jeroen Tue Jul 31 18:28:30 2001 EDT
Modified files:
/phpdoc/en/features safe-mode.xml
/phpdoc/en/functions cybermut.xml dbase.xml dbm.xml filepro.xml
filesystem.xml info.xml pgsql.xml posix.xml
Log:
- More correct safe-mode documentation
- Partially added warnings to the functions themselves
- Small xml-id fix in cybermut
Index: phpdoc/en/features/safe-mode.xml
diff -u phpdoc/en/features/safe-mode.xml:1.6 phpdoc/en/features/safe-mode.xml:1.7
--- phpdoc/en/features/safe-mode.xml:1.6 Fri Jul 13 15:03:05 2001
+++ phpdoc/en/features/safe-mode.xml Tue Jul 31 18:28:29 2001
@@ -1,4 +1,4 @@
- <!-- $Revision: 1.6 $ -->
+ <!-- $Revision: 1.7 $ -->
<chapter id="features.safe-mode">
<title>Safe mode</title>
@@ -107,20 +107,24 @@
<entry>&sm.uidcheck;</entry>
</row>
<row>
- <entry><function>imap_thread</function></entry>
- <entry>??</entry>
+ <entry><function>ifx_*</function></entry>
+ <entry>sql_safe_mode restrictions, (!= safe-mode)</entry>
+ <!-- TODO: more info on sql-safe-mode -->
</row>
<row>
- <entry><function>ifxus_tell_slob</function></entry>
- <entry>??</entry>
+ <entry><function>ingres_*</function></entry>
+ <entry>sql_safe_mode restrictions, (!= safe-mode)</entry>
+ <!-- TODO: more info on sql-safe-mode -->
</row>
<row>
- <entry><function>muscat_close</function></entry>
- <entry>??</entry>
+ <entry><function>mysql_*</function></entry>
+ <entry>sql_safe_mode restrictions, (!= safe-mode)</entry>
+ <!-- TODO: more info on sql-safe-mode -->
</row>
<row>
<entry><function>pg_loimport</function></entry>
<entry>&sm.uidcheck;</entry>
+ <!-- source TODO: there is no PHP-warning for that safe-mode-restriction -->
</row>
<row>
<entry><function>posix_mkfifo</function></entry>
@@ -128,27 +132,64 @@
</row>
<row>
<entry><function>putenv</function></entry>
- <entry>??</entry>
+ <entry>Obeys the safe_mode_protected_env_vars and
+ safe_mode_allowed_env_vars ini-directives. See also the documentation
+ on <function>putenv</function></entry>
+ <!-- TODO: document those directives in chapters/config.xml -->
</row>
<row>
<entry><function>move_uploaded_file</function></entry>
- <entry>&sm.uidcheck;</entry>
+ <entry>&sm.uidcheck; <!-- TODO: check this --></entry>
</row>
+
+ <!-- TODO: from here on, add warning to the function itself -->
+
<row>
<entry><function>chdir</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>dl</function></entry>
- <entry>??</entry>
+ <entry>&sm.disabled;</entry>
</row>
<row>
- <entry><function>shell_exec</function></entry>
- <entry>??</entry>
+ <entry><link linkend="language.operators.execution">backtick
+operator</link></entry>
+ <entry>&sm.disabled;</entry>
+ </row>
+ <row>
+ <entry><function>shell_exec</function> (functional equivalent
+ of backticks)</entry>
+ <entry>&sm.disabled;</entry>
+ </row>
+ <row>
+ <entry><function>exec</function></entry>
+ <entry>You can only execute executables within the <link
+ linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
+ For practical reasons it's currently not allowed to have
+ <literal>..</literal> components in the path to the executable.</entry>
+ </row>
+ <row>
+ <entry><function>system</function></entry>
+ <entry>You can only execute executables within the <link
+ linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
+ For practical reasons it's currently not allowed to have
+ <literal>..</literal> components in the path to the executable.</entry>
+ </row>
+ <row>
+ <entry><function>passthru</function></entry>
+ <entry>You can only execute executables within the <link
+ linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
+ For practical reasons it's currently not allowed to have
+ <literal>..</literal> components in the path to the executable.</entry>
</row>
<row>
<entry><function>popen</function></entry>
- <entry>&sm.uidcheck.dir; <!-- not sure!! --></entry>
+ <entry>You can only execute executables within the <link
+ linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
+ For practical reasons it's currently not allowed to have
+ <literal>..</literal> components in the path to the executable.</entry>
+ <!-- TODO: not sure. popen uses a completely different implementation
+ Don't know why, don't know whether it's behaving the same -->
</row>
<row>
<entry><function>mkdir</function></entry>
@@ -160,15 +201,17 @@
</row>
<row>
<entry><function>rename</function></entry>
- <entry>&sm.uidcheck; <!-- on the old name only, it seems --></entry>
+ <entry>&sm.uidcheck; &sm.uidcheck.dir;<!-- on the old name only, it seems. Is
+rename preventing moving files? --></entry>
</row>
<row>
<entry><function>unlink</function></entry>
- <entry>&sm.uidcheck;</entry>
+ <entry>&sm.uidcheck; &sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>copy</function></entry>
- <entry>&sm.uidcheck; <!-- source AND target,should be noted --></entry>
+ <entry>&sm.uidcheck; &sm.uidcheck.dir; (on
+ <parameter>source</parameter> and
+ <parameter>target</parameter>) </entry>
</row>
<row>
<entry><function>chgrp</function></entry>
@@ -180,48 +223,29 @@
</row>
<row>
<entry><function>chmod</function></entry>
- <entry>&sm.uidcheck; <!-- there is more than this,
- i believe you can't set the SUID/SGID/sticky bits? --></entry>
+ <entry>&sm.uidcheck; In addition, you cannot
+ set the SUID, SGID and sticky bits</entry>
</row>
<row>
<entry><function>touch</function></entry>
- <entry>&sm.uidcheck;</entry>
+ <entry>&sm.uidcheck; &sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>symlink</function></entry>
- <entry>&sm.uidcheck; <!-- only link-target, it seems? --></entry>
+ <entry>&sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
+ checked)</entry>
</row>
<row>
<entry><function>link</function></entry>
- <entry>&sm.uidcheck; <!-- only link-target, it seems? --></entry>
- </row>
- <row>
- <entry><function>ob_gzhandler</function></entry>
- <entry>&sm.uidcheck;</entry>
+ <entry>&sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
+ checked)</entry>
</row>
<row>
<entry><function>getallheaders</function></entry>
- <entry>??</entry>
- </row>
- <row>
- <entry><function>exec</function></entry>
- <entry>??</entry>
- </row>
- <row>
- <entry><function>system</function></entry>
- <entry>??</entry>
- </row>
- <row>
- <entry><function>passthru</function></entry>
- <entry>??</entry>
- </row>
- <row>
- <entry><function>mail</function></entry>
- <entry>??</entry>
- </row>
- <row>
- <entry><link linkend="language.operators.execution">backtick
operator</link></entry>
- <entry>??</entry>
+ <entry>In safe-mode, headers beginning with 'authorization'
+ (case-insensitive)
+ will not be returned. Warning: this is broken with the aol-server
+ implementation of <function>getallheaders</function>!</entry>
</row>
<row>
<entry>Any function that uses
Index: phpdoc/en/functions/cybermut.xml
diff -u phpdoc/en/functions/cybermut.xml:1.4 phpdoc/en/functions/cybermut.xml:1.5
--- phpdoc/en/functions/cybermut.xml:1.4 Tue Jul 24 05:22:54 2001
+++ phpdoc/en/functions/cybermut.xml Tue Jul 31 18:28:30 2001
@@ -40,7 +40,7 @@
</note>
</partintro>
- <refentry id="function.cybermut_creerformulairecm">
+ <refentry id="function.cybermut-creerformulairecm">
<refnamediv>
<refname>cybermut_creerformulairecm</refname>
<refpurpose>Generate HTML form of request for payment</refpurpose>
@@ -104,7 +104,7 @@
</refsect1>
</refentry>
- <refentry id="function.cybermut_testmac">
+ <refentry id="function.cybermut-testmac">
<refnamediv>
<refname>cybermut_testmac</refname>
<refpurpose>
@@ -177,7 +177,7 @@
</refsect1>
</refentry>
- <refentry id="function.cybermut_creerreponsecm">
+ <refentry id="function.cybermut-creerreponsecm">
<refnamediv>
<refname>cybermut_creerreponsecm</refname>
<refpurpose>
Index: phpdoc/en/functions/dbase.xml
diff -u phpdoc/en/functions/dbase.xml:1.6 phpdoc/en/functions/dbase.xml:1.7
--- phpdoc/en/functions/dbase.xml:1.6 Sat Jul 7 14:42:24 2001
+++ phpdoc/en/functions/dbase.xml Tue Jul 31 18:28:30 2001
@@ -147,6 +147,7 @@
Returns a dbase_identifier for the opened database, or &false; if
the database couldn't be opened.
</para>
+ ¬e.sm.uidcheck;
</refsect1>
</refentry>
Index: phpdoc/en/functions/dbm.xml
diff -u phpdoc/en/functions/dbm.xml:1.7 phpdoc/en/functions/dbm.xml:1.8
--- phpdoc/en/functions/dbm.xml:1.7 Sat Jul 7 14:42:24 2001
+++ phpdoc/en/functions/dbm.xml Tue Jul 31 18:28:30 2001
@@ -67,6 +67,7 @@
information on DBM files, see your Unix man pages, or obtain
<ulink url="&url.gdbm;">GNU's GDBM</ulink>.
</para>
+ ¬e.sm.uidcheck;
</refsect1>
</refentry>
Index: phpdoc/en/functions/filepro.xml
diff -u phpdoc/en/functions/filepro.xml:1.6 phpdoc/en/functions/filepro.xml:1.7
--- phpdoc/en/functions/filepro.xml:1.6 Thu Mar 22 14:19:35 2001
+++ phpdoc/en/functions/filepro.xml Tue Jul 31 18:28:30 2001
@@ -29,6 +29,7 @@
<para>
No locking is done, so you should avoid modifying your filePro
database while it may be opened in PHP.</para>
+ ¬e.sm.uidcheck;
</refsect1>
</refentry>
@@ -102,6 +103,7 @@
</funcsynopsis>
<para>
Returns the data from the specified location in the database.</para>
+ ¬e.sm.uidcheck;
</refsect1>
</refentry>
@@ -141,6 +143,7 @@
</funcsynopsis>
<para>
Returns the number of rows in the opened filePro database.</para>
+ ¬e.sm.uidcheck;
<para>
See also <function>filepro</function>.</para>
</refsect1>
Index: phpdoc/en/functions/filesystem.xml
diff -u phpdoc/en/functions/filesystem.xml:1.77 phpdoc/en/functions/filesystem.xml:1.78
--- phpdoc/en/functions/filesystem.xml:1.77 Sun Jul 8 09:37:39 2001
+++ phpdoc/en/functions/filesystem.xml Tue Jul 31 18:28:30 2001
@@ -2136,6 +2136,8 @@
system.
</para>
+ ¬e.sm.uidcheck;
+
<para>
See also <function>is_uploaded_file</function>, and the section
<link linkend="features.file-upload">Handling file uploads</link>
Index: phpdoc/en/functions/info.xml
diff -u phpdoc/en/functions/info.xml:1.57 phpdoc/en/functions/info.xml:1.58
--- phpdoc/en/functions/info.xml:1.57 Thu Jul 19 05:20:23 2001
+++ phpdoc/en/functions/info.xml Tue Jul 31 18:28:30 2001
@@ -1332,6 +1332,11 @@
These variables will be protected even if
<literal>safe_mode_allowed_env_vars</literal>
is set to allow to change them.
</para>
+ <warning>
+ <para>
+ These directives have only effect when <link
+linkend="features.safe-mode">safe-mode</link> itself is enabled!
+ </para>
+ </warning>
<para>
<example>
<title>Setting an Environment Variable</title>
Index: phpdoc/en/functions/pgsql.xml
diff -u phpdoc/en/functions/pgsql.xml:1.37 phpdoc/en/functions/pgsql.xml:1.38
--- phpdoc/en/functions/pgsql.xml:1.37 Sat Jul 7 17:57:30 2001
+++ phpdoc/en/functions/pgsql.xml Tue Jul 31 18:28:30 2001
@@ -907,6 +907,7 @@
object otherwise. Remember that handling large objects in
PostgreSQL must happen inside a transaction.
</para>
+ ¬e.sm.uidcheck;
</refsect1>
</refentry>
Index: phpdoc/en/functions/posix.xml
diff -u phpdoc/en/functions/posix.xml:1.11 phpdoc/en/functions/posix.xml:1.12
--- phpdoc/en/functions/posix.xml:1.11 Sat Jul 7 14:42:37 2001
+++ phpdoc/en/functions/posix.xml Tue Jul 31 18:28:30 2001
@@ -578,6 +578,7 @@
<para>
Needs to be written ASAP.
</para>
+ ¬e.sm.uidcheck.dir;
</refsect1>
</refentry>
