vars",
+ "safe_mode_protected_env_vars",
"zend.ze1_compatibility_mode",
- "allow_call_time_pass_reference",
NULL
}
}
diff --git a/main/network.c b/main/network.c
index 32337d2..99d4ed8 100644
--- a/main/network.c
+++ b/main/network.c
@@ -1046,7 +1046,7 @@ PHPAPI php_stream *_php_stream_sock_open_host(const char *host, unsigned short p
reslen = spprintf(&res, 0, "tcp://%s:%d", host, port);
- stream = php_stream_xport_create(res, reslen, ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ stream = php_stream_xport_create(res, reslen, REPORT_ERRORS,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, persistent_id, timeout, NULL, NULL, NULL);
efree(res);
diff --git a/main/php.h b/main/php.h
index 8bdc8c7..ccb0012 100644
--- a/main/php.h
+++ b/main/php.h
@@ -196,8 +196,6 @@ typedef unsigned int socklen_t;
# endif
#endif
-#include "safe_mode.h"
-
#ifndef HAVE_STRERROR
char *strerror(int);
#endif
@@ -331,6 +329,7 @@ PHPAPI int php_register_internal_extensions(TSRMLS_D);
PHPAPI int php_mergesort(void *base, size_t nmemb, register size_t size, int (*cmp)(const void *, const void * TSRMLS_DC) TSRMLS_DC);
PHPAPI void php_register_pre_request_shutdown(void (*func)(void *), void *userdata);
PHPAPI void php_com_initialize(TSRMLS_D);
+PHPAPI char *php_get_current_user(void);
END_EXTERN_C()
/* PHP-named Zend macro wrappers */
diff --git a/main/php_globals.h b/main/php_globals.h
index 0961573..921168e 100644
--- a/main/php_globals.h
+++ b/main/php_globals.h
@@ -58,14 +58,10 @@ struct _php_core_globals {
zend_bool magic_quotes_runtime;
zend_bool magic_quotes_sybase;
- zend_bool safe_mode;
-
zend_bool implicit_flush;
long output_buffering;
- char *safe_mode_include_dir;
- zend_bool safe_mode_gid;
zend_bool sql_safe_mode;
zend_bool enable_dl;
@@ -74,8 +70,6 @@ struct _php_core_globals {
char *unserialize_callback_func;
long serialize_precision;
- char *safe_mode_exec_dir;
-
long memory_limit;
long max_input_time;
diff --git a/main/php_ini.c b/main/php_ini.c
index e6c71a1..40cd7ef 100644
--- a/main/php_ini.c
+++ b/main/php_ini.c
@@ -365,7 +365,6 @@ int php_init_config(TSRMLS_D)
char *php_ini_file_name = NULL;
char *php_ini_search_path = NULL;
int php_ini_scanned_path_len;
- int safe_mode_state;
char *open_basedir;
int free_ini_search_path = 0;
zend_file_handle fh;
@@ -381,7 +380,6 @@ int php_init_config(TSRMLS_D)
zend_llist_init(&extension_lists.engine, sizeof(char *), (llist_dtor_func_t) free_estring, 1);
zend_llist_init(&extension_lists.functions, sizeof(char *), (llist_dtor_func_t) free_estring, 1);
- safe_mode_state = PG(safe_mode);
open_basedir = PG(open_basedir);
if (sapi_module.php_ini_path_override) {
@@ -528,7 +526,6 @@ int php_init_config(TSRMLS_D)
#endif
}
- PG(safe_mode) = 0;
PG(open_basedir) = NULL;
/*
@@ -581,7 +578,6 @@ int php_init_config(TSRMLS_D)
efree(php_ini_search_path);
}
- PG(safe_mode) = safe_mode_state;
PG(open_basedir) = open_basedir;
if (fh.handle.fp) {
diff --git a/main/php_streams.h b/main/php_streams.h
index 7a960db..fee033a 100755
--- a/main/php_streams.h
+++ b/main/php_streams.h
@@ -479,7 +479,6 @@ END_EXTERN_C()
#define IGNORE_PATH 0x00000000
#define USE_PATH 0x00000001
#define IGNORE_URL 0x00000002
-#define ENFORCE_SAFE_MODE 0x00000004
#define REPORT_ERRORS 0x00000008
/* If you don't need to write to the stream, but really need to
diff --git a/main/safe_mode.c b/main/safe_mode.c
deleted file mode 100644
index a858d11..0000000
--- a/main/safe_mode.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/*
- +----------------------------------------------------------------------+
- | PHP Version 5 |
- +----------------------------------------------------------------------+
- | Copyright (c) 1997-2010 The PHP Group |
- +----------------------------------------------------------------------+
- | This source file is subject to version 3.01 of the PHP license, |
- | that is bundled with this package in the file LICENSE, and is |
- | available through the world-wide-web at the following url: |
- | http://www.php.net/license/3_01.txt |
- | If you did not receive a copy of the PHP license and are unable to |
- | obtain it through the world-wide-web, please send a note to |
- | license@php.net so we can mail you a copy immediately. |
- +----------------------------------------------------------------------+
- | Author: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
- +----------------------------------------------------------------------+
- */
-
-/* $Id$ */
-
-#include "php.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#if HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <sys/stat.h>
-#include "ext/standard/pageinfo.h"
-#include "safe_mode.h"
-#include "SAPI.h"
-#include "php_globals.h"
-
-/*
- * php_checkuid
- *
- * This function has six modes:
- *
- * 0 - return invalid (0) if file does not exist
- * 1 - return valid (1) if file does not exist
- * 2 - if file does not exist, check directory
- * 3 - only check directory (needed for mkdir)
- * 4 - check mode and param
- * 5 - only check file
- */
-
-PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mode, int flags)
-{
- struct stat sb;
- int ret, nofile=0;
- long uid=0L, gid=0L, duid=0L, dgid=0L;
- char path[MAXPATHLEN];
- char *s, filenamecopy[MAXPATHLEN];
- TSRMLS_FETCH();
-
- path[0] = '\0';
-
- if (!filename) {
- return 0; /* path must be provided */
- }
-
- if (strlcpy(filenamecopy, filename, MAXPATHLEN)>=MAXPATHLEN) {
- return 0;
- }
- filename=(char *)&filenamecopy;
-
- if (fopen_mode) {
- if (fopen_mode[0] == 'r') {
- mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS;
- } else {
- mode = CHECKUID_CHECK_FILE_AND_DIR;
- }
- }
-
- /* First we see if the file is owned by the same user...
- * If that fails, passthrough and check directory...
- */
- if (mode != CHECKUID_ALLOW_ONLY_DIR) {
-#if HAVE_BROKEN_GETCWD
- char ftest[MAXPATHLEN];
-
- strcpy(ftest, filename);
- if (VCWD_GETCWD(ftest, sizeof(ftest)) == NULL) {
- strcpy(path, filename);
- } else
-#endif
- expand_filepath(filename, path TSRMLS_CC);
-
- ret = VCWD_STAT(path, &sb);
- if (ret < 0) {
- if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) {
- if ((flags & CHECKUID_NO_ERRORS) == 0) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
- }
- return 0;
- } else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) {
- if ((flags & CHECKUID_NO_ERRORS) == 0) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
- }
- return 1;
- }
- nofile = 1;
- } else {
- uid = sb.st_uid;
- gid = sb.st_gid;
- if (uid == php_getuid(TSRMLS_C)) {
- return 1;
- } else if (PG(safe_mode_gid) && gid == php_getgid(TSRMLS_C)) {
- return 1;
- }
- }
-
- /* Trim off filename */
- if ((s = strrchr(path, DEFAULT_SLASH))) {
- if (*(s + 1) == '\0' && s != path) { /* make sure that the / is not the last character */
- *s = '\0';
- s = strrchr(path, DEFAULT_SLASH);
- }
- if (s) {
- if (s == path) {
- path[1] = '\0';
- } else {
- *s = '\0';
- }
- }
- }
- } else { /* CHECKUID_ALLOW_ONLY_DIR */
- s = strrchr(filename, DEFAULT_SLASH);
-
- if (s == filename) {
- /* root dir */
- path[0] = DEFAULT_SLASH;
- path[1] = '\0';
- } else if (s && *(s + 1) != '\0') { /* make sure that the / is not the last character */
- *s = '\0';
- VCWD_REALPATH(filename, path);
- *s = DEFAULT_SLASH;
- } else {
- /* Under Solaris, getcwd() can fail if there are no
- * read permissions on a component of the path, even
- * though it has the required x permissions */
- path[0] = '.';
- path[1] = '\0';
- VCWD_GETCWD(path, sizeof(path));
- }
- } /* end CHECKUID_ALLOW_ONLY_DIR */
-
- if (mode != CHECKUID_ALLOW_ONLY_FILE) {
- /* check directory */
- ret = VCWD_STAT(path, &sb);
- if (ret < 0) {
- if ((flags & CHECKUID_NO_ERRORS) == 0) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
- }
- return 0;
- }
- duid = sb.st_uid;
- dgid = sb.st_gid;
- if (duid == php_getuid(TSRMLS_C)) {
- return 1;
- } else if (PG(safe_mode_gid) && dgid == php_getgid(TSRMLS_C)) {
- return 1;
- } else {
- if (SG(rfc1867_uploaded_files)) {
- if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) filename, strlen(filename)+1)) {
- return 1;
- }
- }
- }
- }
-
- if (mode == CHECKUID_ALLOW_ONLY_DIR) {
- uid = duid;
- gid = dgid;
- if (s) {
- *s = 0;
- }
- }
-
- if (nofile) {
- uid = duid;
- gid = dgid;
- filename = path;
- }
-
- if ((flags & CHECKUID_NO_ERRORS) == 0) {
- if (PG(safe_mode_gid)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld", php_getuid(TSRMLS_C), php_getgid(TSRMLS_C), filename, uid, gid);
- } else {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", php_getuid(TSRMLS_C), filename, uid);
- }
- }
-
- return 0;
-}
-
-PHPAPI int php_checkuid(const char *filename, const char *fopen_mode, int mode)
-{
-#ifdef NETWARE
-/* NetWare don't have uid*/
- return 1;
-#else
- return php_checkuid_ex(filename, fopen_mode, mode, 0);
-#endif
-}
-
-PHPAPI char *php_get_current_user(void)
-{
- struct stat *pstat;
- TSRMLS_FETCH();
-
- if (SG(request_info).current_user) {
- return SG(request_info).current_user;
- }
-
- /* FIXME: I need to have this somehow handled if
- USE_SAPI is defined, because cgi will also be
- interfaced in USE_SAPI */
-
- pstat = sapi_get_stat(TSRMLS_C);
-
- if (!pstat) {
- return "";
- } else {
-#ifdef PHP_WIN32
- char name[256];
- DWORD len = sizeof(name)-1;
-
- if (!GetUserName(name, &len)) {
- return "";
- }
- name[len] = '\0';
- SG(request_info).current_user_length = len;
- SG(request_info).current_user = estrndup(name, len);
- return SG(request_info).current_user;
-#else
- struct passwd *pwd;
-#if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX)
- struct passwd _pw;
- struct passwd *retpwptr = NULL;
- int pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
- char *pwbuf;
-
- if (pwbuflen < 1) {
- return "";
- }
- pwbuf = emalloc(pwbuflen);
- if (getpwuid_r(pstat->st_uid, &_pw, pwbuf, pwbuflen, &retpwptr) != 0) {
- efree(pwbuf);
- return "";
- }
- pwd = &_pw;
-#else
- if ((pwd=getpwuid(pstat->st_uid))==NULL) {
- return "";
- }
-#endif
- SG(request_info).current_user_length = strlen(pwd->pw_name);
- SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length);
-#if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX)
- efree(pwbuf);
-#endif
- return SG(request_info).current_user;
-#endif
- }
-}
-
-/*
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 fdm=marker
- * vim<600: sw=4 ts=4
- */
diff --git a/main/safe_mode.h b/main/safe_mode.h
deleted file mode 100644
index 3c3769d..0000000
--- a/main/safe_mode.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- +----------------------------------------------------------------------+
- | PHP Version 5 |
- +----------------------------------------------------------------------+
- | Copyright (c) 1997-2010 The PHP Group |
- +----------------------------------------------------------------------+
- | This source file is subject to version 3.01 of the PHP license, |
- | that is bundled with this package in the file LICENSE, and is |
- | available through the world-wide-web at the following url: |
- | http://www.php.net/license/3_01.txt |
- | If you did not receive a copy of the PHP license and are unable to |
- | obtain it through the world-wide-web, please send a note to |
- | license@php.net so we can mail you a copy immediately. |
- +----------------------------------------------------------------------+
- | Author: |
- +----------------------------------------------------------------------+
-*/
-
-/* $Id$ */
-
-#ifndef SAFE_MODE_H
-#define SAFE_MODE_H
-
-/* mode's for php_checkuid() */
-#define CHECKUID_DISALLOW_FILE_NOT_EXISTS 0
-#define CHECKUID_ALLOW_FILE_NOT_EXISTS 1
-#define CHECKUID_CHECK_FILE_AND_DIR 2
-#define CHECKUID_ALLOW_ONLY_DIR 3
-#define CHECKUID_CHECK_MODE_PARAM 4
-#define CHECKUID_ALLOW_ONLY_FILE 5
-
-/* flags for php_checkuid_ex() */
-#define CHECKUID_NO_ERRORS 0x01
-
-BEGIN_EXTERN_C()
-PHPAPI int php_checkuid(const char *filename, const char *fopen_mode, int mode);
-PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mode, int flags);
-PHPAPI char *php_get_current_user(void);
-END_EXTERN_C()
-
-#endif
diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c
index 23b9ccb..0f1d837 100644
--- a/main/streams/plain_wrapper.c
+++ b/main/streams/plain_wrapper.c
@@ -859,10 +859,6 @@ static php_stream *php_plain_files_dir_opener(php_stream_wrapper *wrapper, char
return NULL;
}
- if (PG(safe_mode) &&(!php_checkuid(path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return NULL;
- }
-
dir = VCWD_OPENDIR(path);
#ifdef PHP_WIN32
@@ -992,13 +988,6 @@ static php_stream *php_plain_files_stream_opener(php_stream_wrapper *wrapper, ch
return NULL;
}
- if ((php_check_safe_mode_include_dir(path TSRMLS_CC)) == 0) {
- return php_stream_fopen_rel(path, mode, opened_path, options);
- }
-
- if ((options & ENFORCE_SAFE_MODE) && PG(safe_mode) && (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM)))
- return NULL;
-
return php_stream_fopen_rel(path, mode, opened_path, options);
}
@@ -1009,10 +998,6 @@ static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url, in
url += sizeof("file://") - 1;
}
- if (PG(safe_mode) &&(!php_checkuid_ex(url, NULL, CHECKUID_CHECK_FILE_AND_DIR, (flags & PHP_STREAM_URL_STAT_QUIET) ? CHECKUID_NO_ERRORS : 0))) {
- return -1;
- }
-
if (php_check_open_basedir_ex(url, (flags & PHP_STREAM_URL_STAT_QUIET) ? 0 : 1 TSRMLS_CC)) {
return -1;
}
@@ -1034,16 +1019,6 @@ static int php_plain_files_unlink(php_stream_wrapper *wrapper, char *url, int op
url = p + 3;
}
- if (options & ENFORCE_SAFE_MODE) {
- if (PG(safe_mode) && !php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
- return 0;
- }
-
- if (php_check_open_basedir(url TSRMLS_CC)) {
- return 0;
- }
- }
-
ret = VCWD_UNLINK(url);
if (ret == -1) {
if (options & REPORT_ERRORS) {
@@ -1086,11 +1061,6 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, char *url_from, c
url_to = p + 3;
}
- if (PG(safe_mode) && (!php_checkuid(url_from, NULL, CHECKUID_CHECK_FILE_AND_DIR) ||
- !php_checkuid(url_to, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return 0;
- }
-
if (php_check_open_basedir(url_from TSRMLS_CC) || php_check_open_basedir(url_to TSRMLS_CC)) {
return 0;
}
@@ -1246,10 +1216,6 @@ static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int opt
#if PHP_WIN32
int url_len = strlen(url);
#endif
- if (PG(safe_mode) &&(!php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
- return 0;
- }
-
if (php_check_open_basedir(url TSRMLS_CC)) {
return 0;
}
@@ -1298,7 +1264,6 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char
char *pathbuf, *ptr, *end;
char *exec_fname;
char trypath[MAXPATHLEN];
- struct stat sb;
php_stream *stream;
int path_length;
int filename_length;
@@ -1330,17 +1295,9 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char
return NULL;
}
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
return php_stream_fopen_rel(filename, mode, opened_path, options);
}
- /*
- * files in safe_mode_include_dir (or subdir) are excluded from
- * safe mode GID/UID checks
- */
-
not_relative_path:
/* Absolute path open */
@@ -1350,13 +1307,6 @@ not_relative_path:
return NULL;
}
- if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0)
- /* filename is in safe_mode_include_dir (or subdir) */
- return php_stream_fopen_rel(filename, mode, opened_path, options);
-
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM)))
- return NULL;
-
return php_stream_fopen_rel(filename, mode, opened_path, options);
}
@@ -1377,21 +1327,12 @@ not_relative_path:
if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(trypath TSRMLS_CC)) {
return NULL;
}
- if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC)) == 0) {
- return php_stream_fopen_rel(trypath, mode, opened_path, options);
- }
- if (PG(safe_mode) && (!php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
return php_stream_fopen_rel(trypath, mode, opened_path, options);
}
#endif
if (!path || (path && !*path)) {
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
return php_stream_fopen_rel(filename, mode, opened_path, options);
}
@@ -1439,21 +1380,8 @@ not_relative_path:
goto stream_skip;
}
- if (PG(safe_mode)) {
- if (VCWD_STAT(trypath, &sb) == 0) {
- /* file exists ... check permission */
- if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) ||
- php_checkuid_ex(trypath, mode, CHECKUID_CHECK_MODE_PARAM, CHECKUID_NO_ERRORS)) {
- /* UID ok, or trypath is in safe_mode_include_dir */
- stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
- goto stream_done;
- }
- }
- goto stream_skip;
- }
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) {
-stream_done:
efree(pathbuf);
return stream;
}
diff --git a/main/streams/streams.c b/main/streams/streams.c
index ccb7e34..cbfccb4 100755
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -1693,7 +1693,7 @@ PHPAPI int _php_stream_mkdir(char *path, int mode, int options, php_stream_conte
{
php_stream_wrapper *wrapper = NULL;
- wrapper = php_stream_locate_url_wrapper(path, NULL, ENFORCE_SAFE_MODE TSRMLS_CC);
+ wrapper = php_stream_locate_url_wrapper(path, NULL, 0 TSRMLS_CC);
if (!wrapper || !wrapper->wops || !wrapper->wops->stream_mkdir) {
return 0;
}
@@ -1708,7 +1708,7 @@ PHPAPI int _php_stream_rmdir(char *path, int options, php_stream_context *contex
{
php_stream_wrapper *wrapper = NULL;
- wrapper = php_stream_locate_url_wrapper(path, NULL, ENFORCE_SAFE_MODE TSRMLS_CC);
+ wrapper = php_stream_locate_url_wrapper(path, NULL, 0 TSRMLS_CC);
if (!wrapper || !wrapper->wops || !wrapper->wops->stream_rmdir) {
return 0;
}
@@ -1737,7 +1737,7 @@ PHPAPI int _php_stream_stat_path(char *path, int flags, php_stream_statbuf *ssb,
}
}
- wrapper = php_stream_locate_url_wrapper(path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC);
+ wrapper = php_stream_locate_url_wrapper(path, &path_to_open, 0 TSRMLS_CC);
if (wrapper && wrapper->wops->url_stat) {
ret = wrapper->wops->url_stat(wrapper, path_to_open, flags, ssb, context TSRMLS_CC);
if (ret == 0) {
@@ -2151,7 +2151,7 @@ PHPAPI int _php_stream_scandir(char *dirname, char **namelist[], int flags, php_
return FAILURE;
}
- stream = php_stream_opendir(dirname, ENFORCE_SAFE_MODE | REPORT_ERRORS, context);
+ stream = php_stream_opendir(dirname, REPORT_ERRORS, context);
if (!stream) {
return FAILURE;
}
diff --git a/main/streams/userspace.c b/main/streams/userspace.c
index ccc4aff..d532a16 100644
--- a/main/streams/userspace.c
+++ b/main/streams/userspace.c
@@ -77,7 +77,6 @@ PHP_MINIT_FUNCTION(user_streams)
REGISTER_LONG_CONSTANT("STREAM_USE_PATH", USE_PATH, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_IGNORE_URL", IGNORE_URL, CONST_CS|CONST_PERSISTENT);
- REGISTER_LONG_CONSTANT("STREAM_ENFORCE_SAFE_MODE", ENFORCE_SAFE_MODE, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_REPORT_ERRORS", REPORT_ERRORS, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_MUST_SEEK", STREAM_MUST_SEEK, CONST_CS|CONST_PERSISTENT);
diff --git a/pear/Makefile.frag b/pear/Makefile.frag
index 1f6f70e..00bacae 100644
--- a/pear/Makefile.frag
+++ b/pear/Makefile.frag
@@ -3,7 +3,7 @@
peardir=$(PEAR_INSTALLDIR)
# Skip all php.ini files altogether
-PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dsafe_mode=0 -dopen_basedir= -derror_reporting=1803 -dmemory_limit=-1 -ddetect_unicode=0
+PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dopen_basedir= -derror_reporting=1803 -dmemory_limit=-1 -ddetect_unicode=0
WGET = `which wget 2>/dev/null`
FETCH = `which fetch 2>/dev/null`
diff --git a/php.ini-development b/php.ini-development
index cd716d0..ab8091f 100644
--- a/php.ini-development
+++ b/php.ini-development
@@ -305,44 +305,6 @@ unserialize_callback_func =
; are decoded with unserialize, the data will remain the same.
serialize_precision = 100
-; Safe Mode
-; http://php.net/safe-mode
-safe_mode = Off
-
-; By default, Safe Mode does a UID compare check when
-; opening files. If you want to relax this to a GID compare,
-; then turn on safe_mode_gid.
-; http://php.net/safe-mode-gid
-safe_mode_gid = Off
-
-; When safe_mode is on, UID/GID checks are bypassed when
-; including files from this directory and its subdirectories.
-; (directory must also be in include_path or full path must
-; be used when including)
-; http://php.net/safe-mode-include-dir
-safe_mode_include_dir =
-
-; When safe_mode is on, only executables located in the safe_mode_exec_dir
-; will be allowed to be executed via the exec family of functions.
-; http://php.net/safe-mode-exec-dir
-safe_mode_exec_dir =
-
-; Setting certain environment variables may be a potential security breach.
-; This directive contains a comma-delimited list of prefixes. In Safe Mode,
-; the user may only alter environment variables whose names begin with the
-; prefixes supplied here. By default, users will only be able to set
-; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
-; Note: If this directive is empty, PHP will let the user modify ANY
-; environment variable!
-; http://php.net/safe-mode-allowed-env-vars
-safe_mode_allowed_env_vars = PHP_
-
-; This directive contains a comma-delimited list of environment variables that
-; the end user won't be able to change using putenv(). These variables will be
-; protected even if safe_mode_allowed_env_vars is set to allow to change them.
-; http://php.net/safe-mode-protected-env-vars
-safe_mode_protected_env_vars = LD_LIBRARY_PATH
-
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
diff --git a/php.ini-production b/php.ini-production
index 2f6c1c0..37e7aff 100644
--- a/php.ini-production
+++ b/php.ini-production
@@ -305,44 +305,6 @@ unserialize_callback_func =
; are decoded with unserialize, the data will remain the same.
serialize_precision = 100
-; Safe Mode
-; http://php.net/safe-mode
-safe_mode = Off
-
-; By default, Safe Mode does a UID compare check when
-; opening files. If you want to relax this to a GID compare,
-; then turn on safe_mode_gid.
-; http://php.net/safe-mode-gid
-safe_mode_gid = Off
-
-; When safe_mode is on, UID/GID checks are bypassed when
-; including files from this directory and its subdirectories.
-; (directory must also be in include_path or full path must
-; be used when including)
-; http://php.net/safe-mode-include-dir
-safe_mode_include_dir =
-
-; When safe_mode is on, only executables located in the safe_mode_exec_dir
-; will be allowed to be executed via the exec family of functions.
-; http://php.net/safe-mode-exec-dir
-safe_mode_exec_dir =
-
-; Setting certain environment variables may be a potential security breach.
-; This directive contains a comma-delimited list of prefixes. In Safe Mode,
-; the user may only alter environment variables whose names begin with the
-; prefixes supplied here. By default, users will only be able to set
-; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
-; Note: If this directive is empty, PHP will let the user modify ANY
-; environment variable!
-; http://php.net/safe-mode-allowed-env-vars
-safe_mode_allowed_env_vars = PHP_
-
-; This directive contains a comma-delimited list of environment variables that
-; the end user won't be able to change using putenv(). These variables will be
-; protected even if safe_mode_allowed_env_vars is set to allow to change them.
-; http://php.net/safe-mode-protected-env-vars
-safe_mode_protected_env_vars = LD_LIBRARY_PATH
-
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
diff --git a/sapi/apache/mod_php5.c b/sapi/apache/mod_php5.c
index 6b287c1..25b5ef7 100644
--- a/sapi/apache/mod_php5.c
+++ b/sapi/apache/mod_php5.c
@@ -542,7 +542,7 @@ static void init_request_info(TSRMLS_D)
SG(request_info).auth_password = NULL;
SG(request_info).auth_digest = NULL;
- if (authorization && (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r)))) {
+ if (authorization) {
char *p = getword(r->pool, &authorization, ' ');
if (!strcasecmp(p, "Basic")) {
tmp = uudecode(r->pool, authorization);
diff --git a/sapi/apache/php_apache.c b/sapi/apache/php_apache.c
index 20a5160..2eb9277 100644
--- a/sapi/apache/php_apache.c
+++ b/sapi/apache/php_apache.c
@@ -272,7 +272,7 @@ PHP_MINFO_FUNCTION(apache)
env_arr = table_elts(r->headers_in);
env = (table_entry *)env_arr->elts;
for (i = 0; i < env_arr->nelts; ++i) {
- if (env[i].key && (!PG(safe_mode) || (PG(safe_mode) && strncasecmp(env[i].key, "authorization", 13)))) {
+ if (env[i].key) {
php_info_print_table_row(2, env[i].key, env[i].val);
}
}
@@ -401,9 +401,7 @@ PHP_FUNCTION(apache_request_headers)
env_arr = table_elts(((request_rec *) SG(server_context))->headers_in);
tenv = (table_entry *)env_arr->elts;
for (i = 0; i < env_arr->nelts; ++i) {
- if (!tenv[i].key ||
- (PG(safe_mode) &&
- !strncasecmp(tenv[i].key, "authorization", 13))) {
+ if (!tenv[i].key) {
continue;
}
if (add_assoc_string(return_value, tenv[i].key, (tenv[i].val==NULL) ? "" : tenv[i].val, 1)==FAILURE) {
@@ -594,11 +592,6 @@ PHP_FUNCTION(apache_get_modules)
Reset the Apache write timer */
PHP_FUNCTION(apache_reset_timeout)
{
- if (PG(safe_mode)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot reset the Apache timeout in safe mode");
- RETURN_FALSE;
- }
-
ap_reset_timeout((request_rec *)SG(server_context));
RETURN_TRUE;
}
diff --git a/sapi/apache2filter/sapi_apache2.c b/sapi/apache2filter/sapi_apache2.c
index c9719b5..2a7d5b7 100644
--- a/sapi/apache2filter/sapi_apache2.c
+++ b/sapi/apache2filter/sapi_apache2.c
@@ -426,17 +426,16 @@ static void php_apache_request_ctor(ap_filter_t *f, php_struct *ctx TSRMLS_DC)
apr_table_unset(f->r->headers_out, "Last-Modified");
apr_table_unset(f->r->headers_out, "Expires");
apr_table_unset(f->r->headers_out, "ETag");
- if (!PG(safe_mode) || (PG(safe_mode) && !ap_auth_type(f->r))) {
- auth = apr_table_get(f->r->headers_in, "Authorization");
- php_handle_auth_data(auth TSRMLS_CC);
- if (SG(request_info).auth_user == NULL && f->r->user) {
- SG(request_info).auth_user = estrdup(f->r->user);
- }
- ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);
- } else {
- SG(request_info).auth_user = NULL;
- SG(request_info).auth_password = NULL;
+
+ auth = apr_table_get(f->r->headers_in, "Authorization");
+ php_handle_auth_data(auth TSRMLS_CC);
+
+ if (SG(request_info).auth_user == NULL && f->r->user) {
+ SG(request_info).auth_user = estrdup(f->r->user);
}
+
+ ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);
+
php_request_startup(TSRMLS_C);
}
diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c
index 386bef0..22e8792 100644
--- a/sapi/apache2handler/sapi_apache2.c
+++ b/sapi/apache2handler/sapi_apache2.c
@@ -476,17 +476,16 @@ static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC)
apr_table_unset(r->headers_out, "Last-Modified");
apr_table_unset(r->headers_out, "Expires");
apr_table_unset(r->headers_out, "ETag");
- if (!PG(safe_mode) || (PG(safe_mode) && !ap_auth_type(r))) {
- auth = apr_table_get(r->headers_in, "Authorization");
- php_handle_auth_data(auth TSRMLS_CC);
- if (SG(request_info).auth_user == NULL && r->user) {
- SG(request_info).auth_user = estrdup(r->user);
- }
- ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);
- } else {
- SG(request_info).auth_user = NULL;
- SG(request_info).auth_password = NULL;
+
+ auth = apr_table_get(r->headers_in, "Authorization");
+ php_handle_auth_data(auth TSRMLS_CC);
+
+ if (SG(request_info).auth_user == NULL && r->user) {
+ SG(request_info).auth_user = estrdup(r->user);
}
+
+ ctx->r->user = apr_pstrdup(ctx->r->pool, SG(request_info).auth_user);
+
return php_request_startup(TSRMLS_C);
}
diff --git a/sapi/apache_hooks/php_apache.c b/sapi/apache_hooks/php_apache.c
index 20425ba..c0fd59e 100644
--- a/sapi/apache_hooks/php_apache.c
+++ b/sapi/apache_hooks/php_apache.c
@@ -44,7 +44,7 @@ extern module **ap_loaded_modules;
static int le_apachereq;
static zend_class_entry *apacherequest_class_entry;
-static void apache_table_to_zval(table *, int safe_mode, zval *return_value);
+static void apache_table_to_zval(table *, zval *return_value);
PHP_FUNCTION(virtual);
PHP_FUNCTION(apache_request_headers);
@@ -567,7 +567,7 @@ PHP_FUNCTION(apache_request_headers_in)
APREQ_GET_REQUEST(id, r);
- apache_table_to_zval(r->headers_in, 0, return_value);
+ apache_table_to_zval(r->headers_in, return_value);
}
/* }}} */
@@ -664,7 +664,7 @@ PHP_FUNCTION(apache_request_headers_out)
add_header_to_table(r->headers_out, INTERNAL_FUNCTION_PARAM_PASSTHRU);
}
- apache_table_to_zval(r->headers_out, 0, return_value);
+ apache_table_to_zval(r->headers_out, return_value);
}
/* }}} */
@@ -683,7 +683,7 @@ PHP_FUNCTION(apache_request_err_headers_out)
add_header_to_table(r->err_headers_out, INTERNAL_FUNCTION_PARAM_PASSTHRU);
}
- apache_table_to_zval(r->err_headers_out, 0, return_value);
+ apache_table_to_zval(r->err_headers_out, return_value);
}
/* }}} */
@@ -1683,7 +1683,7 @@ PHP_MINFO_FUNCTION(apache)
env_arr = table_elts(r->headers_in);
env = (table_entry *)env_arr->elts;
for (i = 0; i < env_arr->nelts; ++i) {
- if (env[i].key && (!PG(safe_mode) || (PG(safe_mode) && strncasecmp(env[i].key, "authorization", 13)))) {
+ if (env[i].key) {
php_info_print_table_row(2, env[i].key, env[i].val);
}
}
@@ -1751,9 +1751,9 @@ PHP_FUNCTION(virtual)
/* }}} */
-/* {{{ apache_table_to_zval(table *, int safe_mode, zval *return_value)
+/* {{{ apache_table_to_zval(table *, zval *return_value)
Fetch all HTTP request headers */
-static void apache_table_to_zval(table *t, int safe_mode, zval *return_value)
+static void apache_table_to_zval(table *t, zval *return_value)
{
array_header *env_arr;
table_entry *tenv;
@@ -1763,8 +1763,7 @@ static void apache_table_to_zval(table *t, int safe_mode, zval *return_value)
env_arr = table_elts(t);
tenv = (table_entry *)env_arr->elts;
for (i = 0; i < env_arr->nelts; ++i) {
- if (!tenv[i].key ||
- (safe_mode && !strncasecmp(tenv[i].key, "authorization", 13))) {
+ if (!tenv[i].key) {
continue;
}
if (add_assoc_string(return_value, tenv[i].key, (tenv[i].val==NULL) ? "" : tenv[i].val, 1)==FAILURE) {
@@ -1789,7 +1788,7 @@ PHP_FUNCTION(apache_request_headers)
return;
}
- apache_table_to_zval(((request_rec *)SG(server_context))->headers_in, PG(safe_mode), return_value);
+ apache_table_to_zval(((request_rec *)SG(server_context))->headers_in, return_value);
}
/* }}} */
@@ -1801,7 +1800,7 @@ PHP_FUNCTION(apache_response_headers)
return;
}
- apache_table_to_zval(((request_rec *) SG(server_context))->headers_out, 0, return_value);
+ apache_table_to_zval(((request_rec *) SG(server_context))->headers_out, return_value);
}
/* }}} */
diff --git a/sapi/nsapi/nsapi.c b/sapi/nsapi/nsapi.c
index 8d8363c..e2048fd 100644
--- a/sapi/nsapi/nsapi.c
+++ b/sapi/nsapi/nsapi.c
@@ -414,9 +414,7 @@ PHP_FUNCTION(nsapi_request_headers)
for (i=0; i < rc->rq->headers->hsize; i++) {
entry=rc->rq->headers->ht[i];
while (entry) {
- if (!PG(safe_mode) || strncasecmp(entry->param->name, "authorization", 13)) {
- add_assoc_string(return_value, entry->param->name, entry->param->value, 1);
- }
+ add_assoc_string(return_value, entry->param->name, entry->param->value, 1);
entry=entry->next;
}
}
@@ -676,24 +674,22 @@ static void sapi_nsapi_register_server_variables(zval *track_vars_array TSRMLS_D
for (i=0; i < rc->rq->headers->hsize; i++) {
entry=rc->rq->headers->ht[i];
while (entry) {
- if (!PG(safe_mode) || strncasecmp(entry->param->name, "authorization", 13)) {
- if (strcasecmp(entry->param->name, "content-length")==0 || strcasecmp(entry->param->name, "content-type")==0) {
- value=estrdup(entry->param->name);
- pos = 0;
- } else {
- spprintf(&value, 0, "HTTP_%s", entry->param->name);
- pos = 5;
- }
- if (value) {
- for(p = value + pos; *p; p++) {
- *p = toupper(*p);
- if (*p < 'A' || *p > 'Z') {
- *p = '_';
- }
+ if (strcasecmp(entry->param->name, "content-length")==0 || strcasecmp(entry->param->name, "content-type")==0) {
+ value=estrdup(entry->param->name);
+ pos = 0;
+ } else {
+ spprintf(&value, 0, "HTTP_%s", entry->param->name);
+ pos = 5;
+ }
+ if (value) {
+ for(p = value + pos; *p; p++) {
+ *p = toupper(*p);
+ if (*p < 'A' || *p > 'Z') {
+ *p = '_';
}
- php_register_variable(value, entry->param->value, track_vars_array TSRMLS_CC);
- efree(value);
}
+ php_register_variable(value, entry->param->value, track_vars_array TSRMLS_CC);
+ efree(value);
}
entry=entry->next;
}
@@ -1033,7 +1029,7 @@ int NSAPI_PUBLIC php5_execute(pblock *pb, Session *sn, Request *rq)
nsapi_php_ini_entries(NSLS_C TSRMLS_CC);
- if (!PG(safe_mode)) php_handle_auth_data(pblock_findval("authorization", rq->headers) TSRMLS_CC);
+ php_handle_auth_data(pblock_findval("authorization", rq->headers) TSRMLS_CC);
file_handle.type = ZEND_HANDLE_FILENAME;
file_handle.filename = SG(request_info).path_translated;
diff --git a/win32/build/config.w32 b/win32/build/config.w32
index d876566..0bc2e96 100644
--- a/win32/build/config.w32
+++ b/win32/build/config.w32
@@ -331,7 +331,7 @@ if (VCVERS == 1200) {
AC_DEFINE('ZEND_DVAL_TO_LVAL_CAST_OK', 1);
}
-ADD_SOURCES("main", "main.c snprintf.c spprintf.c safe_mode.c getopt.c fopen_wrappers.c \
+ADD_SOURCES("main", "main.c snprintf.c spprintf.c getopt.c fopen_wrappers.c \
php_scandir.c php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c network.c \
php_open_temporary_file.c php_logos.c output.c internal_functions.c php_sprintf.c");
diff --git a/win32/build/config.w32.h.in b/win32/build/config.w32.h.in
index 119e1c1..fffa876 100644
--- a/win32/build/config.w32.h.in
+++ b/win32/build/config.w32.h.in
@@ -33,7 +33,6 @@
/* PHP Runtime Configuration */
#define PHP_URL_FOPEN 1
-#define PHP_SAFE_MODE 0
#define MAGIC_QUOTES 0
#define USE_CONFIG_FILE 1
#define DEFAULT_SHORT_OPEN_TAG "1"
diff --git a/win32/install.txt b/win32/install.txt
index 0368e91..a97be80 100644
--- a/win32/install.txt
+++ b/win32/install.txt
@@ -1488,7 +1488,7 @@ Running PHP as an Apache module
Example 5-2. Apache configuration example
<IfModule mod_php5.c>
php_value include_path ".:/usr/local/lib/php"
- php_admin_flag safe_mode on
+ php_admin_flag engine on
</IfModule>
Caution