pajoye Wed, 28 Oct 2009 11:03:36 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=290025
Log: - Merge revision 289990, introduce new INI setting max_file_uploads [DOC] added to 5.2 as well Changed paths: _U php/php-src/branches/PHP_5_3_1/ UU php/php-src/branches/PHP_5_3_1/NEWS _U php/php-src/branches/PHP_5_3_1/ext/mysql/ _U php/php-src/branches/PHP_5_3_1/ext/mysqli/ _U php/php-src/branches/PHP_5_3_1/ext/mysqlnd/ _U php/php-src/branches/PHP_5_3_1/ext/pdo_mysql/ _U php/php-src/branches/PHP_5_3_1/ext/tidy/tests/ U php/php-src/branches/PHP_5_3_1/main/main.c U php/php-src/branches/PHP_5_3_1/main/rfc1867.c U php/php-src/branches/PHP_5_3_1/php.ini-development U php/php-src/branches/PHP_5_3_1/php.ini-production _U php/php-src/branches/PHP_5_3_1/tests/security/open_basedir_parse_ini_file.phpt
Property changes on: php/php-src/branches/PHP_5_3_1 ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779 /php/php-src/trunk:284726 + /php/php-src/branches/PHP_5_3:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990 /php/php-src/trunk:284726 Modified: php/php-src/branches/PHP_5_3_1/NEWS =================================================================== --- php/php-src/branches/PHP_5_3_1/NEWS 2009-10-28 10:14:29 UTC (rev 290024) +++ php/php-src/branches/PHP_5_3_1/NEWS 2009-10-28 11:03:36 UTC (rev 290025) @@ -1,6 +1,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2009, PHP 5.3.1 RC3 +- Added "max_file_uploads" INI directive, which can be set to limit the + number of file uploads per-request to 100 by default, to prevent possible + DOS via temporary file exhaustion. (Ilia) + - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) - Fixed bug #49986 (Missing ICU DLLs on windows package). (Pierre) Property changes on: php/php-src/branches/PHP_5_3_1/NEWS ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/NEWS:288028,288034,288067,288081,288083,288085,288087-288088,288096,288111,288116-288117,288159,288202-288204,288208,288215,288246,288263,288265,288267,288329,288339,288351,288354,288378-288379,288393,288396,288411,288437,288439,288446-288448,288462,288510-288511,288514-288518,288522-288524,288531,288537,288541,288547-288548,288555,288562,288571,288575,288580,288583,288585,288598,288603,288638,288644,288653,288676,288679,288705,288741,288743,288745-288747,288749,288784,288793,288834,288892-288893,288896,288940,288943,288945,288953,288973,289004,289019,289027-289028,289030,289039,289046,289049,289076,289123,289214,289216,289247,289249,289285,289339,289341,289351,289366,289368,289372,289445-289446,289531,289546-289547,289557,289568,289581,289587,289612,289621-289624,289666-289667,289779 /php/php-src/trunk/NEWS:284726 + /php/php-src/branches/PHP_5_3/NEWS:288028,288034,288067,288081,288083,288085,288087-288088,288096,288111,288116-288117,288159,288202-288204,288208,288215,288246,288263,288265,288267,288329,288339,288351,288354,288378-288379,288393,288396,288411,288437,288439,288446-288448,288462,288510-288511,288514-288518,288522-288524,288531,288537,288541,288547-288548,288555,288562,288571,288575,288580,288583,288585,288598,288603,288638,288644,288653,288676,288679,288705,288741,288743,288745-288747,288749,288784,288793,288834,288892-288893,288896,288940,288943,288945,288953,288973,289004,289019,289027-289028,289030,289039,289046,289049,289076,289123,289214,289216,289247,289249,289285,289339,289341,289351,289366,289368,289372,289445-289446,289531,289546-289547,289557,289568,289581,289587,289612,289621-289624,289666-289667,289779,289990 /php/php-src/trunk/NEWS:284726 Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysql ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/ext/mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779 /php/php-src/trunk/ext/mysql:284726 + /php/php-src/branches/PHP_5_3/ext/mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990 /php/php-src/trunk/ext/mysql:284726 Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysqli ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/ext/mysqli:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779 /php/php-src/trunk/ext/mysqli:284726 + /php/php-src/branches/PHP_5_3/ext/mysqli:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990 /php/php-src/trunk/ext/mysqli:284726 Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysqlnd ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/ext/mysqlnd:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779 /php/php-src/trunk/ext/mysqlnd:284726 + /php/php-src/branches/PHP_5_3/ext/mysqlnd:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990 /php/php-src/trunk/ext/mysqlnd:284726 Property changes on: php/php-src/branches/PHP_5_3_1/ext/pdo_mysql ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/ext/pdo_mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779 /php/php-src/trunk/ext/pdo_mysql:284726 + /php/php-src/branches/PHP_5_3/ext/pdo_mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990 /php/php-src/trunk/ext/pdo_mysql:284726 Property changes on: php/php-src/branches/PHP_5_3_1/ext/tidy/tests ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/ext/tidy/tests:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779 /php/php-src/trunk/ext/tidy/tests:284726,287798-287941 + /php/php-src/branches/PHP_5_3/ext/tidy/tests:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990 /php/php-src/trunk/ext/tidy/tests:284726,287798-287941 Modified: php/php-src/branches/PHP_5_3_1/main/main.c =================================================================== --- php/php-src/branches/PHP_5_3_1/main/main.c 2009-10-28 10:14:29 UTC (rev 290024) +++ php/php-src/branches/PHP_5_3_1/main/main.c 2009-10-28 11:03:36 UTC (rev 290025) @@ -515,6 +515,7 @@ PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra) PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("max_file_uploads", "100", PHP_INI_SYSTEM, NULL) STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) Modified: php/php-src/branches/PHP_5_3_1/main/rfc1867.c =================================================================== --- php/php-src/branches/PHP_5_3_1/main/rfc1867.c 2009-10-28 10:14:29 UTC (rev 290024) +++ php/php-src/branches/PHP_5_3_1/main/rfc1867.c 2009-10-28 11:03:36 UTC (rev 290025) @@ -795,7 +795,13 @@ zend_llist header; void *event_extra_data = NULL; int llen = 0; + char *max_uploads = INI_STR("max_file_uploads"); + int upload_cnt = 0; + if (max_uploads && *max_uploads) { + upload_cnt = atoi(max_uploads); + } + if (SG(request_info).content_length > SG(post_max_size)) { sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); return; @@ -973,6 +979,9 @@ /* If file_uploads=off, skip the file part */ if (!PG(file_uploads)) { skip_upload = 1; + } else if (upload_cnt <= 0) { + skip_upload = 1; + sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded"); } /* Return with an error if the posted data is garbled */ @@ -1017,6 +1026,7 @@ if (!skip_upload) { /* Handle file */ fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC); + upload_cnt--; if (fd==-1) { sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file"); cancel_upload = UPLOAD_ERROR_E; Modified: php/php-src/branches/PHP_5_3_1/php.ini-development =================================================================== --- php/php-src/branches/PHP_5_3_1/php.ini-development 2009-10-28 10:14:29 UTC (rev 290024) +++ php/php-src/branches/PHP_5_3_1/php.ini-development 2009-10-28 11:03:36 UTC (rev 290025) @@ -878,6 +878,9 @@ ; http://php.net/upload-max-filesize upload_max_filesize = 2M +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 100 + ;;;;;;;;;;;;;;;;;; ; Fopen wrappers ; ;;;;;;;;;;;;;;;;;; Modified: php/php-src/branches/PHP_5_3_1/php.ini-production =================================================================== --- php/php-src/branches/PHP_5_3_1/php.ini-production 2009-10-28 10:14:29 UTC (rev 290024) +++ php/php-src/branches/PHP_5_3_1/php.ini-production 2009-10-28 11:03:36 UTC (rev 290025) @@ -878,6 +878,9 @@ ; http://php.net/upload-max-filesize upload_max_filesize = 2M +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 100 + ;;;;;;;;;;;;;;;;;; ; Fopen wrappers ; ;;;;;;;;;;;;;;;;;; Property changes on: php/php-src/branches/PHP_5_3_1/tests/security/open_basedir_parse_ini_file.phpt ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779 /php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951 + /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990 /php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php