subject:"\[PHP\-CVS\] cvs\: php\-src \/ php.ini\-dist php.ini\-recommended \/main main.c php

[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h php_variables.c

2008-03-12 Thread Stanislav Malyshev

stasWed Mar 12 20:53:04 2008 UTC

  Modified files:  
/php-srcphp.ini-dist php.ini-recommended 
/php-src/main   main.c php_globals.h php_variables.c 
  Log:
  MFB: add request_order INI variable to control $_REQUEST content
  # if not set (default), variables_order still is used
  # request_order accepts G,P and C
  
  
http://cvs.php.net/viewvc.cgi/php-src/php.ini-dist?r1=1.272r2=1.273diff_format=u
Index: php-src/php.ini-dist
diff -u php-src/php.ini-dist:1.272 php-src/php.ini-dist:1.273
--- php-src/php.ini-dist:1.272  Thu Feb 21 13:36:24 2008
+++ php-src/php.ini-distWed Mar 12 20:53:04 2008
@@ -360,6 +360,12 @@
 ; values override older values.
 variables_order = EGPCS
 
+; This directive describes the order in which PHP registers GET, POST and 
Cookie
+; variables into the _REQUEST array. Registration is done from left to right, 
+; newer values override older values.
+; If this directive is not set, variables_order is used for _REQUEST contents.
+; request_order = GP
+ 
 ; This directive tells PHP whether to declare the argvargc variables (that
 ; would contain the GET information).  If you don't use these variables, you
 ; should turn it off for increased performance.
http://cvs.php.net/viewvc.cgi/php-src/php.ini-recommended?r1=1.222r2=1.223diff_format=u
Index: php-src/php.ini-recommended
diff -u php-src/php.ini-recommended:1.222 php-src/php.ini-recommended:1.223
--- php-src/php.ini-recommended:1.222   Thu Feb 21 13:36:25 2008
+++ php-src/php.ini-recommended Wed Mar 12 20:53:04 2008
@@ -399,6 +399,12 @@
 ; values override older values.
 variables_order = GPCS
 
+; This directive describes the order in which PHP registers GET, POST and 
Cookie
+; variables into the _REQUEST array. Registration is done from left to right, 
+; newer values override older values.
+; If this directive is not set, variables_order is used for _REQUEST contents.
+request_order = GP
+
 ; This directive tells PHP whether to declare the argvargc variables (that
 ; would contain the GET information).  If you don't use these variables, you
 ; should turn it off for increased performance.
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.763r2=1.764diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.763 php-src/main/main.c:1.764
--- php-src/main/main.c:1.763   Sat Mar  8 22:17:32 2008
+++ php-src/main/main.c Wed Mar 12 20:53:04 2008
@@ -18,7 +18,7 @@
+--+
 */
 
-/* $Id: main.c,v 1.763 2008/03/08 22:17:32 colder Exp $ */
+/* $Id: main.c,v 1.764 2008/03/12 20:53:04 stas Exp $ */
 
 /* {{{ includes
  */
@@ -529,6 +529,7 @@
 
STD_PHP_INI_ENTRY(user_dir,   NULL,   
PHP_INI_SYSTEM, OnUpdateString, user_dir,   
php_core_globals,   core_globals)
STD_PHP_INI_ENTRY(variables_order,EGPCS,
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateStringUnempty,  
variables_order,php_core_globals,   core_globals)
+   STD_PHP_INI_ENTRY(request_order,  NULL,   
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateString, request_order,  
php_core_globals,   core_globals)
 
STD_PHP_INI_ENTRY(error_append_string,NULL,   
PHP_INI_ALL,OnUpdateString, error_append_string,
php_core_globals,   core_globals)
STD_PHP_INI_ENTRY(error_prepend_string,   NULL,   
PHP_INI_ALL,OnUpdateString, error_prepend_string,   
php_core_globals,   core_globals)
http://cvs.php.net/viewvc.cgi/php-src/main/php_globals.h?r1=1.116r2=1.117diff_format=u
Index: php-src/main/php_globals.h
diff -u php-src/main/php_globals.h:1.116 php-src/main/php_globals.h:1.117
--- php-src/main/php_globals.h:1.116Sat Mar  8 22:17:32 2008
+++ php-src/main/php_globals.h  Wed Mar 12 20:53:04 2008
@@ -16,7 +16,7 @@
+--+
 */
 
-/* $Id: php_globals.h,v 1.116 2008/03/08 22:17:32 colder Exp $ */
+/* $Id: php_globals.h,v 1.117 2008/03/12 20:53:04 stas Exp $ */
 
 #ifndef PHP_GLOBALS_H
 #define PHP_GLOBALS_H
@@ -148,6 +148,8 @@
 
char *user_ini_filename;
long user_ini_cache_ttl;
+
+   char *request_order;
 };
 
 
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.145r2=1.146diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.145 php-src/main/php_variables.c:1.146
--- php-src/main/php_variables.c:1.145  Mon Dec 31 07:12:18 2007
+++ php-src/main/php_variables.cWed Mar 12 20:53:04 2008
@@ -17,7 +17,7 @@
+--+
  */
 
-/* $Id: php_variables.c,v 1.145 2007/12/31 07:12:18 sebastian Exp $ */
+/* $Id: php_variables.c,v 1.146 2008/03/12 20:53:04 stas Exp $ */
 
 #include

[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h

2007-07-24 Thread Jani Taskinen

janiTue Jul 24 14:18:47 2007 UTC

  Modified files:  
/php-srcphp.ini-dist php.ini-recommended 
/php-src/main   main.c php_globals.h 
  Log:
  - Changed display_errors php.ini option to accept stderr as value which
makes the error messages to be outputted to STDERR instead of STDOUT with
CGI and CLI SAPIs.
  
  
http://cvs.php.net/viewvc.cgi/php-src/php.ini-dist?r1=1.266r2=1.267diff_format=u
Index: php-src/php.ini-dist
diff -u php-src/php.ini-dist:1.266 php-src/php.ini-dist:1.267
--- php-src/php.ini-dist:1.266  Thu Jun 21 09:01:57 2007
+++ php-src/php.ini-distTue Jul 24 14:18:47 2007
@@ -256,6 +256,16 @@
 ; instead (see below).  Keeping display_errors enabled on a production web site
 ; may reveal security information to end users, such as file paths on your Web
 ; server, your database schema or other information.
+;
+; possible values for display_errors:
+;
+; Off- Do not display any errors
+; stderr - Display errors to STDERR (affects only CGI/CLI binaries!)
+;
+;display_errors = stderr
+;
+; stdout (On) - Display errors to STDOUT
+;
 display_errors = On
 
 ; Even when display_errors is on, errors that occur during PHP's startup
http://cvs.php.net/viewvc.cgi/php-src/php.ini-recommended?r1=1.216r2=1.217diff_format=u
Index: php-src/php.ini-recommended
diff -u php-src/php.ini-recommended:1.216 php-src/php.ini-recommended:1.217
--- php-src/php.ini-recommended:1.216   Thu Jun 21 09:01:57 2007
+++ php-src/php.ini-recommended Tue Jul 24 14:18:47 2007
@@ -292,6 +292,18 @@
 ; instead (see below).  Keeping display_errors enabled on a production web site
 ; may reveal security information to end users, such as file paths on your Web
 ; server, your database schema or other information.
+;
+; possible values for display_errors:
+;
+; Off  - Do not display any errors 
+; stderr   - Display errors to STDERR (affects only CGI/CLI binaries!)   
+; On or stdout - Display errors to STDOUT (default)
+;  
+; To output errors to STDERR with CGI/CLI:  
+;display_errors = stderr
+;
+; Default
+;
 display_errors = Off
 
 ; Even when display_errors is on, errors that occur during PHP's startup
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.739r2=1.740diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.739 php-src/main/main.c:1.740
--- php-src/main/main.c:1.739   Tue Jul 24 13:29:39 2007
+++ php-src/main/main.c Tue Jul 24 14:18:47 2007
@@ -18,7 +18,7 @@
+--+
 */
 
-/* $Id: main.c,v 1.739 2007/07/24 13:29:39 jani Exp $ */
+/* $Id: main.c,v 1.740 2007/07/24 14:18:47 jani Exp $ */
 
 /* {{{ includes
  */
@@ -332,6 +332,89 @@
 }
 /* }}} */
 
+/* {{{ php_get_display_errors_mode() helper function
+ */
+static int php_get_display_errors_mode(char *value, int value_length)
+{
+   int mode;
+
+   if (value_length == 2  !strcasecmp(on, value)) {
+   mode = PHP_DISPLAY_ERRORS_STDOUT;
+   } else if (value_length == 3  !strcasecmp(yes, value)) {
+   mode = PHP_DISPLAY_ERRORS_STDOUT;
+   } else if (value_length == 4  !strcasecmp(true, value)) {
+   mode = PHP_DISPLAY_ERRORS_STDOUT;
+   } else if (value_length == 6  !strcasecmp(value, stderr)) {
+   mode = PHP_DISPLAY_ERRORS_STDERR;
+   } else if (value_length == 6  !strcasecmp(value, stdout)) {
+   mode = PHP_DISPLAY_ERRORS_STDOUT;
+   } else {
+   mode = atoi(value);
+   if (mode  mode != PHP_DISPLAY_ERRORS_STDOUT  mode != 
PHP_DISPLAY_ERRORS_STDERR) {
+   mode = PHP_DISPLAY_ERRORS_STDOUT;
+   }
+   }
+   return mode;
+}
+/* }}} */
+
+/* {{{ PHP_INI_MH
+ */
+static PHP_INI_MH(OnUpdateDisplayErrors)
+{
+   PG(display_errors) = (zend_bool) php_get_display_errors_mode(new_value, 
new_value_length);
+
+   return SUCCESS;
+}
+/* }}} */
+
+/* {{{ PHP_INI_DISP
+ */
+static PHP_INI_DISP(display_errors_mode)
+{
+   int mode, tmp_value_length, cgi_or_cli;
+   char *tmp_value;
+
+   if (type == ZEND_INI_DISPLAY_ORIG  ini_entry-modified) {
+   tmp_value = (ini_entry-orig_value ? ini_entry-orig_value : 
NULL );
+   tmp_value_length = ini_entry-orig_value_length;
+   } else if (ini_entry-value) {
+   tmp_value = ini_entry-value;
+   tmp_value_length = ini_entry-value_length;
+   } else {
+   tmp_value = NULL;
+   tmp_value_length = 0;
+   }
+
+   mode = php_get_display_errors_mode(tmp_value, tmp_value_length);
+
+   /* Display 'On' for other SAPIs instead of STDOUT or STDERR */
+   cgi_or_cli = (!strcmp(sapi_module.name, cli) || 
!strcmp(sapi_module.name, cgi));
+
+   switch (mode) {
+   case PHP_DISPLAY_ERRORS_STDERR:
+   if (cgi_or_cli ) {
+   PUTS(STDERR);
+   } else {

[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h /main/streams streams.c

2005-11-18 Thread Rasmus Lerdorf

rasmus  Fri Nov 18 11:20:43 2005 EDT

  Modified files:  
/php-srcphp.ini-dist php.ini-recommended 
/php-src/main   main.c php_globals.h 
/php-src/main/streams   streams.c 
  Log:
  Add allow_url_include to let people turn on allow_url_fopen without also
  enabling remote code execution through url wrappers
  
  
http://cvs.php.net/diff.php/php-src/php.ini-dist?r1=1.237r2=1.238ty=u
Index: php-src/php.ini-dist
diff -u php-src/php.ini-dist:1.237 php-src/php.ini-dist:1.238
--- php-src/php.ini-dist:1.237  Mon Nov 14 18:14:54 2005
+++ php-src/php.ini-distFri Nov 18 11:20:41 2005
@@ -529,6 +529,8 @@
 
 ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
 allow_url_fopen = On
+; Whether to allow code execution through URL wrappers
+allow_url_include = Off
 
 ; Define the anonymous ftp password (your email address)
 ;from=[EMAIL PROTECTED]
http://cvs.php.net/diff.php/php-src/php.ini-recommended?r1=1.186r2=1.187ty=u
Index: php-src/php.ini-recommended
diff -u php-src/php.ini-recommended:1.186 php-src/php.ini-recommended:1.187
--- php-src/php.ini-recommended:1.186   Mon Nov 14 18:14:54 2005
+++ php-src/php.ini-recommended Fri Nov 18 11:20:41 2005
@@ -586,6 +586,8 @@
 
 ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
 allow_url_fopen = On
+; Whether to allow code execution through URL wrappers
+allow_url_include = Off
 
 ; Define the anonymous ftp password (your email address)
 ;from=[EMAIL PROTECTED]
http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.651r2=1.652ty=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.651 php-src/main/main.c:1.652
--- php-src/main/main.c:1.651   Tue Nov 15 06:14:34 2005
+++ php-src/main/main.c Fri Nov 18 11:20:43 2005
@@ -18,7 +18,7 @@
+--+
 */
 
-/* $Id: main.c,v 1.651 2005/11/15 11:14:34 dmitry Exp $ */
+/* $Id: main.c,v 1.652 2005/11/18 16:20:43 rasmus Exp $ */
 
 /* {{{ includes
  */
@@ -439,6 +439,7 @@
PHP_INI_ENTRY(disable_classes,, 
PHP_INI_SYSTEM, NULL)
 
STD_PHP_INI_BOOLEAN(allow_url_fopen,  1,
PHP_INI_SYSTEM, OnUpdateBool,   allow_url_fopen,
php_core_globals,   core_globals)
+   STD_PHP_INI_BOOLEAN(allow_url_include,0,
PHP_INI_SYSTEM, OnUpdateBool,   allow_url_include,  
php_core_globals,   core_globals)
STD_PHP_INI_BOOLEAN(always_populate_raw_post_data,0,
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateBool,   
always_populate_raw_post_data,  php_core_globals,   
core_globals)
 #ifdef REALPATH_CACHE
STD_PHP_INI_ENTRY(realpath_cache_size, 16K, PHP_INI_SYSTEM, 
OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals)
http://cvs.php.net/diff.php/php-src/main/php_globals.h?r1=1.98r2=1.99ty=u
Index: php-src/main/php_globals.h
diff -u php-src/main/php_globals.h:1.98 php-src/main/php_globals.h:1.99
--- php-src/main/php_globals.h:1.98 Wed Aug  3 10:08:33 2005
+++ php-src/main/php_globals.h  Fri Nov 18 11:20:43 2005
@@ -16,7 +16,7 @@
+--+
 */
 
-/* $Id: php_globals.h,v 1.98 2005/08/03 14:08:33 sniper Exp $ */
+/* $Id: php_globals.h,v 1.99 2005/11/18 16:20:43 rasmus Exp $ */
 
 #ifndef PHP_GLOBALS_H
 #define PHP_GLOBALS_H
@@ -150,6 +150,7 @@
 
char *disable_functions;
char *disable_classes;
+   zend_bool allow_url_include;
 };
 
 
http://cvs.php.net/diff.php/php-src/main/streams/streams.c?r1=1.89r2=1.90ty=u
Index: php-src/main/streams/streams.c
diff -u php-src/main/streams/streams.c:1.89 php-src/main/streams/streams.c:1.90
--- php-src/main/streams/streams.c:1.89 Wed Oct  5 17:46:28 2005
+++ php-src/main/streams/streams.c  Fri Nov 18 11:20:43 2005
@@ -19,7 +19,7 @@
+--+
  */
 
-/* $Id: streams.c,v 1.89 2005/10/05 21:46:28 tony2001 Exp $ */
+/* $Id: streams.c,v 1.90 2005/11/18 16:20:43 rasmus Exp $ */
 
 #define _GNU_SOURCE
 #include php.h
@@ -2205,7 +2205,7 @@
return php_plain_files_wrapper;
}
 
-   if (wrapper  wrapper-is_url  !PG(allow_url_fopen)) {
+   if ((wrapper  wrapper-is_url)  (!PG(allow_url_fopen) || (options  
STREAM_OPEN_FOR_INCLUDE)  !PG(allow_url_include)) ) {
if (options  REPORT_ERRORS) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, URL 
file-access is disabled in the server configuration);
}

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h php_variables.c

2004-01-25 Thread Jani Taskinen

sniper  Sun Jan 25 23:15:09 2004 EDT

  Modified files:  
/php-srcphp.ini-dist php.ini-recommended 
/php-src/main   main.c php_globals.h php_variables.c 
  Log:
  - Remove gpc_order since it doesn't serve any purpose.
  
  
http://cvs.php.net/diff.php/php-src/php.ini-dist?r1=1.204r2=1.205ty=u
Index: php-src/php.ini-dist
diff -u php-src/php.ini-dist:1.204 php-src/php.ini-dist:1.205
--- php-src/php.ini-dist:1.204  Sun Jan 25 10:18:02 2004
+++ php-src/php.ini-distSun Jan 25 23:15:04 2004
@@ -382,9 +382,6 @@
 ; Maximum size of POST data that PHP will accept.
 post_max_size = 8M
 
-; This directive is deprecated.  Use variables_order instead.
-gpc_order = GPC
-
 ; Magic quotes
 ;
 
@@ -531,7 +528,7 @@
 
 
 ;Windows Extensions
-;Note that ODBC support is now built in, so no dll is needed for it.
+;Note that ODBC support is built in, so no dll is needed for it.
 ;
 ;extension=php_bz2.dll
 ;extension=php_cpdf.dll
http://cvs.php.net/diff.php/php-src/php.ini-recommended?r1=1.149r2=1.150ty=u
Index: php-src/php.ini-recommended
diff -u php-src/php.ini-recommended:1.149 php-src/php.ini-recommended:1.150
--- php-src/php.ini-recommended:1.149   Sun Jan 25 10:18:02 2004
+++ php-src/php.ini-recommended Sun Jan 25 23:15:04 2004
@@ -401,9 +401,6 @@
 ; Maximum size of POST data that PHP will accept.
 post_max_size = 8M
 
-; This directive is deprecated.  Use variables_order instead.
-gpc_order = GPC
-
 ; Magic quotes
 ;
 
@@ -550,7 +547,7 @@
 
 
 ;Windows Extensions
-;Note that ODBC support is now built in, so no dll is needed for it.
+;Note that ODBC support is built in, so no dll is needed for it.
 ;
 ;extension=php_bz2.dll
 ;extension=php_cpdf.dll
http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.585r2=1.586ty=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.585 php-src/main/main.c:1.586
--- php-src/main/main.c:1.585   Thu Jan  8 03:17:53 2004
+++ php-src/main/main.c Sun Jan 25 23:15:08 2004
@@ -18,7 +18,7 @@
+--+
 */
 
-/* $Id: main.c,v 1.585 2004/01/08 08:17:53 andi Exp $ */
+/* $Id: main.c,v 1.586 2004/01/26 04:15:08 sniper Exp $ */
 
 /* {{{ includes
  */
@@ -297,7 +297,6 @@
STD_PHP_INI_ENTRY(default_mimetype,   SAPI_DEFAULT_MIMETYPE,  
PHP_INI_ALL,OnUpdateString, default_mimetype,   
sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY(error_log,  NULL,   
PHP_INI_ALL,OnUpdateString, error_log, 
 php_core_globals,   core_globals)
STD_PHP_INI_ENTRY(extension_dir,  PHP_EXTENSION_DIR, 
 PHP_INI_SYSTEM, OnUpdateStringUnempty,  extension_dir,
  php_core_globals,   core_globals)
-   STD_PHP_INI_ENTRY(gpc_order,  GPC,  
PHP_INI_ALL,OnUpdateStringUnempty,  gpc_order, 
 php_core_globals,   core_globals)
STD_PHP_INI_ENTRY(include_path,   PHP_INCLUDE_PATH,  
 PHP_INI_ALL,OnUpdateStringUnempty,  include_path, 
  php_core_globals,   core_globals)
PHP_INI_ENTRY(max_execution_time, 30,   
PHP_INI_ALL,OnUpdateTimeout)
STD_PHP_INI_ENTRY(open_basedir,   NULL,   
PHP_INI_SYSTEM, OnUpdateString, open_basedir,  
 php_core_globals,   core_globals)
@@ -309,7 +308,7 @@
STD_PHP_INI_ENTRY(upload_tmp_dir, NULL,   
PHP_INI_SYSTEM, OnUpdateStringUnempty,  upload_tmp_dir, 
php_core_globals,   core_globals)
 
STD_PHP_INI_ENTRY(user_dir,   NULL,   
PHP_INI_SYSTEM, OnUpdateString, user_dir,  
 php_core_globals,   core_globals)
-   STD_PHP_INI_ENTRY(variables_order,NULL,   PHP_INI_ALL,   
 OnUpdateStringUnempty,  variables_order,php_core_globals, 
  core_globals)
+   STD_PHP_INI_ENTRY(variables_order,EGPCS,PHP_INI_ALL,   
 OnUpdateStringUnempty,  variables_order,php_core_globals, 
  core_globals)
 
STD_PHP_INI_ENTRY(error_append_string,NULL,   PHP_INI_ALL,   
 OnUpdateString, error_append_string,php_core_globals, 
  core_globals)
STD_PHP_INI_ENTRY(error_prepend_string,   NULL,   PHP_INI_ALL,   
 OnUpdateString, error_prepend_string,   php_core_globals, 
  core_globals)
http://cvs.php.net/diff.php/php-src/main/php_globals.h?r1=1.95r2=1.96ty=u
Index: php-src/main/php_globals.h
diff -u php-src/main/php_globals.h:1.95 php-src/main/php_globals.h:1.96
---

[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h php_variables.c

[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h

[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h /main/streams streams.c

[PHP-CVS] cvs: php-src / php.ini-dist php.ini-recommended /main main.c php_globals.h php_variables.c

4 matches

Site Navigation

Mail list logo

Footer information