[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h php_variables.c
stasWed Mar 12 20:53:04 2008 UTC Modified files: /php-srcphp.ini-dist php.ini-recommended /php-src/main main.c php_globals.h php_variables.c Log: MFB: add request_order INI variable to control $_REQUEST content # if not set (default), variables_order still is used # request_order accepts G,P and C http://cvs.php.net/viewvc.cgi/php-src/php.ini-dist?r1=1.272r2=1.273diff_format=u Index: php-src/php.ini-dist diff -u php-src/php.ini-dist:1.272 php-src/php.ini-dist:1.273 --- php-src/php.ini-dist:1.272 Thu Feb 21 13:36:24 2008 +++ php-src/php.ini-distWed Mar 12 20:53:04 2008 @@ -360,6 +360,12 @@ ; values override older values. variables_order = EGPCS +; This directive describes the order in which PHP registers GET, POST and Cookie +; variables into the _REQUEST array. Registration is done from left to right, +; newer values override older values. +; If this directive is not set, variables_order is used for _REQUEST contents. +; request_order = GP + ; This directive tells PHP whether to declare the argvargc variables (that ; would contain the GET information). If you don't use these variables, you ; should turn it off for increased performance. http://cvs.php.net/viewvc.cgi/php-src/php.ini-recommended?r1=1.222r2=1.223diff_format=u Index: php-src/php.ini-recommended diff -u php-src/php.ini-recommended:1.222 php-src/php.ini-recommended:1.223 --- php-src/php.ini-recommended:1.222 Thu Feb 21 13:36:25 2008 +++ php-src/php.ini-recommended Wed Mar 12 20:53:04 2008 @@ -399,6 +399,12 @@ ; values override older values. variables_order = GPCS +; This directive describes the order in which PHP registers GET, POST and Cookie +; variables into the _REQUEST array. Registration is done from left to right, +; newer values override older values. +; If this directive is not set, variables_order is used for _REQUEST contents. +request_order = GP + ; This directive tells PHP whether to declare the argvargc variables (that ; would contain the GET information). If you don't use these variables, you ; should turn it off for increased performance. http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.763r2=1.764diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.763 php-src/main/main.c:1.764 --- php-src/main/main.c:1.763 Sat Mar 8 22:17:32 2008 +++ php-src/main/main.c Wed Mar 12 20:53:04 2008 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.763 2008/03/08 22:17:32 colder Exp $ */ +/* $Id: main.c,v 1.764 2008/03/12 20:53:04 stas Exp $ */ /* {{{ includes */ @@ -529,6 +529,7 @@ STD_PHP_INI_ENTRY(user_dir, NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY(variables_order,EGPCS, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order,php_core_globals, core_globals) + STD_PHP_INI_ENTRY(request_order, NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, request_order, php_core_globals, core_globals) STD_PHP_INI_ENTRY(error_append_string,NULL, PHP_INI_ALL,OnUpdateString, error_append_string, php_core_globals, core_globals) STD_PHP_INI_ENTRY(error_prepend_string, NULL, PHP_INI_ALL,OnUpdateString, error_prepend_string, php_core_globals, core_globals) http://cvs.php.net/viewvc.cgi/php-src/main/php_globals.h?r1=1.116r2=1.117diff_format=u Index: php-src/main/php_globals.h diff -u php-src/main/php_globals.h:1.116 php-src/main/php_globals.h:1.117 --- php-src/main/php_globals.h:1.116Sat Mar 8 22:17:32 2008 +++ php-src/main/php_globals.h Wed Mar 12 20:53:04 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_globals.h,v 1.116 2008/03/08 22:17:32 colder Exp $ */ +/* $Id: php_globals.h,v 1.117 2008/03/12 20:53:04 stas Exp $ */ #ifndef PHP_GLOBALS_H #define PHP_GLOBALS_H @@ -148,6 +148,8 @@ char *user_ini_filename; long user_ini_cache_ttl; + + char *request_order; }; http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.145r2=1.146diff_format=u Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.145 php-src/main/php_variables.c:1.146 --- php-src/main/php_variables.c:1.145 Mon Dec 31 07:12:18 2007 +++ php-src/main/php_variables.cWed Mar 12 20:53:04 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php_variables.c,v 1.145 2007/12/31 07:12:18 sebastian Exp $ */ +/* $Id: php_variables.c,v 1.146 2008/03/12 20:53:04 stas Exp $ */ #include
[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h
janiTue Jul 24 14:18:47 2007 UTC Modified files: /php-srcphp.ini-dist php.ini-recommended /php-src/main main.c php_globals.h Log: - Changed display_errors php.ini option to accept stderr as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs. http://cvs.php.net/viewvc.cgi/php-src/php.ini-dist?r1=1.266r2=1.267diff_format=u Index: php-src/php.ini-dist diff -u php-src/php.ini-dist:1.266 php-src/php.ini-dist:1.267 --- php-src/php.ini-dist:1.266 Thu Jun 21 09:01:57 2007 +++ php-src/php.ini-distTue Jul 24 14:18:47 2007 @@ -256,6 +256,16 @@ ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. +; +; possible values for display_errors: +; +; Off- Do not display any errors +; stderr - Display errors to STDERR (affects only CGI/CLI binaries!) +; +;display_errors = stderr +; +; stdout (On) - Display errors to STDOUT +; display_errors = On ; Even when display_errors is on, errors that occur during PHP's startup http://cvs.php.net/viewvc.cgi/php-src/php.ini-recommended?r1=1.216r2=1.217diff_format=u Index: php-src/php.ini-recommended diff -u php-src/php.ini-recommended:1.216 php-src/php.ini-recommended:1.217 --- php-src/php.ini-recommended:1.216 Thu Jun 21 09:01:57 2007 +++ php-src/php.ini-recommended Tue Jul 24 14:18:47 2007 @@ -292,6 +292,18 @@ ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. +; +; possible values for display_errors: +; +; Off - Do not display any errors +; stderr - Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout - Display errors to STDOUT (default) +; +; To output errors to STDERR with CGI/CLI: +;display_errors = stderr +; +; Default +; display_errors = Off ; Even when display_errors is on, errors that occur during PHP's startup http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.739r2=1.740diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.739 php-src/main/main.c:1.740 --- php-src/main/main.c:1.739 Tue Jul 24 13:29:39 2007 +++ php-src/main/main.c Tue Jul 24 14:18:47 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.739 2007/07/24 13:29:39 jani Exp $ */ +/* $Id: main.c,v 1.740 2007/07/24 14:18:47 jani Exp $ */ /* {{{ includes */ @@ -332,6 +332,89 @@ } /* }}} */ +/* {{{ php_get_display_errors_mode() helper function + */ +static int php_get_display_errors_mode(char *value, int value_length) +{ + int mode; + + if (value_length == 2 !strcasecmp(on, value)) { + mode = PHP_DISPLAY_ERRORS_STDOUT; + } else if (value_length == 3 !strcasecmp(yes, value)) { + mode = PHP_DISPLAY_ERRORS_STDOUT; + } else if (value_length == 4 !strcasecmp(true, value)) { + mode = PHP_DISPLAY_ERRORS_STDOUT; + } else if (value_length == 6 !strcasecmp(value, stderr)) { + mode = PHP_DISPLAY_ERRORS_STDERR; + } else if (value_length == 6 !strcasecmp(value, stdout)) { + mode = PHP_DISPLAY_ERRORS_STDOUT; + } else { + mode = atoi(value); + if (mode mode != PHP_DISPLAY_ERRORS_STDOUT mode != PHP_DISPLAY_ERRORS_STDERR) { + mode = PHP_DISPLAY_ERRORS_STDOUT; + } + } + return mode; +} +/* }}} */ + +/* {{{ PHP_INI_MH + */ +static PHP_INI_MH(OnUpdateDisplayErrors) +{ + PG(display_errors) = (zend_bool) php_get_display_errors_mode(new_value, new_value_length); + + return SUCCESS; +} +/* }}} */ + +/* {{{ PHP_INI_DISP + */ +static PHP_INI_DISP(display_errors_mode) +{ + int mode, tmp_value_length, cgi_or_cli; + char *tmp_value; + + if (type == ZEND_INI_DISPLAY_ORIG ini_entry-modified) { + tmp_value = (ini_entry-orig_value ? ini_entry-orig_value : NULL ); + tmp_value_length = ini_entry-orig_value_length; + } else if (ini_entry-value) { + tmp_value = ini_entry-value; + tmp_value_length = ini_entry-value_length; + } else { + tmp_value = NULL; + tmp_value_length = 0; + } + + mode = php_get_display_errors_mode(tmp_value, tmp_value_length); + + /* Display 'On' for other SAPIs instead of STDOUT or STDERR */ + cgi_or_cli = (!strcmp(sapi_module.name, cli) || !strcmp(sapi_module.name, cgi)); + + switch (mode) { + case PHP_DISPLAY_ERRORS_STDERR: + if (cgi_or_cli ) { + PUTS(STDERR); + } else {
[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h /main/streams streams.c
rasmus Fri Nov 18 11:20:43 2005 EDT Modified files: /php-srcphp.ini-dist php.ini-recommended /php-src/main main.c php_globals.h /php-src/main/streams streams.c Log: Add allow_url_include to let people turn on allow_url_fopen without also enabling remote code execution through url wrappers http://cvs.php.net/diff.php/php-src/php.ini-dist?r1=1.237r2=1.238ty=u Index: php-src/php.ini-dist diff -u php-src/php.ini-dist:1.237 php-src/php.ini-dist:1.238 --- php-src/php.ini-dist:1.237 Mon Nov 14 18:14:54 2005 +++ php-src/php.ini-distFri Nov 18 11:20:41 2005 @@ -529,6 +529,8 @@ ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. allow_url_fopen = On +; Whether to allow code execution through URL wrappers +allow_url_include = Off ; Define the anonymous ftp password (your email address) ;from=[EMAIL PROTECTED] http://cvs.php.net/diff.php/php-src/php.ini-recommended?r1=1.186r2=1.187ty=u Index: php-src/php.ini-recommended diff -u php-src/php.ini-recommended:1.186 php-src/php.ini-recommended:1.187 --- php-src/php.ini-recommended:1.186 Mon Nov 14 18:14:54 2005 +++ php-src/php.ini-recommended Fri Nov 18 11:20:41 2005 @@ -586,6 +586,8 @@ ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. allow_url_fopen = On +; Whether to allow code execution through URL wrappers +allow_url_include = Off ; Define the anonymous ftp password (your email address) ;from=[EMAIL PROTECTED] http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.651r2=1.652ty=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.651 php-src/main/main.c:1.652 --- php-src/main/main.c:1.651 Tue Nov 15 06:14:34 2005 +++ php-src/main/main.c Fri Nov 18 11:20:43 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.651 2005/11/15 11:14:34 dmitry Exp $ */ +/* $Id: main.c,v 1.652 2005/11/18 16:20:43 rasmus Exp $ */ /* {{{ includes */ @@ -439,6 +439,7 @@ PHP_INI_ENTRY(disable_classes,, PHP_INI_SYSTEM, NULL) STD_PHP_INI_BOOLEAN(allow_url_fopen, 1, PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN(allow_url_include,0, PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN(always_populate_raw_post_data,0, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals) #ifdef REALPATH_CACHE STD_PHP_INI_ENTRY(realpath_cache_size, 16K, PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals) http://cvs.php.net/diff.php/php-src/main/php_globals.h?r1=1.98r2=1.99ty=u Index: php-src/main/php_globals.h diff -u php-src/main/php_globals.h:1.98 php-src/main/php_globals.h:1.99 --- php-src/main/php_globals.h:1.98 Wed Aug 3 10:08:33 2005 +++ php-src/main/php_globals.h Fri Nov 18 11:20:43 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_globals.h,v 1.98 2005/08/03 14:08:33 sniper Exp $ */ +/* $Id: php_globals.h,v 1.99 2005/11/18 16:20:43 rasmus Exp $ */ #ifndef PHP_GLOBALS_H #define PHP_GLOBALS_H @@ -150,6 +150,7 @@ char *disable_functions; char *disable_classes; + zend_bool allow_url_include; }; http://cvs.php.net/diff.php/php-src/main/streams/streams.c?r1=1.89r2=1.90ty=u Index: php-src/main/streams/streams.c diff -u php-src/main/streams/streams.c:1.89 php-src/main/streams/streams.c:1.90 --- php-src/main/streams/streams.c:1.89 Wed Oct 5 17:46:28 2005 +++ php-src/main/streams/streams.c Fri Nov 18 11:20:43 2005 @@ -19,7 +19,7 @@ +--+ */ -/* $Id: streams.c,v 1.89 2005/10/05 21:46:28 tony2001 Exp $ */ +/* $Id: streams.c,v 1.90 2005/11/18 16:20:43 rasmus Exp $ */ #define _GNU_SOURCE #include php.h @@ -2205,7 +2205,7 @@ return php_plain_files_wrapper; } - if (wrapper wrapper-is_url !PG(allow_url_fopen)) { + if ((wrapper wrapper-is_url) (!PG(allow_url_fopen) || (options STREAM_OPEN_FOR_INCLUDE) !PG(allow_url_include)) ) { if (options REPORT_ERRORS) { php_error_docref(NULL TSRMLS_CC, E_WARNING, URL file-access is disabled in the server configuration); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h php_variables.c
sniper Sun Jan 25 23:15:09 2004 EDT Modified files: /php-srcphp.ini-dist php.ini-recommended /php-src/main main.c php_globals.h php_variables.c Log: - Remove gpc_order since it doesn't serve any purpose. http://cvs.php.net/diff.php/php-src/php.ini-dist?r1=1.204r2=1.205ty=u Index: php-src/php.ini-dist diff -u php-src/php.ini-dist:1.204 php-src/php.ini-dist:1.205 --- php-src/php.ini-dist:1.204 Sun Jan 25 10:18:02 2004 +++ php-src/php.ini-distSun Jan 25 23:15:04 2004 @@ -382,9 +382,6 @@ ; Maximum size of POST data that PHP will accept. post_max_size = 8M -; This directive is deprecated. Use variables_order instead. -gpc_order = GPC - ; Magic quotes ; @@ -531,7 +528,7 @@ ;Windows Extensions -;Note that ODBC support is now built in, so no dll is needed for it. +;Note that ODBC support is built in, so no dll is needed for it. ; ;extension=php_bz2.dll ;extension=php_cpdf.dll http://cvs.php.net/diff.php/php-src/php.ini-recommended?r1=1.149r2=1.150ty=u Index: php-src/php.ini-recommended diff -u php-src/php.ini-recommended:1.149 php-src/php.ini-recommended:1.150 --- php-src/php.ini-recommended:1.149 Sun Jan 25 10:18:02 2004 +++ php-src/php.ini-recommended Sun Jan 25 23:15:04 2004 @@ -401,9 +401,6 @@ ; Maximum size of POST data that PHP will accept. post_max_size = 8M -; This directive is deprecated. Use variables_order instead. -gpc_order = GPC - ; Magic quotes ; @@ -550,7 +547,7 @@ ;Windows Extensions -;Note that ODBC support is now built in, so no dll is needed for it. +;Note that ODBC support is built in, so no dll is needed for it. ; ;extension=php_bz2.dll ;extension=php_cpdf.dll http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.585r2=1.586ty=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.585 php-src/main/main.c:1.586 --- php-src/main/main.c:1.585 Thu Jan 8 03:17:53 2004 +++ php-src/main/main.c Sun Jan 25 23:15:08 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.585 2004/01/08 08:17:53 andi Exp $ */ +/* $Id: main.c,v 1.586 2004/01/26 04:15:08 sniper Exp $ */ /* {{{ includes */ @@ -297,7 +297,6 @@ STD_PHP_INI_ENTRY(default_mimetype, SAPI_DEFAULT_MIMETYPE, PHP_INI_ALL,OnUpdateString, default_mimetype, sapi_globals_struct,sapi_globals) STD_PHP_INI_ENTRY(error_log, NULL, PHP_INI_ALL,OnUpdateString, error_log, php_core_globals, core_globals) STD_PHP_INI_ENTRY(extension_dir, PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals) - STD_PHP_INI_ENTRY(gpc_order, GPC, PHP_INI_ALL,OnUpdateStringUnempty, gpc_order, php_core_globals, core_globals) STD_PHP_INI_ENTRY(include_path, PHP_INCLUDE_PATH, PHP_INI_ALL,OnUpdateStringUnempty, include_path, php_core_globals, core_globals) PHP_INI_ENTRY(max_execution_time, 30, PHP_INI_ALL,OnUpdateTimeout) STD_PHP_INI_ENTRY(open_basedir, NULL, PHP_INI_SYSTEM, OnUpdateString, open_basedir, php_core_globals, core_globals) @@ -309,7 +308,7 @@ STD_PHP_INI_ENTRY(upload_tmp_dir, NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY(user_dir, NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals) - STD_PHP_INI_ENTRY(variables_order,NULL, PHP_INI_ALL, OnUpdateStringUnempty, variables_order,php_core_globals, core_globals) + STD_PHP_INI_ENTRY(variables_order,EGPCS,PHP_INI_ALL, OnUpdateStringUnempty, variables_order,php_core_globals, core_globals) STD_PHP_INI_ENTRY(error_append_string,NULL, PHP_INI_ALL, OnUpdateString, error_append_string,php_core_globals, core_globals) STD_PHP_INI_ENTRY(error_prepend_string, NULL, PHP_INI_ALL, OnUpdateString, error_prepend_string, php_core_globals, core_globals) http://cvs.php.net/diff.php/php-src/main/php_globals.h?r1=1.95r2=1.96ty=u Index: php-src/main/php_globals.h diff -u php-src/main/php_globals.h:1.95 php-src/main/php_globals.h:1.96 ---