Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS ext/xsl/php_xsl.c ext/xsl/php_xsl.h ext/xsl/xsltprocessor.c

Thu, 06 Oct 2011 11:31:44 -0700 

Fixed

chregu

On 06.10.11 16:31, Hannes Magnusson wrote:
> On Wed, Oct 5, 2011 at 11:56, Christian Stocker <chr...@php.net> wrote:
>> chregu                                   Wed, 05 Oct 2011 09:56:01 +0000
>>
>> Revision: http://svn.php.net/viewvc?view=revision&revision=317759
>>
>> Log:
>> Added xsl.security_prefs ini option to define forbidden operations within 
>> XSLT
>> stylesheets, default is not to enable write operations. This option won't be
>> in 5.4, since there's a new method. Bug #54446
>>
>> Bug: https://bugs.php.net/54446 (To be documented) Arbitrary file creation 
>> via libxslt 'output' extension
>>
>> Changed paths:
>>    U   php/php-src/branches/PHP_5_3/NEWS
>>    U   php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c
>>    U   php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.h
>>    U   php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c
>>
>> Modified: php/php-src/branches/PHP_5_3/NEWS
>> ===================================================================
>> --- php/php-src/branches/PHP_5_3/NEWS   2011-10-05 09:51:08 UTC (rev 317758)
>> +++ php/php-src/branches/PHP_5_3/NEWS   2011-10-05 09:56:01 UTC (rev 317759)
>> @@ -90,7 +90,13 @@
>>  - SPL:
>>   . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
>>     (jgotti at modedemploi dot fr, Hannes)
>> +
>> +- XSL:
>> +  . Added xsl.security_prefs ini option to define forbidden operations 
>> within XSLT
>> +    stylesheets, default is not to enable write operations. This option 
>> won't be
>> +    in 5.4, since there's a new method. Bug #54446 (Chregu, Nicolas 
>> Gregoire)
>>
>> +
>>  23 Aug 2011, PHP 5.3.8
>>
>>  - Core:
>>
>> Modified: php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c
>> ===================================================================
>> --- php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c      2011-10-05 09:51:08 
>> UTC (rev 317758)
>> +++ php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c      2011-10-05 09:56:01 
>> UTC (rev 317759)
>> @@ -141,6 +141,11 @@
>>  }
>>  /* }}} */
>>
>> +PHP_INI_BEGIN()
>> +//XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK | 
>> XSL_SECPREF_WRITE_FILE == 44
>> +PHP_INI_ENTRY("xsl.security_prefs", "44", PHP_INI_ALL, NULL)
>> +PHP_INI_END()
> 
> 
> // comments are not allowed :)
> And please add this option to the php.ini-* files, with similar note
> as the news entry.
> 
> -Hannes

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to