Skip to content

Commit

Permalink
Removed safe_mode
Browse files Browse the repository at this point in the history
 * Removed ini options, safe_mode*
 * Removed --enable-safe-mode --with-exec-dir configure options on Unix
 * Updated extensions, SAPI's and core
 * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
KalleZ committed Apr 26, 2010
1 parent 3c78ad7 commit dd8e59d
Showing 123 changed files with 418 additions and 1,461 deletions.
8 changes: 2 additions & 6 deletions INSTALL
Original file line number Diff line number Diff line change
@@ -1584,15 +1584,11 @@ Running PHP as an Apache module
Example 6-2. Apache configuration example
<IfModule mod_php5.c>
php_value include_path ".:/usr/local/lib/php"
php_admin_flag safe_mode on
php_admin_flag engine on
</IfModule>
<IfModule mod_php4.c>
php_value include_path ".:/usr/local/lib/php"
php_admin_flag safe_mode on
</IfModule>
<IfModule mod_php3.c>
php3_include_path ".:/usr/local/lib/php"
php3_safe_mode on
php_admin_flag engine on
</IfModule>

Caution
4 changes: 2 additions & 2 deletions Makefile.gcov
Original file line number Diff line number Diff line change
@@ -13,13 +13,13 @@ lcov-test: all
TEST_PHP_EXECUTABLE=$(PHP_EXECUTABLE) \
TEST_PHP_SRCDIR=$(top_srcdir) \
CC="$(CC)" \
$(PHP_EXECUTABLE) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \
$(PHP_EXECUTABLE) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \
elif test ! -z "$(SAPI_CLI_PATH)" && test -x "$(SAPI_CLI_PATH)"; then \
NO_INTERACTION=1 \
TEST_PHP_EXECUTABLE=$(top_builddir)/$(SAPI_CLI_PATH) \
TEST_PHP_SRCDIR=$(top_srcdir) \
CC="$(CC)" \
$(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \
$(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \
else \
echo "ERROR: Cannot run tests without CLI sapi."; \
fi
2 changes: 1 addition & 1 deletion Makefile.global
Original file line number Diff line number Diff line change
@@ -79,7 +79,7 @@ PHP_TEST_SHARED_EXTENSIONS = ` \
. $$i; $(top_srcdir)/build/shtool echo -n -- " -d $(ZEND_EXT_TYPE)=$(top_builddir)/modules/$$dlname"; \
done; \
fi`
PHP_DEPRECATED_DIRECTIVES_REGEX = '^(safe_mode|magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*='
PHP_DEPRECATED_DIRECTIVES_REGEX = '^(magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*='

test: all
-@if test ! -z "$(PHP_EXECUTABLE)" && test -x "$(PHP_EXECUTABLE)"; then \
3 changes: 2 additions & 1 deletion NEWS
Original file line number Diff line number Diff line change
@@ -35,12 +35,13 @@
is present at compile time. (Rasmus)

- Removed legacy features:
. allow_call_time_pass_reference. (Pierrick)
. define_syslog_variables ini option and its associated function. (Kalle)
. highlight.bg ini option. (Kalle)
. import_request_variables(). (Kalle)
. register_globals. (Kalle)
. allow_call_time_pass_reference. (Pierrick)
. register_long_arrays ini option. (Kalle)
. Safe mode. (Kalle)
. Session bug compatibility mode (session.bug_compat42 and
session.bug_compat_warn ini options). (Kalle)
. session_is_registered(), session_register() and session_unregister()
24 changes: 1 addition & 23 deletions configure.in
Original file line number Diff line number Diff line change
@@ -820,28 +820,6 @@ AC_MSG_RESULT([$PHP_CONFIG_FILE_SCAN_DIR])

test -n "$DEBUG_CFLAGS" && CFLAGS="$CFLAGS $DEBUG_CFLAGS"

PHP_ARG_ENABLE(safe-mode, whether to enable safe mode by default,
[ --enable-safe-mode Enable safe mode by default], no, no)

if test "$PHP_SAFE_MODE" = "yes"; then
AC_DEFINE(PHP_SAFE_MODE,1,[ ])
else
AC_DEFINE(PHP_SAFE_MODE,0,[ ])
fi

AC_MSG_CHECKING([for safe mode exec dir])
PHP_ARG_WITH(exec-dir,,
[ --with-exec-dir[=DIR] Only allow executables in DIR under safe-mode
[/usr/local/php/bin]], no, no)

if test "$PHP_EXEC_DIR" != "no" && test "$PHP_EXEC_DIR" != "yes" ; then
AC_DEFINE_UNQUOTED(PHP_SAFE_MODE_EXEC_DIR, "$PHP_EXEC_DIR", [ ])
AC_MSG_RESULT([$PHP_EXEC_DIR])
else
AC_DEFINE(PHP_SAFE_MODE_EXEC_DIR, "/usr/local/php/bin", [ ])
AC_MSG_RESULT([/usr/local/php/bin])
fi

PHP_ARG_ENABLE(sigchild, whether to enable PHP's own SIGCHLD handler,
[ --enable-sigchild Enable PHP's own SIGCHLD handler], no, no)

@@ -1410,7 +1388,7 @@ PHP_INSTALL_HEADERS([Zend/ TSRM/ include/ main/ main/streams/])
PHP_ADD_SOURCES(TSRM, TSRM.c tsrm_strtok_r.c tsrm_virtual_cwd.c)

PHP_ADD_SOURCES(main, main.c snprintf.c spprintf.c php_sprintf.c \
safe_mode.c fopen_wrappers.c alloca.c php_scandir.c \
fopen_wrappers.c alloca.c php_scandir.c \
php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
network.c php_open_temporary_file.c php_logos.c \
6 changes: 3 additions & 3 deletions ext/bz2/bz2.c
Original file line number Diff line number Diff line change
@@ -219,7 +219,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
path_copy = path;
#endif

if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) {
if (php_check_open_basedir(path_copy TSRMLS_CC)) {
return NULL;
}

@@ -233,7 +233,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,

if (bz_file == NULL) {
/* that didn't work, so try and get something from the network/wrapper */
stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);

if (stream) {
int fd;
@@ -386,7 +386,7 @@ static PHP_FUNCTION(bzopen)
stream = php_stream_bz2open(NULL,
Z_STRVAL_PP(file),
mode,
ENFORCE_SAFE_MODE | REPORT_ERRORS,
REPORT_ERRORS,
NULL);
} else if (Z_TYPE_PP(file) == IS_RESOURCE) {
/* If it is a resource, than its a stream resource */
6 changes: 2 additions & 4 deletions ext/com_dotnet/com_persist.c
Original file line number Diff line number Diff line change
@@ -386,8 +386,7 @@ CPH_METHOD(SaveToFile)
RETURN_FALSE;
}

if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
php_check_open_basedir(fullpath TSRMLS_CC)) {
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
RETURN_FALSE;
}
@@ -449,8 +448,7 @@ CPH_METHOD(LoadFromFile)
RETURN_FALSE;
}

if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
php_check_open_basedir(fullpath TSRMLS_CC)) {
if (php_check_open_basedir(fullpath TSRMLS_CC)) {
efree(fullpath);
RETURN_FALSE;
}
26 changes: 13 additions & 13 deletions ext/curl/interface.c
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| [email protected] so we can mail you a copy immediately. |
| [email protected] so we can mail you 6 copy immediately. |
+----------------------------------------------------------------------+
| Author: Sterling Hughes <[email protected]> |
+----------------------------------------------------------------------+
@@ -169,8 +169,8 @@ static int php_curl_option_url(php_curl *ch, const char *url, const int len TSRM
#if LIBCURL_VERSION_NUM < 0x071100
char *copystr = NULL;
#endif
/* Disable file:// if open_basedir or safe_mode are used */
if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
/* Disable file:// if open_basedir are used */
if (PG(open_basedir) && *PG(open_basedir)) {
#if LIBCURL_VERSION_NUM >= 0x071304
error = curl_easy_setopt(ch->cp, CURLOPT_PROTOCOLS, CURLPROTO_ALL & ~CURLPROTO_FILE);
#else
@@ -1664,8 +1664,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
convert_to_long_ex(zvalue);
#if LIBCURL_VERSION_NUM >= 0x71304
if ((option == CURLOPT_PROTOCOLS || option == CURLOPT_REDIR_PROTOCOLS) &&
((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when in safe_mode or an open_basedir is set");
(PG(open_basedir) && *PG(open_basedir)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when an open_basedir is set");
RETVAL_FALSE;
return 1;
}
@@ -1674,9 +1674,9 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
break;
case CURLOPT_FOLLOWLOCATION:
convert_to_long_ex(zvalue);
if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
if (PG(open_basedir) && *PG(open_basedir)) {
if (Z_LVAL_PP(zvalue) != 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set");
php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set");
RETVAL_FALSE;
return 1;
}
@@ -1728,7 +1728,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
option == CURLOPT_SSH_PUBLIC_KEYFILE || option == CURLOPT_SSH_PRIVATE_KEYFILE

) {
if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}
@@ -1938,8 +1938,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
if ((filename = php_memnstr(postval, ";filename=", sizeof(";filename=") - 1, postval + Z_STRLEN_PP(current)))) {
*filename = '\0';
}
/* safe_mode / open_basedir check */
if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
/* open_basedir check */
if (php_check_open_basedir(postval TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}
@@ -2028,8 +2028,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu

break;
}
/* the following options deal with files, therefor safe_mode & open_basedir checks
* are required.
/* the following options deal with files, therefore the open_basedir check
* is required.
*/
case CURLOPT_COOKIEJAR:
case CURLOPT_SSLCERT:
@@ -2041,7 +2041,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu

convert_to_string_ex(zvalue);

if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
RETVAL_FALSE;
return 1;
}
4 changes: 2 additions & 2 deletions ext/curl/streams.c
Original file line number Diff line number Diff line change
@@ -395,15 +395,15 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
}
}
if (mr > 1) {
if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
if (PG(open_basedir) && *PG(open_basedir)) {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
} else {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
}
curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS, mr);
}
} else {
if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
if (PG(open_basedir) && *PG(open_basedir)) {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
} else {
curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
--TEST--
CURLOPT_FOLLOWLOCATION case check safe_mode and open_basedir
CURLOPT_FOLLOWLOCATION case check open_basedir
--CREDITS--
WHITE new media architects - Dennis
--INI--
@@ -17,6 +17,6 @@ curl_close($ch);
var_dump($succes);
?>
--EXPECTF--
Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when %r(safe_mode is enabled or an )?%ropen_basedir is set in %s.php on line %d
Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s.php on line %d
bool(false)

2 changes: 1 addition & 1 deletion ext/curl/tests/curl_setopt_basic001.phpt
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ Paul Sohier
--INI--
safe_mode=On
--SKIPIF--
<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER')) print "skip"; ?>
<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER') || PHP_VERSION_ID < 503099) print "skip"; ?>
--FILE--
<?php

6 changes: 3 additions & 3 deletions ext/dba/dba.c
Original file line number Diff line number Diff line change
@@ -838,7 +838,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
/* when in read only mode try to use existing .lck file first */
/* do not log errors for .lck file while in read ony mode on .lck file */
lock_file_mode = "rb";
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path);
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|persistent_flag, &opened_path);
}
if (!info->lock.fp) {
/* when not in read mode or failed to open .lck file read only. now try again in create(write) mode and log errors */
@@ -853,7 +853,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
}
}
if (!info->lock.fp) {
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path);
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, &opened_path);
if (info->lock.fp) {
if (lock_dbf) {
/* replace the path info with the real path of the opened file */
@@ -891,7 +891,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
if (info->lock.fp && lock_dbf) {
info->fp = info->lock.fp; /* use the same stream for locking and database access */
} else {
info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, NULL);
info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, NULL);
}
if (!info->fp) {
dba_close(info TSRMLS_CC);
1 change: 0 additions & 1 deletion ext/dba/libflatfile/flatfile.c
Original file line number Diff line number Diff line change
@@ -27,7 +27,6 @@

#include "php.h"
#include "php_globals.h"
#include "safe_mode.h"

#include <stdlib.h>
#include <string.h>
1 change: 0 additions & 1 deletion ext/dba/libinifile/inifile.c
Original file line number Diff line number Diff line change
@@ -24,7 +24,6 @@

#include "php.h"
#include "php_globals.h"
#include "safe_mode.h"

#include <stdlib.h>
#include <string.h>
4 changes: 4 additions & 0 deletions ext/enchant/enchant.c
Original file line number Diff line number Diff line change
@@ -587,7 +587,11 @@ PHP_FUNCTION(enchant_broker_request_pwl_dict)
RETURN_FALSE;
}

#if PHP_API_VERSION < 20100412
if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) {
#else
if (php_check_open_basedir(pwl TSRMLS_CC)) {
#endif
RETURN_FALSE;
}

4 changes: 2 additions & 2 deletions ext/exif/exif.c
Original file line number Diff line number Diff line change
@@ -3861,7 +3861,7 @@ static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_t

ImageInfo->motorola_intel = -1; /* flag as unknown */

ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL);
ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH, NULL);
if (!ImageInfo->infile) {
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Unable to open file");
return FALSE;
@@ -4166,7 +4166,7 @@ PHP_FUNCTION(exif_imagetype)
return;
}

stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|REPORT_ERRORS, NULL);

if (stream == NULL) {
RETURN_FALSE;
9 changes: 8 additions & 1 deletion ext/fileinfo/fileinfo.c
Original file line number Diff line number Diff line change
@@ -297,7 +297,11 @@ PHP_FUNCTION(finfo_open)
}
file = resolved_path;

#if PHP_API_VERSION < 20100412
if ((PG(safe_mode) && (!php_checkuid(file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file TSRMLS_CC)) {
#else
if (php_check_open_basedir(file TSRMLS_CC)) {
#endif
RETURN_FALSE;
}
}
@@ -492,8 +496,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime

if (wrap) {
php_stream_context *context = php_stream_context_from_zval(zcontext, 0);

#if PHP_API_VERSION < 20100412
php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
#else
php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context);
#endif

if (!stream) {
RETVAL_FALSE;
Loading

0 comments on commit dd8e59d

Please sign in to comment.