diff options
Diffstat (limited to 'ext')
93 files changed, 271 insertions, 688 deletions
diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c index e5feaff179..7f6f7dbfd7 100644 --- a/ext/bz2/bz2.c +++ b/ext/bz2/bz2.c @@ -219,7 +219,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper, path_copy = path; #endif - if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) { + if (php_check_open_basedir(path_copy TSRMLS_CC)) { return NULL; } @@ -233,7 +233,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper, if (bz_file == NULL) { /* that didn't work, so try and get something from the network/wrapper */ - stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path); + stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path); if (stream) { int fd; @@ -386,7 +386,7 @@ static PHP_FUNCTION(bzopen) stream = php_stream_bz2open(NULL, Z_STRVAL_PP(file), mode, - ENFORCE_SAFE_MODE | REPORT_ERRORS, + REPORT_ERRORS, NULL); } else if (Z_TYPE_PP(file) == IS_RESOURCE) { /* If it is a resource, than its a stream resource */ diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c index f14b167309..cca51ec6a3 100755 --- a/ext/com_dotnet/com_persist.c +++ b/ext/com_dotnet/com_persist.c @@ -386,8 +386,7 @@ CPH_METHOD(SaveToFile) RETURN_FALSE; } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); RETURN_FALSE; } @@ -449,8 +448,7 @@ CPH_METHOD(LoadFromFile) RETURN_FALSE; } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); RETURN_FALSE; } diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 10331a5661..cf8a3892b9 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -10,7 +10,7 @@ | http://www.php.net/license/3_01.txt | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | + | license@php.net so we can mail you 6 copy immediately. | +----------------------------------------------------------------------+ | Author: Sterling Hughes <sterling@php.net> | +----------------------------------------------------------------------+ @@ -169,8 +169,8 @@ static int php_curl_option_url(php_curl *ch, const char *url, const int len TSRM #if LIBCURL_VERSION_NUM < 0x071100 char *copystr = NULL; #endif - /* Disable file:// if open_basedir or safe_mode are used */ - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + /* Disable file:// if open_basedir are used */ + if (PG(open_basedir) && *PG(open_basedir)) { #if LIBCURL_VERSION_NUM >= 0x071304 error = curl_easy_setopt(ch->cp, CURLOPT_PROTOCOLS, CURLPROTO_ALL & ~CURLPROTO_FILE); #else @@ -1664,8 +1664,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu convert_to_long_ex(zvalue); #if LIBCURL_VERSION_NUM >= 0x71304 if ((option == CURLOPT_PROTOCOLS || option == CURLOPT_REDIR_PROTOCOLS) && - ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when in safe_mode or an open_basedir is set"); + (PG(open_basedir) && *PG(open_basedir)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when an open_basedir is set"); RETVAL_FALSE; return 1; } @@ -1674,9 +1674,9 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu break; case CURLOPT_FOLLOWLOCATION: convert_to_long_ex(zvalue); - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + if (PG(open_basedir) && *PG(open_basedir)) { if (Z_LVAL_PP(zvalue) != 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set"); RETVAL_FALSE; return 1; } @@ -1728,7 +1728,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu option == CURLOPT_SSH_PUBLIC_KEYFILE || option == CURLOPT_SSH_PRIVATE_KEYFILE ) { - if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) { RETVAL_FALSE; return 1; } @@ -1938,8 +1938,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu if ((filename = php_memnstr(postval, ";filename=", sizeof(";filename=") - 1, postval + Z_STRLEN_PP(current)))) { *filename = '\0'; } - /* safe_mode / open_basedir check */ - if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + /* open_basedir check */ + if (php_check_open_basedir(postval TSRMLS_CC)) { RETVAL_FALSE; return 1; } @@ -2028,8 +2028,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu break; } - /* the following options deal with files, therefor safe_mode & open_basedir checks - * are required. + /* the following options deal with files, therefore the open_basedir check + * is required. */ case CURLOPT_COOKIEJAR: case CURLOPT_SSLCERT: @@ -2041,7 +2041,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu convert_to_string_ex(zvalue); - if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) { RETVAL_FALSE; return 1; } diff --git a/ext/curl/streams.c b/ext/curl/streams.c index ce09b8ab6d..f48fb04329 100644 --- a/ext/curl/streams.c +++ b/ext/curl/streams.c @@ -395,7 +395,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename, } } if (mr > 1) { - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + if (PG(open_basedir) && *PG(open_basedir)) { curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0); } else { curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1); @@ -403,7 +403,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename, curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS, mr); } } else { - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + if (PG(open_basedir) && *PG(open_basedir)) { curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0); } else { curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1); diff --git a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt b/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt index c00e1d2080..7a778f3692 100644 --- a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt +++ b/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt @@ -1,5 +1,5 @@ --TEST-- -CURLOPT_FOLLOWLOCATION case check safe_mode and open_basedir +CURLOPT_FOLLOWLOCATION case check open_basedir --CREDITS-- WHITE new media architects - Dennis --INI-- @@ -17,6 +17,6 @@ curl_close($ch); var_dump($succes); ?> --EXPECTF-- -Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when %r(safe_mode is enabled or an )?%ropen_basedir is set in %s.php on line %d +Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s.php on line %d bool(false) diff --git a/ext/curl/tests/curl_setopt_basic001.phpt b/ext/curl/tests/curl_setopt_basic001.phpt index 178fbf7c13..b8a28dd762 100644 --- a/ext/curl/tests/curl_setopt_basic001.phpt +++ b/ext/curl/tests/curl_setopt_basic001.phpt @@ -6,7 +6,7 @@ Paul Sohier --INI-- safe_mode=On --SKIPIF-- -<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER')) print "skip"; ?> +<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER') || PHP_VERSION_ID < 503099) print "skip"; ?> --FILE-- <?php diff --git a/ext/dba/dba.c b/ext/dba/dba.c index 768f85f445..3e710fd3b8 100644 --- a/ext/dba/dba.c +++ b/ext/dba/dba.c @@ -838,7 +838,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent) /* when in read only mode try to use existing .lck file first */ /* do not log errors for .lck file while in read ony mode on .lck file */ lock_file_mode = "rb"; - info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path); + info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|persistent_flag, &opened_path); } if (!info->lock.fp) { /* when not in read mode or failed to open .lck file read only. now try again in create(write) mode and log errors */ @@ -853,7 +853,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent) } } if (!info->lock.fp) { - info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path); + info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, &opened_path); if (info->lock.fp) { if (lock_dbf) { /* replace the path info with the real path of the opened file */ @@ -891,7 +891,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent) if (info->lock.fp && lock_dbf) { info->fp = info->lock.fp; /* use the same stream for locking and database access */ } else { - info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, NULL); + info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, NULL); } if (!info->fp) { dba_close(info TSRMLS_CC); diff --git a/ext/dba/libflatfile/flatfile.c b/ext/dba/libflatfile/flatfile.c index 4aadcceaaf..50b84d2808 100644 --- a/ext/dba/libflatfile/flatfile.c +++ b/ext/dba/libflatfile/flatfile.c @@ -27,7 +27,6 @@ #include "php.h" #include "php_globals.h" -#include "safe_mode.h" #include <stdlib.h> #include <string.h> diff --git a/ext/dba/libinifile/inifile.c b/ext/dba/libinifile/inifile.c index b40dd8c0ed..4c85087aca 100644 --- a/ext/dba/libinifile/inifile.c +++ b/ext/dba/libinifile/inifile.c @@ -24,7 +24,6 @@ #include "php.h" #include "php_globals.h" -#include "safe_mode.h" #include <stdlib.h> #include <string.h> diff --git a/ext/enchant/enchant.c b/ext/enchant/enchant.c index c123e6756e..78ad035de1 100755 --- a/ext/enchant/enchant.c +++ b/ext/enchant/enchant.c @@ -587,7 +587,11 @@ PHP_FUNCTION(enchant_broker_request_pwl_dict) RETURN_FALSE; } +#if PHP_API_VERSION < 20100412 if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) { +#else + if (php_check_open_basedir(pwl TSRMLS_CC)) { +#endif RETURN_FALSE; } diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 1f9789c272..6a4fcc4a77 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3861,7 +3861,7 @@ static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_t ImageInfo->motorola_intel = -1; /* flag as unknown */ - ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL); + ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH, NULL); if (!ImageInfo->infile) { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Unable to open file"); return FALSE; @@ -4166,7 +4166,7 @@ PHP_FUNCTION(exif_imagetype) return; } - stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|REPORT_ERRORS, NULL); if (stream == NULL) { RETURN_FALSE; diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c index e0e9868897..75862e7e52 100644 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@ -297,7 +297,11 @@ PHP_FUNCTION(finfo_open) } file = resolved_path; +#if PHP_API_VERSION < 20100412 if ((PG(safe_mode) && (!php_checkuid(file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file TSRMLS_CC)) { +#else + if (php_check_open_basedir(file TSRMLS_CC)) { +#endif RETURN_FALSE; } } @@ -492,8 +496,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime if (wrap) { php_stream_context *context = php_stream_context_from_zval(zcontext, 0); - +#if PHP_API_VERSION < 20100412 php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); +#else + php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context); +#endif if (!stream) { RETVAL_FALSE; diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch index dc8e03fd17..276bb011c5 100644 --- a/ext/fileinfo/libmagic.patch +++ b/ext/fileinfo/libmagic.patch @@ -257,7 +257,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c + + TSRMLS_FETCH(); + -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); @@ -490,7 +490,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c goto error2; - if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1) -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); @@ -647,7 +647,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c - if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) { +/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */ -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL); @@ -799,7 +799,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c break; case CDF_FILETIME: tp = info[i].pi_tp; -+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 ++#if defined(PHP_WIN32) && _MSC_VER <= 1500 + if (tp < 1000000000000000i64) { +#else if (tp < 1000000000000000LL) { @@ -822,7 +822,7 @@ diff -u libmagic.orig/cdf.h libmagic/cdf.h typedef struct { uint64_t h_magic; -#define CDF_MAGIC 0xE11AB1A1E011CFD0LL -+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 ++#if defined(PHP_WIN32) && _MSC_VER <= 1500 +# define CDF_MAGIC 0xE11AB1A1E011CFD0i64 +#else +# define CDF_MAGIC 0xE11AB1A1E011CFD0LL @@ -2019,7 +2019,7 @@ diff -u libmagic.orig/magic.c libmagic/magic.c + + if (!stream && inname) { + no_in_stream = 1; -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL); @@ -2392,7 +2392,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { -+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 ++#if defined(PHP_WIN32) && _MSC_VER <= 1500 + if (tp < 1000000000000000i64) { +#else if (tp < 1000000000000000LL) { @@ -2773,7 +2773,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c + + convert_libmagic_pattern(pattern, options); + -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + if ((pce = pcre_get_compiled_regex_cache(Z_STRVAL_P(pattern), Z_STRLEN_P(pattern) TSRMLS_CC)) == NULL) { #else - pmatch[0].rm_so = 0; @@ -2800,7 +2800,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c + haystack = estrndup(ms->search.s, ms->search.s_len); + + /* match v = 0, no match v = 1 */ -+#if (PHP_MAJOR_VERSION < 6) ++#if PHP_API_VERSION < 20100412 + php_pcre_match_impl(pce, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC); +#else + php_pcre_match_impl(pce, IS_STRING, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC); diff --git a/ext/fileinfo/libmagic/apprentice.c b/ext/fileinfo/libmagic/apprentice.c index ffa2cb529c..53fa8d5a14 100644 --- a/ext/fileinfo/libmagic/apprentice.c +++ b/ext/fileinfo/libmagic/apprentice.c @@ -597,7 +597,7 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs, TSRMLS_FETCH(); -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); @@ -2041,7 +2041,7 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, if (dbname == NULL) goto error2; -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); @@ -2165,7 +2165,7 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp, } /* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */ -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL); diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c index a3b4a11fc0..a3f7022085 100644 --- a/ext/fileinfo/libmagic/cdf.c +++ b/ext/fileinfo/libmagic/cdf.c @@ -1131,7 +1131,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count) break; case CDF_FILETIME: tp = info[i].pi_tp; -#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 +#if defined(PHP_WIN32) && _MSC_VER <= 1500 if (tp < 1000000000000000i64) { #else if (tp < 1000000000000000LL) { diff --git a/ext/fileinfo/libmagic/cdf.h b/ext/fileinfo/libmagic/cdf.h index 1fa69cfebf..c056a82100 100644 --- a/ext/fileinfo/libmagic/cdf.h +++ b/ext/fileinfo/libmagic/cdf.h @@ -42,7 +42,7 @@ typedef int32_t cdf_secid_t; typedef struct { uint64_t h_magic; -#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 +#if defined(PHP_WIN32) && _MSC_VER <= 1500 # define CDF_MAGIC 0xE11AB1A1E011CFD0i64 #else # define CDF_MAGIC 0xE11AB1A1E011CFD0LL diff --git a/ext/fileinfo/libmagic/magic.c b/ext/fileinfo/libmagic/magic.c index 849896bc83..a8bf6d8880 100644 --- a/ext/fileinfo/libmagic/magic.c +++ b/ext/fileinfo/libmagic/magic.c @@ -290,7 +290,7 @@ file_or_stream(struct magic_set *ms, const char *inname, php_stream *stream) if (!stream && inname) { no_in_stream = 1; -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL); diff --git a/ext/fileinfo/libmagic/readcdf.c b/ext/fileinfo/libmagic/readcdf.c index 56d6504039..117dc786ff 100644 --- a/ext/fileinfo/libmagic/readcdf.c +++ b/ext/fileinfo/libmagic/readcdf.c @@ -110,7 +110,7 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { -#if defined(PHP_WIN32 ) && _MSC_VER <= 1500 +#if defined(PHP_WIN32) && _MSC_VER <= 1500 if (tp < 1000000000000000i64) { #else if (tp < 1000000000000000LL) { diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c index 0cd6d00127..55fcf49f4b 100644 --- a/ext/ftp/php_ftp.c +++ b/ext/ftp/php_ftp.c @@ -41,7 +41,7 @@ #include "php_ftp.h" #include "ftp.h" -static int le_ftpbuf; +static int le_ftpbuf; #define le_ftpbuf_name "FTP Buffer" /* {{{ arginfo */ @@ -874,9 +874,9 @@ PHP_FUNCTION(ftp_get) #endif if (ftp->autoseek && resumepos) { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL); if (outstream == NULL) { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL); } if (outstream != NULL) { /* if autoresume is wanted seek to end */ @@ -888,7 +888,7 @@ PHP_FUNCTION(ftp_get) } } } else { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL); } if (outstream == NULL) { @@ -935,9 +935,9 @@ PHP_FUNCTION(ftp_nb_get) mode = FTPTYPE_IMAGE; #endif if (ftp->autoseek && resumepos) { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL); if (outstream == NULL) { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL); } if (outstream != NULL) { /* if autoresume is wanted seek to end */ @@ -949,7 +949,7 @@ PHP_FUNCTION(ftp_nb_get) } } } else { - outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL); } if (outstream == NULL) { @@ -1131,7 +1131,7 @@ PHP_FUNCTION(ftp_put) ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf); XTYPE(xtype, mode); - if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) { + if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) { RETURN_FALSE; } @@ -1184,7 +1184,7 @@ PHP_FUNCTION(ftp_nb_put) ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf); XTYPE(xtype, mode); - if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) { + if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) { RETURN_FALSE; } diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 7b4d780c7b..a4d7cc6ac0 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -1470,7 +1470,7 @@ PHP_FUNCTION(imageloadfont) return; } - stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(file, "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); if (stream == NULL) { RETURN_FALSE; } @@ -2422,7 +2422,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type, } } - stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); + stream = php_stream_open_wrapper(file, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); if (stream == NULL) { RETURN_FALSE; } diff --git a/ext/gd/php_gd.h b/ext/gd/php_gd.h index 10a18fbf6e..7fbedbe4e0 100644 --- a/ext/gd/php_gd.h +++ b/ext/gd/php_gd.h @@ -33,12 +33,10 @@ #if HAVE_LIBGD /* open_basedir and safe_mode checks */ -#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \ - if (!filename || php_check_open_basedir(filename TSRMLS_CC) || \ - (PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR)) \ - ) { \ - php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \ - RETURN_FALSE; \ +#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \ + if (!filename || php_check_open_basedir(filename TSRMLS_CC)) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \ + RETURN_FALSE; \ } #define PHP_GDIMG_TYPE_GIF 1 diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 4c1222f001..85d67f9e25 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -141,7 +141,7 @@ static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_ RETURN_FALSE; } if (isfilename) { - stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT); + stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; @@ -219,7 +219,7 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename, RETURN_FALSE; } if (isfilename) { - stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT); + stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; @@ -453,7 +453,7 @@ PHP_FUNCTION(hash_update_file) ZEND_FETCH_RESOURCE(hash, php_hash_data*, &zhash, -1, PHP_HASH_RESNAME, php_hash_le_hash); context = php_stream_context_from_zval(zcontext, 0); - stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, context); + stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS, NULL, context); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; diff --git a/ext/hash/hash_md.c b/ext/hash/hash_md.c index b688b4e981..fd0e3efb0c 100644 --- a/ext/hash/hash_md.c +++ b/ext/hash/hash_md.c @@ -148,7 +148,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file) return; } - stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } diff --git a/ext/hash/hash_sha.c b/ext/hash/hash_sha.c index 6f873f2185..3524c98f4c 100644 --- a/ext/hash/hash_sha.c +++ b/ext/hash/hash_sha.c @@ -132,7 +132,7 @@ PHP_FUNCTION(sha1_file) return; } - stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 5432d84ff4..5781eb2e8a 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -1215,10 +1215,8 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent) efree(IMAPG(imap_password)); } - /* local filename, need to perform open_basedir and safe_mode checks */ - if (mailbox[0] != '{' && - (php_check_open_basedir(mailbox TSRMLS_CC) || - (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) { + /* local filename, need to perform open_basedir check */ + if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) { RETURN_FALSE; } @@ -1292,10 +1290,8 @@ PHP_FUNCTION(imap_reopen) mail_parameters(NIL, SET_MAXLOGINTRIALS, (void *) retries); } #endif - /* local filename, need to perform open_basedir and safe_mode checks */ - if (mailbox[0] != '{' && - (php_check_open_basedir(mailbox TSRMLS_CC) || - (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) { + /* local filename, need to perform open_basedir check */ + if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) { RETURN_FALSE; } @@ -2394,7 +2390,7 @@ PHP_FUNCTION(imap_savebody) default: convert_to_string_ex(out); - writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); + writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS, NULL); break; } diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c index d49f1429a3..83e879d044 100644 --- a/ext/libxml/libxml.c +++ b/ext/libxml/libxml.c @@ -300,7 +300,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char that the streams layer puts out at times, but for libxml we may try to open files that don't exist, but it is not a failure in xml processing (eg. DTD files) */ - wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC); + wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, 0 TSRMLS_CC); if (wrapper && read_only && wrapper->wops->url_stat) { if (wrapper->wops->url_stat(wrapper, path_to_open, PHP_STREAM_URL_STAT_QUIET, &ssbuf, NULL TSRMLS_CC) == -1) { if (isescaped) { @@ -314,7 +314,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char context = zend_fetch_resource(&LIBXML(stream_context) TSRMLS_CC, -1, "Stream-Context", NULL, 1, php_le_stream_context()); } - ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, context); + ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, REPORT_ERRORS, NULL, context); if (isescaped) { xmlFree(resolved_path); } diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index 1291ce2e2c..982c20179f 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -3862,11 +3862,6 @@ PHP_FUNCTION(mb_send_mail) extern void mbfl_memory_device_unput(mbfl_memory_device *device); char *pp, *ee; - if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE."); - RETURN_FALSE; - } - /* initialize */ mbfl_memory_device_init(&device, 0, 0); mbfl_string_init(&orig_str); diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c index 2c3085fd82..b948fd2158 100644 --- a/ext/mysql/php_mysql.c +++ b/ext/mysql/php_mysql.c @@ -664,7 +664,11 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent) } /* disable local infile option for open_basedir */ +#if PHP_API_VERSION < 20100412 if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) { +#else + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') && (client_flags & CLIENT_LOCAL_FILES)) { +#endif client_flags ^= CLIENT_LOCAL_FILES; } diff --git a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt index a257f5fb81..ff62f4227e 100644 --- a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt +++ b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt @@ -26,7 +26,6 @@ if ($socket == "" && $host != NULL && $host != 'localhost' && $host != '.') { } ?> --INI-- -safe_mode=0 open_basedir="." --FILE-- <?php diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 556b26690f..bd2cdcb0cf 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1674,7 +1674,11 @@ PHP_FUNCTION(mysqli_options) } MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); +#if PHP_API_VERSION < 20100412 if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { +#else + if (PG(open_basedir) && PG(open_basedir)[0] != '\0') { +#endif if(mysql_option == MYSQL_OPT_LOCAL_INFILE) { RETURN_FALSE; } diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c index 4ade74b7d5..2859c783ba 100644 --- a/ext/mysqlnd/mysqlnd_net.c +++ b/ext/mysqlnd/mysqlnd_net.c @@ -102,7 +102,11 @@ MYSQLND_METHOD(mysqlnd_net, network_write)(MYSQLND * const conn, const zend_ucha static enum_func_status MYSQLND_METHOD(mysqlnd_net, connect)(MYSQLND_NET * net, const char * const scheme, size_t scheme_len, zend_bool persistent, char **errstr, int * errcode TSRMLS_DC) { +#if PHP_API_VERSION < 20100412 unsigned int streams_options = ENFORCE_SAFE_MODE; +#else + unsigned int streams_options = 0; +#endif unsigned int streams_flags = STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT; char * hashed_details = NULL; int hashed_details_len = 0; diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c index 74a3e00f1f..09692638ab 100644 --- a/ext/oci8/oci8.c +++ b/ext/oci8/oci8.c @@ -1741,13 +1741,6 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled. Enable oci8.privileged_connect to be able to connect as SYSOPER or SYSDBA"); return NULL; } - /* Disable privileged connections in Safe Mode (N.b. safe mode has been removed in PHP - * 6 anyway) - */ - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled in Safe Mode"); - return NULL; - } } } diff --git a/ext/oci8/oci8_interface.c b/ext/oci8/oci8_interface.c index b12c8dc3bc..2f01f27e22 100644 --- a/ext/oci8/oci8_interface.c +++ b/ext/oci8/oci8_interface.c @@ -918,16 +918,12 @@ PHP_FUNCTION(oci_lob_export) /* nothing to write, fail silently */ RETURN_FALSE; } - - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } - stream = php_stream_open_wrapper_ex(filename, "w", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL); + stream = php_stream_open_wrapper_ex(filename, "w", REPORT_ERRORS, NULL, NULL); block_length = PHP_OCI_LOB_BUFFER_SIZE; if (block_length > length) { @@ -1871,12 +1867,6 @@ PHP_FUNCTION(oci_password_change) int user_len, pass_old_len, pass_new_len, dbname_len; php_oci_connection *connection; - /* Disable in Safe Mode */ - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "is disabled in Safe Mode"); - RETURN_FALSE; - } - if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &z_connection, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) { PHP_OCI_ZVAL_TO_CONNECTION(z_connection, connection); diff --git a/ext/oci8/oci8_lob.c b/ext/oci8/oci8_lob.c index 2b87dbb3d2..af13237fe9 100644 --- a/ext/oci8/oci8_lob.c +++ b/ext/oci8/oci8_lob.c @@ -724,7 +724,7 @@ int php_oci_lob_import (php_oci_descriptor *descriptor, char *filename TSRMLS_DC char buf[8192]; ub4 offset = 1; - if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { + if (php_check_open_basedir(filename TSRMLS_CC)) { return 1; } diff --git a/ext/oci8/tests/oci8safemode.phpt b/ext/oci8/tests/oci8safemode.phpt index 1c62f36d39..1faebceb7f 100644 --- a/ext/oci8/tests/oci8safemode.phpt +++ b/ext/oci8/tests/oci8safemode.phpt @@ -1,7 +1,7 @@ --TEST-- Test functionality disabled in safe mode --SKIPIF-- -<?php if (!extension_loaded('oci8')) die("skip no oci8 extension"); ?> +<?php if (!extension_loaded('oci8')){ die("skip no oci8 extension"); } if (PHP_VERSION_ID < 503099){ die("skip: safe_mode no longer available"); } ?> --INI-- safe_mode=On oci8.privileged_connect=On diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c index 7274d74f0c..ac8564a573 100644 --- a/ext/odbc/php_odbc.c +++ b/ext/odbc/php_odbc.c @@ -1296,13 +1296,6 @@ PHP_FUNCTION(odbc_execute) filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2); filename[strlen(filename)] = '\0'; - /* Check for safe mode. */ - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(filename); - efree(params); - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { efree(filename); diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 42f40c8497..9c01fc6411 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -489,12 +489,9 @@ static void php_csr_free(zend_rsrc_list_entry *rsrc TSRMLS_DC) } /* }}} */ -/* {{{ openssl safe_mode & open_basedir checks */ -inline static int php_openssl_safe_mode_chk(char *filename TSRMLS_DC) +/* {{{ openssl open_basedir check */ +inline static int php_openssl_open_base_dir_chk(char *filename TSRMLS_DC) { - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return -1; - } if (php_check_open_basedir(filename TSRMLS_CC)) { return -1; } @@ -774,7 +771,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option /* read in the oids */ str = CONF_get_string(req->req_config, NULL, "oid_file"); - if (str && !php_openssl_safe_mode_chk(str TSRMLS_CC)) { + if (str && !php_openssl_open_base_dir_chk(str TSRMLS_CC)) { BIO *oid_bio = BIO_new_file(str, "r"); if (oid_bio) { OBJ_create_objects(oid_bio); @@ -1163,7 +1160,7 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * r /* read cert from the named file */ BIO *in; - if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) { return NULL; } @@ -1219,7 +1216,7 @@ PHP_FUNCTION(openssl_x509_export_to_file) return; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { return; } @@ -1449,7 +1446,7 @@ static STACK_OF(X509) * load_all_certs_from_file(char *certfile) goto end; } - if (php_openssl_safe_mode_chk(certfile TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(certfile TSRMLS_CC)) { sk_X509_free(stack); goto end; } @@ -1776,7 +1773,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file) php_error_docref(NULL TSRMLS_CC, E_WARNING, "private key does not correspond to cert"); goto cleanup; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { goto cleanup; } @@ -2178,7 +2175,7 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1); } if (filename) { - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { return NULL; } in = BIO_new_file(filename, "r"); @@ -2214,7 +2211,7 @@ PHP_FUNCTION(openssl_csr_export_to_file) return; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { return; } @@ -2692,7 +2689,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * BIO *in; if (filename) { - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { TMP_CLEAN; } in = BIO_new_file(filename, "r"); @@ -2999,7 +2996,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file) RETURN_FALSE; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { RETURN_FALSE; } @@ -3287,7 +3284,7 @@ PHP_FUNCTION(openssl_pkcs7_verify) if (!store) { goto clean_exit; } - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) { goto clean_exit; } @@ -3305,7 +3302,7 @@ PHP_FUNCTION(openssl_pkcs7_verify) if (datafilename) { - if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(datafilename TSRMLS_CC)) { goto clean_exit; } @@ -3325,7 +3322,7 @@ PHP_FUNCTION(openssl_pkcs7_verify) if (signersfilename) { BIO *certout; - if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(signersfilename TSRMLS_CC)) { goto clean_exit; } @@ -3385,7 +3382,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt) return; - if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) { return; } @@ -3544,7 +3541,7 @@ PHP_FUNCTION(openssl_pkcs7_sign) goto clean_exit; } - if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) { goto clean_exit; } @@ -3639,7 +3636,7 @@ PHP_FUNCTION(openssl_pkcs7_decrypt) goto clean_exit; } - if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) { goto clean_exit; } diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index b5af49298c..c916dc099c 100755 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -187,7 +187,7 @@ static char *dsn_from_uri(char *uri, char *buf, size_t buflen TSRMLS_DC) /* {{{ php_stream *stream; char *dsn = NULL; - stream = php_stream_open_wrapper(uri, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(uri, "rb", REPORT_ERRORS, NULL); if (stream) { dsn = php_stream_get_line(stream, buf, buflen, NULL); php_stream_close(stream); diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index 1bb6d2a74f..be500da886 100755 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -649,7 +649,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ goto cleanup; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) #else if (PG(open_basedir) && PG(open_basedir)[0] != '\0') diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c index 7ad7722c9d..e0f53bebc0 100644 --- a/ext/pdo_sqlite/sqlite_driver.c +++ b/ext/pdo_sqlite/sqlite_driver.c @@ -643,11 +643,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) return NULL; } - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(fullpath); - return NULL; - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); return NULL; @@ -705,7 +700,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS if (!filename) { zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, - "safe_mode/open_basedir prohibits opening %s", + "open_basedir prohibits opening %s", dbh->data_source); goto cleanup; } @@ -718,7 +713,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS goto cleanup; } - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + if (PG(open_basedir) && *PG(open_basedir)) { sqlite3_set_authorizer(H->db, authorizer, NULL); } diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 70e9d0bda2..064173f9df 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -2879,7 +2879,7 @@ PHP_FUNCTION(pg_trace) ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); - stream = php_stream_open_wrapper(z_filename, mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(z_filename, mode, REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; @@ -3338,10 +3338,6 @@ PHP_FUNCTION(pg_lo_import) else { WRONG_PARAM_COUNT; } - - if (PG(safe_mode) &&(!php_checkuid(file_in, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } if (php_check_open_basedir(file_in TSRMLS_CC)) { RETURN_FALSE; @@ -3475,10 +3471,6 @@ PHP_FUNCTION(pg_lo_export) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Requires 2 or 3 arguments"); RETURN_FALSE; } - - if (PG(safe_mode) &&(!php_checkuid(file_out, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } if (php_check_open_basedir(file_out TSRMLS_CC)) { RETURN_FALSE; diff --git a/ext/phar/phar.c b/ext/phar/phar.c index ab6c4d07e7..822491874b 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -1327,7 +1327,7 @@ int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int a if (!pphar) { pphar = &mydata; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { return FAILURE; } @@ -1491,7 +1491,7 @@ int phar_open_from_filename(char *fname, int fname_len, char *alias, int alias_l } else if (error && *error) { return FAILURE; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { return FAILURE; } @@ -2357,7 +2357,7 @@ int phar_open_executed_filename(char *alias, int alias_len, char **error TSRMLS_ FREE_ZVAL(halt_constant); -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { return FAILURE; } diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index 41ae46c215..9b534dc25e 100755 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -1754,7 +1754,7 @@ phar_spl_fileinfo: return ZEND_HASH_APPLY_STOP; } } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "Iterator %v returned a path \"%s\" that safe mode prevents opening", ce->name, fname); @@ -3943,7 +3943,7 @@ PHP_METHOD(Phar, addFile) return; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, safe_mode restrictions prevent this", fname); return; @@ -4187,11 +4187,11 @@ PHP_METHOD(Phar, delMetadata) } } /* }}} */ -#if (PHP_MAJOR_VERSION < 6) -#define OPENBASEDIR_CHECKPATH(filename) \ +#if PHP_API_VERSION < 20100412 +#define PHAR_OPENBASEDIR_CHECKPATH(filename) \ (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC) #else -#define OPENBASEDIR_CHECKPATH(filename) \ +#define PHAR_OPENBASEDIR_CHECKPATH(filename) \ php_check_open_basedir(filename TSRMLS_CC) #endif @@ -4235,7 +4235,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char * return FAILURE; } - if (OPENBASEDIR_CHECKPATH(fullpath)) { + if (PHAR_OPENBASEDIR_CHECKPATH(fullpath)) { spprintf(error, 4096, "Cannot extract \"%s\" to \"%s\", openbasedir/safe mode restrictions in effect", entry->filename, fullpath); efree(fullpath); return FAILURE; @@ -4285,7 +4285,11 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char * return SUCCESS; } +#if PHP_API_VERSION < 20100412 fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL); +#endif if (!fp) { spprintf(error, 4096, "Cannot extract \"%s\", could not open for writing \"%s\"", entry->filename, fullpath); diff --git a/ext/phar/util.c b/ext/phar/util.c index 0aa2bd7bb9..985d9ac541 100644 --- a/ext/phar/util.c +++ b/ext/phar/util.c @@ -201,7 +201,7 @@ int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len, entry.tmp = estrndup(filename, filename_len); } } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && !is_phar && (!php_checkuid(entry.tmp, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { efree(entry.tmp); efree(entry.filename); @@ -850,7 +850,7 @@ int phar_open_archive_fp(phar_archive_data *phar TSRMLS_DC) /* {{{ */ if (phar_get_pharfp(phar TSRMLS_CC)) { return SUCCESS; } -#if PHP_MAJOR_VERSION < 6 +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(phar->fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { return FAILURE; } diff --git a/ext/posix/posix.c b/ext/posix/posix.c index f030356fb8..7212de3c90 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -840,8 +840,7 @@ PHP_FUNCTION(posix_mkfifo) RETURN_FALSE; } - if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || - (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) { + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) { RETURN_FALSE; } @@ -875,8 +874,7 @@ PHP_FUNCTION(posix_mknod) RETURN_FALSE; } - if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || - (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) { + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) { RETURN_FALSE; } @@ -961,8 +959,7 @@ PHP_FUNCTION(posix_access) RETURN_FALSE; } - if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || - (PG(safe_mode) && (!php_checkuid_ex(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS)))) { + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) { efree(path); POSIX_G(last_error) = EPERM; RETURN_FALSE; diff --git a/ext/posix/tests/posix_access.phpt b/ext/posix/tests/posix_access.phpt index 1bd601ad4b..08d9bf2ed9 100644 --- a/ext/posix/tests/posix_access.phpt +++ b/ext/posix/tests/posix_access.phpt @@ -13,6 +13,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} ?> --INI-- safe_mode = 1 diff --git a/ext/posix/tests/posix_access_error_modes.phpt b/ext/posix/tests/posix_access_error_modes.phpt index 0d79996bd1..e79d24329b 100644 --- a/ext/posix/tests/posix_access_error_modes.phpt +++ b/ext/posix/tests/posix_access_error_modes.phpt @@ -13,6 +13,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} ?> --INI-- safe_mode = 1 diff --git a/ext/posix/tests/posix_access_error_wrongparams.phpt b/ext/posix/tests/posix_access_error_wrongparams.phpt index 7f938a8492..882c43b636 100644 --- a/ext/posix/tests/posix_access_error_wrongparams.phpt +++ b/ext/posix/tests/posix_access_error_wrongparams.phpt @@ -13,6 +13,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} ?> --INI-- safe_mode = 1 diff --git a/ext/posix/tests/posix_access_safemode.phpt b/ext/posix/tests/posix_access_safemode.phpt index 1e156f9515..e346149fb5 100644 --- a/ext/posix/tests/posix_access_safemode.phpt +++ b/ext/posix/tests/posix_access_safemode.phpt @@ -11,6 +11,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} --INI-- safe_mode = 1 --FILE-- diff --git a/ext/posix/tests/posix_mkfifo_safemode.phpt b/ext/posix/tests/posix_mkfifo_safemode.phpt index 9dbddc2611..47caf5d3ee 100644 --- a/ext/posix/tests/posix_mkfifo_safemode.phpt +++ b/ext/posix/tests/posix_mkfifo_safemode.phpt @@ -17,6 +17,9 @@ if (!extension_loaded('posix')) { if (posix_geteuid() == 0) { die('SKIP Cannot run test as root.'); } +if (PHP_VERSION_ID < 503099) { + die('SKIP Safe mode is no longer available.'); +} ?> --INI-- safe_mode = 1 diff --git a/ext/pspell/pspell.c b/ext/pspell/pspell.c index 0d508180d8..bc4af64094 100644 --- a/ext/pspell/pspell.c +++ b/ext/pspell/pspell.c @@ -402,11 +402,6 @@ static PHP_FUNCTION(pspell_new_personal) } #endif - if (PG(safe_mode) && (!php_checkuid(personal, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - delete_pspell_config(config); - RETURN_FALSE; - } - if (php_check_open_basedir(personal TSRMLS_CC)) { delete_pspell_config(config); RETURN_FALSE; @@ -836,10 +831,6 @@ static void pspell_config_path(INTERNAL_FUNCTION_PARAMETERS, char *option) PSPELL_FETCH_CONFIG; - if (PG(safe_mode) && (!php_checkuid(value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(value TSRMLS_CC)) { RETURN_FALSE; } @@ -891,10 +882,6 @@ static PHP_FUNCTION(pspell_config_repl) pspell_config_replace(config, "save-repl", "true"); - if (PG(safe_mode) && (!php_checkuid(repl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(repl TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index acb1ea0dec..71584ce71d 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -171,20 +171,14 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) if (data->fd != -1) { #ifndef PHP_WIN32 /* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */ - if (PG(safe_mode) || PG(open_basedir)) { + if (PG(open_basedir)) { struct stat sbuf; if (fstat(data->fd, &sbuf)) { close(data->fd); return; } - if ( - S_ISLNK(sbuf.st_mode) && - ( - php_check_open_basedir(buf TSRMLS_CC) || - (PG(safe_mode) && !php_checkuid(buf, NULL, CHECKUID_CHECK_FILE_AND_DIR)) - ) - ) { + if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { close(data->fd); return; } @@ -274,9 +268,6 @@ PS_OPEN_FUNC(files) /* if save path is an empty string, determine the temporary dir */ save_path = php_get_temporary_directory(); - if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } if (php_check_open_basedir(save_path TSRMLS_CC)) { return FAILURE; } diff --git a/ext/session/session.c b/ext/session/session.c index 03055cfca9..c7a23a5747 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -567,10 +567,6 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */ p = new_value; } - if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } - if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { return FAILURE; } diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 6257e79151..c3ad0e00dd 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -118,7 +118,7 @@ static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, ph namelen = spprintf(&name, 0, "%s://%s:%d", (use_ssl && !*use_proxy)? "ssl" : "tcp", host, port); stream = php_stream_xport_create(name, namelen, - ENFORCE_SAFE_MODE | REPORT_ERRORS, + REPORT_ERRORS, STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, NULL /*persistent_id*/, timeout, diff --git a/ext/soap/php_xml.c b/ext/soap/php_xml.c index af4f395327..fa5a26b361 100644 --- a/ext/soap/php_xml.c +++ b/ext/soap/php_xml.c @@ -179,7 +179,7 @@ int php_stream_xmlIO_match_wrapper(const char *filename) void *php_stream_xmlIO_open_wrapper(const char *filename) { TSRMLS_FETCH(); - return php_stream_open_wrapper((char*)filename, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + return php_stream_open_wrapper((char*)filename, "rb", REPORT_ERRORS, NULL); } int php_stream_xmlIO_read(void *context, char *buffer, int len) diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c index d83d5ebe00..663baec014 100755 --- a/ext/spl/php_spl.c +++ b/ext/spl/php_spl.c @@ -231,7 +231,7 @@ static int spl_autoload(const char *class_name, const char * lc_name, int class_ class_file_len = spprintf(&class_file, 0, "%s%s", lc_name, file_extension); - ret = php_stream_open_for_zend_ex(class_file, &file_handle, ENFORCE_SAFE_MODE|USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); + ret = php_stream_open_for_zend_ex(class_file, &file_handle, USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); if (ret == SUCCESS) { if (!file_handle.opened_path) { diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c index 3b47374206..9b114fc0ad 100755 --- a/ext/spl/spl_directory.c +++ b/ext/spl/spl_directory.c @@ -221,7 +221,7 @@ static void spl_filesystem_dir_open(spl_filesystem_object* intern, char *path TS intern->type = SPL_FS_DIR; intern->_path_len = strlen(path); - intern->u.dir.dirp = php_stream_opendir(path, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); + intern->u.dir.dirp = php_stream_opendir(path, REPORT_ERRORS, NULL); if (intern->_path_len > 1 && IS_SLASH_AT(path, intern->_path_len-1)) { intern->_path = estrndup(path, --intern->_path_len); @@ -245,7 +245,7 @@ static int spl_filesystem_file_open(spl_filesystem_object *intern, int use_inclu { intern->type = SPL_FS_FILE; intern->u.file.context = php_stream_context_from_zval(intern->u.file.zcontext, 0); - intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, intern->u.file.context); + intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, intern->u.file.context); if (!intern->file_name_len || !intern->u.file.stream) { if (!EG(exception)) { diff --git a/ext/sqlite/pdo_sqlite2.c b/ext/sqlite/pdo_sqlite2.c index 89f0520cd9..3eeb1f2bd9 100644 --- a/ext/sqlite/pdo_sqlite2.c +++ b/ext/sqlite/pdo_sqlite2.c @@ -522,11 +522,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) return NULL; } - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(fullpath); - return NULL; - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); return NULL; @@ -585,7 +580,7 @@ static int pdo_sqlite2_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRML if (!filename) { zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, - "safe_mode/open_basedir prohibits opening %s", + "open_basedir prohibits opening %s", dbh->data_source); goto cleanup; } diff --git a/ext/sqlite/sess_sqlite.c b/ext/sqlite/sess_sqlite.c index 37f01576b5..30ebc0e38d 100644 --- a/ext/sqlite/sess_sqlite.c +++ b/ext/sqlite/sess_sqlite.c @@ -42,7 +42,6 @@ PS_OPEN_FUNC(sqlite) char *errmsg = NULL; sqlite *db; - /* TODO: do we need a safe_mode check here? */ db = sqlite_open(save_path, 0666, &errmsg); if (db == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index 4017dc7fbc..4c1b3f11b1 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -1066,9 +1066,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg case SQLITE_COPY: if (strncmp(arg4, ":memory:", sizeof(":memory:") - 1)) { TSRMLS_FETCH(); - if (PG(safe_mode) && (!php_checkuid(arg4, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return SQLITE_DENY; - } if (php_check_open_basedir(arg4 TSRMLS_CC)) { return SQLITE_DENY; @@ -1079,9 +1076,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg case SQLITE_ATTACH: if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) { TSRMLS_FETCH(); - if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return SQLITE_DENY; - } if (php_check_open_basedir(arg3 TSRMLS_CC)) { return SQLITE_DENY; @@ -1510,7 +1504,7 @@ static struct php_sqlite_db *php_sqlite_open(char *filename, int mode, char *per /* authorizer hook so we can enforce safe mode * Note: the declaration of php_sqlite_authorizer is correct for 2.8.2 of libsqlite, * and IS backwards binary compatible with earlier versions */ - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + if (PG(open_basedir) && *PG(open_basedir)) { sqlite_set_authorizer(sdb, php_sqlite_authorizer, NULL); } @@ -1566,8 +1560,7 @@ PHP_FUNCTION(sqlite_popen) RETURN_FALSE; } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); RETURN_FALSE; } @@ -1648,8 +1641,7 @@ PHP_FUNCTION(sqlite_open) } } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); zend_restore_error_handling(&error_handling TSRMLS_CC); if (object) { @@ -1697,8 +1689,7 @@ PHP_FUNCTION(sqlite_factory) RETURN_NULL(); } - if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || - php_check_open_basedir(fullpath TSRMLS_CC)) { + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); zend_restore_error_handling(&error_handling TSRMLS_CC); RETURN_NULL(); diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 7f7bbe9a95..00364b0dd4 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -120,11 +120,13 @@ PHP_METHOD(sqlite3, open) return; } +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "safe_mode prohibits opening %s", fullpath); efree(fullpath); return; } +#endif if (php_check_open_basedir(fullpath TSRMLS_CC)) { zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "open_basedir prohibits opening %s", fullpath); @@ -158,7 +160,11 @@ PHP_METHOD(sqlite3, open) } #endif +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { +#else + if (PG(open_basedir) && *PG(open_basedir)) { +#endif sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL); } @@ -1779,14 +1785,18 @@ static zend_function_entry php_sqlite3_result_class_methods[] = { */ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *arg3, const char *arg4, const char *arg5, const char *arg6) { - TSRMLS_FETCH(); switch (access_type) { case SQLITE_ATTACH: { if (strncmp(arg3, ":memory:", sizeof(":memory:")-1)) { + TSRMLS_FETCH(); + +#if PHP_API_VERSION < 20100412 if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return SQLITE_DENY; } +#endif + if (php_check_open_basedir(arg3 TSRMLS_CC)) { return SQLITE_DENY; } diff --git a/ext/sqlite3/tests/sqlite3_21_security.phpt b/ext/sqlite3/tests/sqlite3_21_security.phpt index 5061a595c3..7e83bb23e1 100644 --- a/ext/sqlite3/tests/sqlite3_21_security.phpt +++ b/ext/sqlite3/tests/sqlite3_21_security.phpt @@ -1,5 +1,5 @@ --TEST-- -SQLite3 open_basedir / safe_mode checks +SQLite3 open_basedir checks --SKIPIF-- <?php require_once(dirname(__FILE__) . '/skipif.inc'); ?> --INI-- diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 4555814e17..26c6d5aed0 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -34,7 +34,6 @@ #include "zend_operators.h" #include "ext/standard/php_dns.h" #include "ext/standard/php_uuencode.h" -#include "safe_mode.h" #ifdef PHP_WIN32 #include "win32/php_win32_globals.h" @@ -3351,41 +3350,6 @@ const zend_function_entry basic_functions[] = { /* {{{ */ }; /* }}} */ -static PHP_INI_MH(OnUpdateSafeModeProtectedEnvVars) /* {{{ */ -{ - char *protected_vars, *protected_var; - char *token_buf; - int dummy = 1; - - protected_vars = estrndup(new_value, new_value_length); - zend_hash_clean(&BG(sm_protected_env_vars)); - - protected_var = php_strtok_r(protected_vars, ", ", &token_buf); - while (protected_var) { - zend_hash_update(&BG(sm_protected_env_vars), protected_var, strlen(protected_var), &dummy, sizeof(int), NULL); - protected_var = php_strtok_r(NULL, ", ", &token_buf); - } - efree(protected_vars); - return SUCCESS; -} -/* }}} */ - -static PHP_INI_MH(OnUpdateSafeModeAllowedEnvVars) /* {{{ */ -{ - if (BG(sm_allowed_env_vars)) { - free(BG(sm_allowed_env_vars)); - } - BG(sm_allowed_env_vars) = zend_strndup(new_value, new_value_length); - return SUCCESS; -} -/* }}} */ - -PHP_INI_BEGIN() /* {{{ */ - PHP_INI_ENTRY_EX("safe_mode_protected_env_vars", SAFE_MODE_PROTECTED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeProtectedEnvVars, NULL) - PHP_INI_ENTRY_EX("safe_mode_allowed_env_vars", SAFE_MODE_ALLOWED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeAllowedEnvVars, NULL) -PHP_INI_END() -/* }}} */ - static const zend_module_dep standard_deps[] = { /* {{{ */ ZEND_MOD_OPTIONAL("session") {NULL, NULL, NULL} @@ -3462,8 +3426,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /* BG(left) = -1; BG(user_tick_functions) = NULL; BG(user_filter_map) = NULL; - zend_hash_init(&BG(sm_protected_env_vars), 5, NULL, NULL, 1); - BG(sm_allowed_env_vars) = NULL; memset(&BG(url_adapt_state_ex), 0, sizeof(BG(url_adapt_state_ex))); @@ -3479,10 +3441,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /* static void basic_globals_dtor(php_basic_globals *basic_globals_p TSRMLS_DC) /* {{{ */ { - zend_hash_destroy(&BG(sm_protected_env_vars)); - if (BG(sm_allowed_env_vars)) { - free(BG(sm_allowed_env_vars)); - } if (BG(url_adapt_state_ex).tags) { zend_hash_destroy(BG(url_adapt_state_ex).tags); free(BG(url_adapt_state_ex).tags); @@ -3594,8 +3552,6 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */ test_class_startup(); #endif - REGISTER_INI_ENTRIES(); - register_phpinfo_constants(INIT_FUNC_ARGS_PASSTHRU); register_html_constants(INIT_FUNC_ARGS_PASSTHRU); register_string_constants(INIT_FUNC_ARGS_PASSTHRU); @@ -3676,8 +3632,6 @@ PHP_MSHUTDOWN_FUNCTION(basic) /* {{{ */ php_unregister_url_stream_wrapper("ftp" TSRMLS_CC); #endif - UNREGISTER_INI_ENTRIES(); - PHP_MSHUTDOWN(browscap)(SHUTDOWN_FUNC_ARGS_PASSTHRU); PHP_MSHUTDOWN(array)(SHUTDOWN_FUNC_ARGS_PASSTHRU); PHP_MSHUTDOWN(assert)(SHUTDOWN_FUNC_ARGS_PASSTHRU); @@ -4061,39 +4015,6 @@ PHP_FUNCTION(putenv) } #endif - if (PG(safe_mode)) { - /* Check the protected list */ - if (zend_hash_exists(&BG(sm_protected_env_vars), pe.key, pe.key_len)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", pe.key); - efree(pe.putenv_string); - efree(pe.key); - RETURN_FALSE; - } - - /* Check the allowed list */ - if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) { - char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars)); - char *strtok_buf = NULL; - char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf); - zend_bool allowed = 0; - - while (allowed_prefix) { - if (!strncmp(allowed_prefix, pe.key, strlen(allowed_prefix))) { - allowed = 1; - break; - } - allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf); - } - efree(allowed_env_vars); - if (!allowed) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", pe.key); - efree(pe.putenv_string); - efree(pe.key); - RETURN_FALSE; - } - } - } - zend_hash_del(&BG(putenv_ht), pe.key, pe.key_len+1); /* find previous value */ @@ -4694,7 +4615,7 @@ PHPAPI int _php_error_log_ex(int opt_err, char *message, int message_len, char * break; case 3: /*save to a file */ - stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | REPORT_ERRORS, NULL); if (!stream) { return FAILURE; } @@ -5141,10 +5062,6 @@ PHP_FUNCTION(highlight_file) RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_ONLY_FILE))) { - RETURN_FALSE; - } - if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } @@ -5391,18 +5308,14 @@ PHP_FUNCTION(ini_set) } #define _CHECK_PATH(var, var_len, ini) php_ini_check_path(var, var_len, ini, sizeof(ini)) - /* safe_mode & basedir check */ - if (PG(safe_mode) || PG(open_basedir)) { + /* open basedir check */ + if (PG(open_basedir)) { if (_CHECK_PATH(varname, varname_len, "error_log") || _CHECK_PATH(varname, varname_len, "java.class.path") || _CHECK_PATH(varname, varname_len, "java.home") || _CHECK_PATH(varname, varname_len, "mail.log") || _CHECK_PATH(varname, varname_len, "java.library.path") || _CHECK_PATH(varname, varname_len, "vpopmail.directory")) { - if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - zval_dtor(return_value); - RETURN_FALSE; - } if (php_check_open_basedir(new_value TSRMLS_CC)) { zval_dtor(return_value); RETURN_FALSE; @@ -5410,17 +5323,6 @@ PHP_FUNCTION(ini_set) } } - /* checks that ensure the user does not overwrite certain ini settings when safe_mode is enabled */ - if (PG(safe_mode)) { - if (!strncmp("max_execution_time", varname, sizeof("max_execution_time")) || - !strncmp("memory_limit", varname, sizeof("memory_limit")) || - !strncmp("child_terminate", varname, sizeof("child_terminate")) - ) { - zval_dtor(return_value); - RETURN_FALSE; - } - } - if (zend_alter_ini_entry_ex(varname, varname_len + 1, new_value, new_value_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME, 0 TSRMLS_CC) == FAILURE) { zval_dtor(return_value); RETURN_FALSE; @@ -5797,10 +5699,6 @@ PHP_FUNCTION(move_uploaded_file) RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(new_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(new_path TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/basic_functions.h b/ext/standard/basic_functions.h index e2190066f0..b7b5264de8 100644 --- a/ext/standard/basic_functions.h +++ b/ext/standard/basic_functions.h @@ -175,9 +175,6 @@ typedef struct _php_basic_globals { zend_llist *user_tick_functions; zval *active_ini_file_section; - - HashTable sm_protected_env_vars; - char *sm_allowed_env_vars; /* pageinfo.c */ long page_uid; @@ -240,11 +237,6 @@ typedef struct { } putenv_entry; #endif -/* Values are comma-delimited - */ -#define SAFE_MODE_PROTECTED_ENV_VARS "LD_LIBRARY_PATH" -#define SAFE_MODE_ALLOWED_ENV_VARS "PHP_" - PHPAPI double php_get_nan(void); PHPAPI double php_get_inf(void); diff --git a/ext/standard/dir.c b/ext/standard/dir.c index 25f6139487..e2bf1ef72d 100644 --- a/ext/standard/dir.c +++ b/ext/standard/dir.c @@ -215,7 +215,7 @@ static void _php_do_opendir(INTERNAL_FUNCTION_PARAMETERS, int createobject) context = php_stream_context_from_zval(zcontext, 0); - dirp = php_stream_opendir(dirname, ENFORCE_SAFE_MODE|REPORT_ERRORS, context); + dirp = php_stream_opendir(dirname, REPORT_ERRORS, context); if (dirp == NULL) { RETURN_FALSE; @@ -319,7 +319,7 @@ PHP_FUNCTION(chdir) RETURN_FALSE; } - if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) { + if (php_check_open_basedir(str TSRMLS_CC)) { RETURN_FALSE; } ret = VCWD_CHDIR(str); @@ -481,7 +481,7 @@ PHP_FUNCTION(glob) /* now catch the FreeBSD style of "no matches" */ if (!globbuf.gl_pathc || !globbuf.gl_pathv) { no_results: - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + if (PG(open_basedir) && *PG(open_basedir)) { struct stat s; if (0 != VCWD_STAT(pattern, &s) || S_IFDIR != (s.st_mode & S_IFMT)) { @@ -494,11 +494,8 @@ no_results: array_init(return_value); for (n = 0; n < globbuf.gl_pathc; n++) { - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { - if (PG(safe_mode) && (!php_checkuid_ex(globbuf.gl_pathv[n], NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS))) { - basedir_limit = 1; - continue; - } else if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) { + if (PG(open_basedir) && *PG(open_basedir)) { + if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) { basedir_limit = 1; continue; } diff --git a/ext/standard/dl.c b/ext/standard/dl.c index 8bb97d7f91..22e5faedff 100644 --- a/ext/standard/dl.c +++ b/ext/standard/dl.c @@ -63,9 +63,6 @@ PHPAPI PHP_FUNCTION(dl) if (!PG(enable_dl)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't enabled"); RETURN_FALSE; - } else if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't allowed when running in Safe Mode"); - RETURN_FALSE; } if (filename_len >= MAXPATHLEN) { diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 5850026e17..5bca15d229 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -22,7 +22,6 @@ #include "php.h" #include <ctype.h> #include "php_string.h" -#include "safe_mode.h" #include "ext/standard/head.h" #include "ext/standard/file.h" #include "basic_functions.h" @@ -63,51 +62,21 @@ PHPAPI int php_exec(int type, char *cmd, zval *array, zval *return_value TSRMLS_ FILE *fp; char *buf, *tmp=NULL; int l = 0, pclose_return; - char *cmd_p, *b, *c, *d=NULL; + char *b, *c, *d=NULL; php_stream *stream; size_t buflen, bufl = 0; #if PHP_SIGCHILD void (*sig_handler)() = NULL; #endif - if (PG(safe_mode)) { - if ((c = strchr(cmd, ' '))) { - *c = '\0'; - c++; - } - if (strstr(cmd, "..")) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path"); - goto err; - } - - b = strrchr(cmd, PHP_DIR_SEPARATOR); - -#ifdef PHP_WIN32 - if (b && *b == '\\' && b == cmd) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path."); - goto err; - } -#endif - - spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : "")); - if (c) { - *(c - 1) = ' '; - } - cmd_p = php_escape_shell_cmd(d); - efree(d); - d = cmd_p; - } else { - cmd_p = cmd; - } - #if PHP_SIGCHILD sig_handler = signal (SIGCHLD, SIG_DFL); #endif #ifdef PHP_WIN32 - fp = VCWD_POPEN(cmd_p, "rb"); + fp = VCWD_POPEN(cmd, "rb"); #else - fp = VCWD_POPEN(cmd_p, "r"); + fp = VCWD_POPEN(cmd, "r"); #endif if (!fp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd); @@ -484,11 +453,6 @@ PHP_FUNCTION(shell_exec) return; } - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute using backquotes in Safe Mode"); - RETURN_FALSE; - } - #ifdef PHP_WIN32 if ((in=VCWD_POPEN(command, "rt"))==NULL) { #else diff --git a/ext/standard/file.c b/ext/standard/file.c index 704ef1231f..f21f1bb5e0 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -70,7 +70,6 @@ #endif #include "ext/standard/head.h" -#include "safe_mode.h" #include "php_string.h" #include "file.h" @@ -386,7 +385,7 @@ PHP_FUNCTION(get_meta_tags) } md.stream = php_stream_open_wrapper(filename, "rb", - (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, + (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL); if (!md.stream) { RETURN_FALSE; @@ -546,7 +545,7 @@ PHP_FUNCTION(file_get_contents) context = php_stream_context_from_zval(zcontext, 0); stream = php_stream_open_wrapper_ex(filename, "rb", - (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, + (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (!stream) { RETURN_FALSE; @@ -615,7 +614,7 @@ PHP_FUNCTION(file_put_contents) } mode[2] = '\0'; - stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (stream == NULL) { RETURN_FALSE; } @@ -750,7 +749,7 @@ PHP_FUNCTION(file) context = php_stream_context_from_zval(zcontext, flags & PHP_FILE_NO_DEFAULT_CONTEXT); - stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (!stream) { RETURN_FALSE; } @@ -836,10 +835,6 @@ PHP_FUNCTION(tempnam) return; } - if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(dir TSRMLS_CC)) { RETURN_FALSE; } @@ -896,7 +891,7 @@ PHP_NAMED_FUNCTION(php_if_fopen) context = php_stream_context_from_zval(zcontext, 0); - stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (stream == NULL) { RETURN_FALSE; @@ -942,7 +937,7 @@ PHP_FUNCTION(popen) int command_len, mode_len; FILE *fp; php_stream *stream; - char *posix_mode, *b, *buf = 0, *tmp; + char *posix_mode, *buf = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &command, &command_len, &mode, &mode_len) == FAILURE) { return; @@ -957,49 +952,14 @@ PHP_FUNCTION(popen) } } #endif - if (PG(safe_mode)){ - b = strchr(command, ' '); - if (!b) { - b = strrchr(command, '/'); - } else { - char *c; - - c = command; - while((*b != '/') && (b != c)) { - b--; - } - if (b == c) { - b = NULL; - } - } - - if (b) { - spprintf(&buf, 0, "%s%s", PG(safe_mode_exec_dir), b); - } else { - spprintf(&buf, 0, "%s/%s", PG(safe_mode_exec_dir), command); - } - - tmp = php_escape_shell_cmd(buf); - fp = VCWD_POPEN(tmp, posix_mode); - efree(tmp); - - if (!fp) { - php_error_docref2(NULL TSRMLS_CC, buf, posix_mode, E_WARNING, "%s", strerror(errno)); - efree(posix_mode); - efree(buf); - RETURN_FALSE; - } - efree(buf); - - } else { - fp = VCWD_POPEN(command, posix_mode); - if (!fp) { - php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno)); - efree(posix_mode); - RETURN_FALSE; - } + fp = VCWD_POPEN(command, posix_mode); + if (!fp) { + php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno)); + efree(posix_mode); + RETURN_FALSE; } + stream = php_stream_fopen_from_pipe(fp, mode); if (stream == NULL) { @@ -1361,10 +1321,6 @@ PHPAPI int php_mkdir_ex(char *dir, long mode, int options TSRMLS_DC) { int ret; - if (PG(safe_mode) && (!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return -1; - } - if (php_check_open_basedir(dir TSRMLS_CC)) { return -1; } @@ -1440,7 +1396,7 @@ PHP_FUNCTION(readfile) context = php_stream_context_from_zval(zcontext, 0); - stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context); if (stream) { size = php_stream_passthru(stream); php_stream_close(stream); @@ -1561,7 +1517,7 @@ PHP_FUNCTION(unlink) php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s does not allow unlinking", wrapper->wops->label ? wrapper->wops->label : "Wrapper"); RETURN_FALSE; } - RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, ENFORCE_SAFE_MODE | REPORT_ERRORS, context TSRMLS_CC)); + RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, REPORT_ERRORS, context TSRMLS_CC)); } /* }}} */ @@ -1684,10 +1640,6 @@ PHP_FUNCTION(copy) return; } - if (PG(safe_mode) &&(!php_checkuid(source, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(source TSRMLS_CC)) { RETURN_FALSE; } @@ -1704,13 +1656,13 @@ PHP_FUNCTION(copy) PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC) /* {{{ */ { - return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC); + return php_copy_file_ex(src, dest, 0 TSRMLS_CC); } /* }}} */ /* {{{ php_copy_file */ -PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC) +PHPAPI int php_copy_file_ex(char *src, char *dest, int src_flg TSRMLS_DC) { php_stream *srcstream = NULL, *deststream = NULL; int ret = FAILURE; @@ -1781,13 +1733,13 @@ no_stat: } safe_to_copy: - srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL); + srcstream = php_stream_open_wrapper(src, "rb", src_flg | REPORT_ERRORS, NULL); if (!srcstream) { return ret; } - deststream = php_stream_open_wrapper(dest, "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + deststream = php_stream_open_wrapper(dest, "wb", REPORT_ERRORS, NULL); if (srcstream && deststream) { ret = php_stream_copy_to_stream_ex(srcstream, deststream, PHP_STREAM_COPY_ALL, NULL); @@ -2376,10 +2328,6 @@ PHP_FUNCTION(realpath) } if (VCWD_REALPATH(filename, resolved_path_buff)) { - if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(resolved_path_buff TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c index b38e6e78b9..ddb23bd9e9 100644 --- a/ext/standard/filestat.c +++ b/ext/standard/filestat.c @@ -19,7 +19,6 @@ /* $Id$ */ #include "php.h" -#include "safe_mode.h" #include "fopen_wrappers.h" #include "php_globals.h" @@ -434,10 +433,6 @@ static void php_do_chgrp(INTERNAL_FUNCTION_PARAMETERS, int do_lchgrp) /* {{{ */ RETURN_FALSE; } - if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; @@ -535,10 +530,6 @@ static void php_do_chown(INTERNAL_FUNCTION_PARAMETERS, int do_lchown) /* {{{ */ RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; @@ -603,36 +594,12 @@ PHP_FUNCTION(chmod) return; } - if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } imode = (mode_t) mode; - /* In safe mode, do not allow to setuid files. - * Setuiding files could allow users to gain privileges - * that safe mode doesn't give them. */ - - if (PG(safe_mode)) { - php_stream_statbuf ssb; - if (php_stream_stat_path_ex(filename, 0, &ssb, NULL)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "stat failed for %s", filename); - RETURN_FALSE; - } - if ((imode & 04000) != 0 && (ssb.sb.st_mode & 04000) == 0) { - imode ^= 04000; - } - if ((imode & 02000) != 0 && (ssb.sb.st_mode & 02000) == 0) { - imode ^= 02000; - } - if ((imode & 01000) != 0 && (ssb.sb.st_mode & 01000) == 0) { - imode ^= 01000; - } - } ret = VCWD_CHMOD(filename, imode); if (ret == -1) { @@ -680,11 +647,6 @@ PHP_FUNCTION(touch) WRONG_PARAM_COUNT; } - /* Safe-mode */ - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; @@ -771,28 +733,13 @@ PHPAPI void php_stat(const char *filename, php_stat_len filename_length, int typ }; char *local; php_stream_wrapper *wrapper; - char safe_mode_buf[MAXPATHLEN]; if (!filename_length) { RETURN_FALSE; } - if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper) { - if (php_check_open_basedir(local TSRMLS_CC)) { - RETURN_FALSE; - } else if (PG(safe_mode)) { - if (type == FS_IS_X) { - if (strstr(local, "..")) { - RETURN_FALSE; - } else { - char *b = strrchr(local, PHP_DIR_SEPARATOR); - snprintf(safe_mode_buf, MAXPATHLEN, "%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : local)); - local = (char *)&safe_mode_buf; - } - } else if (!php_checkuid_ex(local, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS, CHECKUID_NO_ERRORS)) { - RETURN_FALSE; - } - } + if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper && php_check_open_basedir(local TSRMLS_CC)) { + RETURN_FALSE; } if (IS_ACCESS_CHECK(type)) { diff --git a/ext/standard/fsock.c b/ext/standard/fsock.c index 7501dce928..4e6ce128dd 100644 --- a/ext/standard/fsock.c +++ b/ext/standard/fsock.c @@ -76,7 +76,7 @@ static void php_fsockopen_stream(INTERNAL_FUNCTION_PARAMETERS, int persistent) ZVAL_STRING(zerrstr, "", 1); } - stream = php_stream_xport_create(hostname, hostname_len, ENFORCE_SAFE_MODE | REPORT_ERRORS, + stream = php_stream_xport_create(hostname, hostname_len, REPORT_ERRORS, STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, hashkey, &tv, NULL, &errstr, &err); if (port > 0) { diff --git a/ext/standard/ftok.c b/ext/standard/ftok.c index 81d1c189e3..5ad73cff88 100644 --- a/ext/standard/ftok.c +++ b/ext/standard/ftok.c @@ -47,9 +47,9 @@ PHP_FUNCTION(ftok) if (proj_len != 1){ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Project identifier is invalid"); RETURN_LONG(-1); - } + } - if ((PG(safe_mode) && (!php_checkuid(pathname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pathname TSRMLS_CC)) { + if (php_check_open_basedir(pathname TSRMLS_CC)) { RETURN_LONG(-1); } diff --git a/ext/standard/head.c b/ext/standard/head.c index ac8c9b1a72..5b297b9a8d 100644 --- a/ext/standard/head.c +++ b/ext/standard/head.c @@ -31,7 +31,6 @@ #endif #include "php_globals.h" -#include "safe_mode.h" /* Implementation of the language Header() function */ diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 68098451b3..c730d450aa 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -131,7 +131,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, Z_TYPE_PP(tmpzval) != IS_STRING || Z_STRLEN_PP(tmpzval) <= 0) { php_url_free(resource); - return php_stream_open_wrapper_ex(path, mode, ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); + return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context); } /* Called from a non-http wrapper with http proxying requested (i.e. ftp) */ request_fulluri = 1; diff --git a/ext/standard/image.c b/ext/standard/image.c index df8cd4b3a9..4ce895438e 100644 --- a/ext/standard/image.c +++ b/ext/standard/image.c @@ -1313,7 +1313,7 @@ PHP_FUNCTION(getimagesize) array_init(*info); } - stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH, NULL); if (!stream) { RETURN_FALSE; diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c index 2eb2fab4c1..d863e3dd8f 100644 --- a/ext/standard/iptc.c +++ b/ext/standard/iptc.c @@ -190,10 +190,6 @@ PHP_FUNCTION(iptcembed) return; } - if (PG(safe_mode) && (!php_checkuid(jpeg_file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(jpeg_file TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/link.c b/ext/standard/link.c index 3d7cd8c85c..7029a20d02 100644 --- a/ext/standard/link.c +++ b/ext/standard/link.c @@ -47,7 +47,6 @@ #include <errno.h> #include <ctype.h> -#include "safe_mode.h" #include "php_link.h" #include "php_string.h" @@ -64,10 +63,6 @@ PHP_FUNCTION(readlink) return; } - if (PG(safe_mode) && !php_checkuid(link, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(link TSRMLS_CC)) { RETURN_FALSE; } @@ -144,14 +139,6 @@ PHP_FUNCTION(symlink) RETURN_FALSE; } - if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - - if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } @@ -200,14 +187,6 @@ PHP_FUNCTION(link) RETURN_FALSE; } - if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - - if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/link_win32.c b/ext/standard/link_win32.c index 37575077ad..ff4e33f3b5 100644 --- a/ext/standard/link_win32.c +++ b/ext/standard/link_win32.c @@ -39,7 +39,6 @@ #include <errno.h> #include <ctype.h> -#include "safe_mode.h" #include "php_link.h" #include "php_string.h" @@ -91,7 +90,7 @@ PHP_FUNCTION(readlink) return; } - if (OPENBASEDIR_CHECKPATH(link)) { + if (php_check_open_basedir(link TSRMLS_CC)) { RETURN_FALSE; } if (!expand_filepath(link, path_resolved TSRMLS_CC)) { @@ -209,11 +208,11 @@ PHP_FUNCTION(symlink) RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(dest_p)) { + if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(source_p)) { + if (php_check_open_basedir(source_p TSRMLS_CC)) { RETURN_FALSE; } @@ -264,11 +263,11 @@ PHP_FUNCTION(link) RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(source_p)) { + if (php_check_open_basedir(source_p TSRMLS_CC)) { RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(dest_p)) { + if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 6d5435f2ff..4f9254d2f8 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -41,7 +41,6 @@ #include "php_mail.h" #include "php_ini.h" -#include "safe_mode.h" #include "exec.h" #ifdef PHP_WIN32 @@ -105,14 +104,7 @@ PHP_FUNCTION(mail) char *to_r, *subject_r; char *p, *e; - if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE"); - RETURN_FALSE; - } - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len, - &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE - ) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE) { return; } diff --git a/ext/standard/md5.c b/ext/standard/md5.c index d7a905d5ee..a5b0f9b819 100644 --- a/ext/standard/md5.c +++ b/ext/standard/md5.c @@ -89,7 +89,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file) return; } - stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } diff --git a/ext/standard/pack.c b/ext/standard/pack.c index 32714795b3..5888039dc4 100644 --- a/ext/standard/pack.c +++ b/ext/standard/pack.c @@ -39,7 +39,6 @@ #include <sys/param.h> #endif #include "ext/standard/head.h" -#include "safe_mode.h" #include "php_string.h" #include "pack.h" #if HAVE_PWD_H diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c index 0d6ad5fc67..8c54277fcb 100644 --- a/ext/standard/proc_open.c +++ b/ext/standard/proc_open.c @@ -28,7 +28,6 @@ #include <stdio.h> #include <ctype.h> #include "php_string.h" -#include "safe_mode.h" #include "ext/standard/head.h" #include "ext/standard/basic_functions.h" #include "ext/standard/file.h" @@ -153,33 +152,6 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent if (string_length == 0) { continue; } - if (PG(safe_mode)) { - /* Check the protected list */ - if (zend_hash_exists(&BG(sm_protected_env_vars), string_key, string_length - 1)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", string_key); - return env; - } - /* Check the allowed list */ - if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) { - char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars)); - char *strtok_buf = NULL; - char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf); - zend_bool allowed = 0; - - while (allowed_prefix) { - if (!strncmp(allowed_prefix, string_key, strlen(allowed_prefix))) { - allowed = 1; - break; - } - allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf); - } - efree(allowed_env_vars); - if (!allowed) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", string_key); - return env; - } - } - } l = string_length + el_len + 1; memcpy(p, string_key, string_length); @@ -278,53 +250,6 @@ static void proc_open_rsrc_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) } /* }}} */ -/* {{{ php_make_safe_mode_command */ -static int php_make_safe_mode_command(char *cmd, char **safecmd, int is_persistent TSRMLS_DC) -{ - int lcmd, larg0; - char *space, *sep, *arg0; - - if (!PG(safe_mode)) { - *safecmd = pestrdup(cmd, is_persistent); - return SUCCESS; - } - - lcmd = strlen(cmd); - - arg0 = estrndup(cmd, lcmd); - - space = memchr(arg0, ' ', lcmd); - if (space) { - *space = '\0'; - larg0 = space - arg0; - } else { - larg0 = lcmd; - } - - if (php_memnstr(arg0, "..", sizeof("..")-1, arg0 + larg0)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path"); - efree(arg0); - return FAILURE; - } - - sep = zend_memrchr(arg0, PHP_DIR_SEPARATOR, larg0); - - spprintf(safecmd, 0, "%s%s%s%s", PG(safe_mode_exec_dir), (sep ? sep : "/"), (sep ? "" : arg0), (space ? cmd + larg0 : "")); - - efree(arg0); - arg0 = php_escape_shell_cmd(*safecmd); - efree(*safecmd); - if (is_persistent) { - *safecmd = pestrdup(arg0, 1); - efree(arg0); - } else { - *safecmd = arg0; - } - - return SUCCESS; -} -/* }}} */ - /* {{{ PHP_MINIT_FUNCTION(proc_open) */ PHP_MINIT_FUNCTION(proc_open) { @@ -541,9 +466,7 @@ PHP_FUNCTION(proc_open) RETURN_FALSE; } - if (FAILURE == php_make_safe_mode_command(command, &command, is_persistent TSRMLS_CC)) { - RETURN_FALSE; - } + command = pestrdup(command, is_persistent); #ifdef PHP_WIN32 if (other_options) { @@ -695,7 +618,7 @@ PHP_FUNCTION(proc_open) /* try a wrapper */ stream = php_stream_open_wrapper(Z_STRVAL_PP(zfile), Z_STRVAL_PP(zmode), - ENFORCE_SAFE_MODE|REPORT_ERRORS|STREAM_WILL_CAST, NULL); + REPORT_ERRORS|STREAM_WILL_CAST, NULL); /* force into an fd */ if (stream == NULL || FAILURE == php_stream_cast(stream, diff --git a/ext/standard/sha1.c b/ext/standard/sha1.c index 0a81f18c8a..414018d2a5 100644 --- a/ext/standard/sha1.c +++ b/ext/standard/sha1.c @@ -79,7 +79,7 @@ PHP_FUNCTION(sha1_file) return; } - stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL); + stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c index 170618f76c..3f44a5c0a6 100644 --- a/ext/standard/streamsfuncs.c +++ b/ext/standard/streamsfuncs.c @@ -128,7 +128,7 @@ PHP_FUNCTION(stream_socket_client) ZVAL_STRING(zerrstr, "", 1); } - stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS, + stream = php_stream_xport_create(host, host_len, REPORT_ERRORS, STREAM_XPORT_CLIENT | (flags & PHP_STREAM_CLIENT_CONNECT ? STREAM_XPORT_CONNECT : 0) | (flags & PHP_STREAM_CLIENT_ASYNC_CONNECT ? STREAM_XPORT_CONNECT_ASYNC : 0), hashkey, &tv, context, &errstr, &err); @@ -204,7 +204,7 @@ PHP_FUNCTION(stream_socket_server) ZVAL_STRING(zerrstr, "", 1); } - stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS, + stream = php_stream_xport_create(host, host_len, REPORT_ERRORS, STREAM_XPORT_SERVER | flags, NULL, NULL, context, &errstr, &err); diff --git a/ext/standard/tests/file/bug22414.phpt b/ext/standard/tests/file/bug22414.phpt index 90e4c58bd9..fcd85489f3 100644 --- a/ext/standard/tests/file/bug22414.phpt +++ b/ext/standard/tests/file/bug22414.phpt @@ -1,7 +1,6 @@ --TEST-- Bug #22414 (passthru() does not read data correctly) --INI-- -safe_mode= output_handler= --FILE-- <?php diff --git a/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt b/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt index c22fdd0d16..2c79668f7b 100644 --- a/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt +++ b/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt @@ -1,20 +1,20 @@ ---TEST-- -Test function get_cfg_var() by calling deprecated option ---CREDITS-- -Francesco Fullone ff@ideato.it -#PHPTestFest Cesena Italia on 2009-06-20 ---INI-- -safe_mode=1 ---SKIPIF-- -<?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?> ---FILE-- -<?php -echo "*** Test by calling method or function with deprecated option ***\n"; -var_dump(get_cfg_var( 'safe_mode' ) ); - -?> ---EXPECTF-- -Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in %s on line 0 -*** Test by calling method or function with deprecated option *** -string(1) "1" - +--TEST--
+Test function get_cfg_var() by calling deprecated option
+--CREDITS--
+Francesco Fullone ff@ideato.it
+#PHPTestFest Cesena Italia on 2009-06-20
+--INI--
+magic_quotes_gpc=1
+--SKIPIF--
+<?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?>
+--FILE--
+<?php
+echo "*** Test by calling method or function with deprecated option ***\n";
+var_dump(get_cfg_var( 'magic_quotes_gpc' ) );
+
+?>
+--EXPECTF--
+Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in %s on line 0
+*** Test by calling method or function with deprecated option ***
+string(1) "1"
+
diff --git a/ext/standard/tests/general_functions/putenv_error1.phpt b/ext/standard/tests/general_functions/putenv_error1.phpt index c4b49f3f87..6339a7c160 100644 --- a/ext/standard/tests/general_functions/putenv_error1.phpt +++ b/ext/standard/tests/general_functions/putenv_error1.phpt @@ -5,6 +5,8 @@ Brian DeShong <brian@deshong.net> --INI-- safe_mode=1 safe_mode_allowed_env_vars=TESTING_ +--SKIPIF-- +<?php if (PHP_VERSION_ID < 503099) { die('SKIP Safe mode is no longer available'); } ?> --FILE-- <?php putenv('FOO=bar'); diff --git a/ext/standard/tests/general_functions/putenv_error2.phpt b/ext/standard/tests/general_functions/putenv_error2.phpt index 456a7ab690..4df2c4f50b 100644 --- a/ext/standard/tests/general_functions/putenv_error2.phpt +++ b/ext/standard/tests/general_functions/putenv_error2.phpt @@ -5,6 +5,8 @@ Brian DeShong <brian@deshong.net> --INI-- safe_mode=1 safe_mode_protected_env_vars=FOO,BAZ +--SKIPIF-- +<?php if (PHP_VERSION_ID < 503099) { die('SKIP Safe mode is no longer available'); } ?> --FILE-- <?php putenv('FOO=bar'); diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index dfc15d97f0..85d9740821 100644 --- a/ext/tidy/tidy.c +++ b/ext/tidy/tidy.c @@ -29,7 +29,6 @@ #include "php_ini.h" #include "ext/standard/info.h" -#include "safe_mode.h" #include "tidy.h" #include "buffio.h" @@ -74,7 +73,7 @@ _php_tidy_apply_config_array(_doc, HASH_OF(*_val) TSRMLS_CC); \ } else { \ convert_to_string_ex(_val); \ - TIDY_SAFE_MODE_CHECK(Z_STRVAL_PP(_val)); \ + TIDY_OPEN_BASE_DIR_CHECK(Z_STRVAL_PP(_val)); \ switch (tidyLoadConfig(_doc, Z_STRVAL_PP(_val))) { \ case -1: \ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not load configuration file '%s'", Z_STRVAL_PP(_val)); \ @@ -156,8 +155,8 @@ zend_hash_update(_table, #_key, sizeof(#_key), (void *)&tmp, sizeof(zval *), NULL); \ } -#define TIDY_SAFE_MODE_CHECK(filename) \ -if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { \ +#define TIDY_OPEN_BASE_DIR_CHECK(filename) \ +if (php_check_open_basedir(filename TSRMLS_CC)) { \ RETURN_FALSE; \ } \ @@ -641,7 +640,7 @@ static char *php_tidy_file_to_mem(char *filename, zend_bool use_include_path, in php_stream *stream; char *data = NULL; - if (!(stream = php_stream_open_wrapper(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE, NULL))) { + if (!(stream = php_stream_open_wrapper(filename, "rb", (use_include_path ? USE_PATH : 0), NULL))) { return NULL; } if ((*len = (int) php_stream_copy_to_mem(stream, &data, PHP_STREAM_COPY_ALL, 0)) == 0) { diff --git a/ext/xmlwriter/php_xmlwriter.c b/ext/xmlwriter/php_xmlwriter.c index 55bb699b05..e26c6dc7e1 100644 --- a/ext/xmlwriter/php_xmlwriter.c +++ b/ext/xmlwriter/php_xmlwriter.c @@ -679,7 +679,7 @@ static void *php_xmlwriter_streams_IO_open_write_wrapper(const char *filename TS php_stream_wrapper *wrapper = NULL; void *ret_val = NULL; - ret_val = php_stream_open_wrapper_ex((char *)filename, "wb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, NULL); + ret_val = php_stream_open_wrapper_ex((char *)filename, "wb", REPORT_ERRORS, NULL, NULL); return ret_val; } /* }}} */ diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index a2b5892819..ba89cce5f3 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -184,7 +184,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC); - if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) { + if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) { efree(file_dirname_fullpath); efree(file_basename); free(new_state.cwd); @@ -238,7 +238,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil * is required, does a file can have a different * safemode status as its parent folder? */ - if (OPENBASEDIR_CHECKPATH(fullpath)) { + if (ZIP_OPENBASEDIR_CHECKPATH(fullpath)) { efree(fullpath); efree(file_dirname_fullpath); efree(file_basename); @@ -255,7 +255,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil return 0; } -#if (PHP_MAJOR_VERSION < 6) +#if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL); @@ -288,7 +288,7 @@ static int php_zip_add_file(struct zip *za, const char *filename, int filename_l char resolved_path[MAXPATHLEN]; - if (OPENBASEDIR_CHECKPATH(filename)) { + if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { return -1; } @@ -530,7 +530,7 @@ int php_zip_glob(char *pattern, int pattern_len, long flags, zval *return_value /* we assume that any glob pattern will match files from one directory only so checking the dirname of the first match should be sufficient */ strncpy(cwd, globbuf.gl_pathv[0], MAXPATHLEN); - if (OPENBASEDIR_CHECKPATH(cwd)) { + if (ZIP_OPENBASEDIR_CHECKPATH(cwd)) { return -1; } @@ -592,7 +592,7 @@ int php_zip_pcre(char *regexp, int regexp_len, char *path, int path_len, zval *r } #endif - if (OPENBASEDIR_CHECKPATH(path)) { + if (ZIP_OPENBASEDIR_CHECKPATH(path)) { return -1; } @@ -1163,7 +1163,7 @@ static PHP_NAMED_FUNCTION(zif_zip_open) RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(filename)) { + if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } @@ -1452,7 +1452,7 @@ static ZIPARCHIVE_METHOD(open) RETURN_FALSE; } - if (OPENBASEDIR_CHECKPATH(filename)) { + if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } diff --git a/ext/zip/php_zip.h b/ext/zip/php_zip.h index ac39a9ac85..1d5f9b358a 100644 --- a/ext/zip/php_zip.h +++ b/ext/zip/php_zip.h @@ -43,12 +43,12 @@ extern zend_module_entry zip_module_entry; # endif #endif -/* {{{ OPENBASEDIR_CHECKPATH(filename) */ -#if (PHP_MAJOR_VERSION < 6) -# define OPENBASEDIR_CHECKPATH(filename) \ +/* {{{ ZIP_OPENBASEDIR_CHECKPATH(filename) */ +#if PHP_API_VERSION < 20100412 +# define ZIP_OPENBASEDIR_CHECKPATH(filename) \ (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC) #else -#define OPENBASEDIR_CHECKPATH(filename) \ +#define ZIP_OPENBASEDIR_CHECKPATH(filename) \ php_check_open_basedir(filename TSRMLS_CC) #endif /* }}} */ diff --git a/ext/zip/zip_stream.c b/ext/zip/zip_stream.c index bb676efb49..c535dd4f09 100644 --- a/ext/zip/zip_stream.c +++ b/ext/zip/zip_stream.c @@ -120,7 +120,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D } if (filename) { - if (OPENBASEDIR_CHECKPATH(filename)) { + if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { return NULL; } @@ -201,7 +201,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper, php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC); fragment++; - if (OPENBASEDIR_CHECKPATH(file_dirname)) { + if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname)) { efree(file_basename); return NULL; } diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c index 69c05bbb24..af23b29100 100644 --- a/ext/zlib/zlib.c +++ b/ext/zlib/zlib.c @@ -44,7 +44,6 @@ #endif #include "ext/standard/head.h" -#include "safe_mode.h" #include "ext/standard/php_standard.h" #include "ext/standard/info.h" #include "php_zlib.h" @@ -373,7 +372,7 @@ static PHP_FUNCTION(gzfile) use_include_path = flags ? USE_PATH : 0; /* using a stream here is a bit more efficient (resource wise) than php_gzopen_wrapper */ - stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC); + stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC); if (stream == NULL) { /* Error reporting is already done by stream code */ RETURN_FALSE; @@ -415,7 +414,7 @@ static PHP_FUNCTION(gzopen) use_include_path = flags ? USE_PATH : 0; - stream = php_stream_gzopen(NULL, filename, mode, use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC); + stream = php_stream_gzopen(NULL, filename, mode, use_include_path | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC); if (!stream) { RETURN_FALSE; @@ -444,7 +443,7 @@ static PHP_FUNCTION(readgzfile) use_include_path = flags ? USE_PATH : 0; - stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE, NULL, NULL STREAMS_CC TSRMLS_CC); + stream = php_stream_gzopen(NULL, filename, "rb", use_include_path, NULL, NULL STREAMS_CC TSRMLS_CC); if (!stream) { RETURN_FALSE; } |