diff options
| -rw-r--r-- | ext/oci8/oci8.c | 10 | ||||
| -rw-r--r-- | ext/oci8/tests/oci8safemode.phpt | 21 | 
2 files changed, 31 insertions, 0 deletions
| diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c index 5fb8f9ff7e..051e177c1d 100644 --- a/ext/oci8/oci8.c +++ b/ext/oci8/oci8.c @@ -1012,6 +1012,16 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char  				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled. Enable oci8.privileged_connect to be able to connect as SYSOPER or SYSDBA");  				return NULL;  			} +			/*  Disable privileged connections in Safe Mode (N.b. safe mode has been removed in PHP 6 anyway) */ +			if (PG(safe_mode)) { +				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled in Safe Mode"); +				return NULL; +			} +			/* Increase security by not caching privileged +			 * oci_pconnect() connections. The connection becomes +			 * equivalent to oci_connect() or oci_new_connect(). +			 */ +			persistent = 0;  			break;  		default:  			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid session mode specified (%ld)", session_mode); diff --git a/ext/oci8/tests/oci8safemode.phpt b/ext/oci8/tests/oci8safemode.phpt new file mode 100644 index 0000000000..4662b44487 --- /dev/null +++ b/ext/oci8/tests/oci8safemode.phpt @@ -0,0 +1,21 @@ +--TEST-- +Test functionality disabled in safe mode +--SKIPIF-- +<?php if (!extension_loaded('oci8')) die("skip no oci8 extension"); ?> +--INI-- +safe_mode=On +oci8.privileged_connect=On +--FILE-- +<?php + +$c = oci_connect("hr", "hrpwd", "//localhost/XE", null, OCI_SYSDBA); + +$r = oci_password_change($c, "hr", "hrpwd", "hrpwd"); + +echo "Done\n"; +?> +--EXPECTF-- +Warning: oci_connect(): Privileged connect is disabled in Safe Mode in %s on line %d + +Warning: oci_password_change(): is disabled in Safe Mode in %s on line %d +Done | 
