pajoye                                   Wed, 28 Oct 2009 11:03:36 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=290025

Log:
- Merge revision 289990, introduce new INI setting max_file_uploads [DOC] added 
to 5.2 as well

Changed paths:
    _U  php/php-src/branches/PHP_5_3_1/
    UU  php/php-src/branches/PHP_5_3_1/NEWS
    _U  php/php-src/branches/PHP_5_3_1/ext/mysql/
    _U  php/php-src/branches/PHP_5_3_1/ext/mysqli/
    _U  php/php-src/branches/PHP_5_3_1/ext/mysqlnd/
    _U  php/php-src/branches/PHP_5_3_1/ext/pdo_mysql/
    _U  php/php-src/branches/PHP_5_3_1/ext/tidy/tests/
    U   php/php-src/branches/PHP_5_3_1/main/main.c
    U   php/php-src/branches/PHP_5_3_1/main/rfc1867.c
    U   php/php-src/branches/PHP_5_3_1/php.ini-development
    U   php/php-src/branches/PHP_5_3_1/php.ini-production
    _U  
php/php-src/branches/PHP_5_3_1/tests/security/open_basedir_parse_ini_file.phpt

Property changes on: php/php-src/branches/PHP_5_3_1
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779
/php/php-src/trunk:284726
   + /php/php-src/branches/PHP_5_3:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk:284726

Modified: php/php-src/branches/PHP_5_3_1/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3_1/NEWS	2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/NEWS	2009-10-28 11:03:36 UTC (rev 290025)
@@ -1,6 +1,10 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2009, PHP 5.3.1 RC3
+- Added "max_file_uploads" INI directive, which can be set to limit the
+  number of file uploads per-request to 100 by default, to prevent possible
+  DOS via temporary file exhaustion. (Ilia)
+
 - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)

 - Fixed bug #49986 (Missing ICU DLLs on windows package). (Pierre)


Property changes on: php/php-src/branches/PHP_5_3_1/NEWS
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/NEWS:288028,288034,288067,288081,288083,288085,288087-288088,288096,288111,288116-288117,288159,288202-288204,288208,288215,288246,288263,288265,288267,288329,288339,288351,288354,288378-288379,288393,288396,288411,288437,288439,288446-288448,288462,288510-288511,288514-288518,288522-288524,288531,288537,288541,288547-288548,288555,288562,288571,288575,288580,288583,288585,288598,288603,288638,288644,288653,288676,288679,288705,288741,288743,288745-288747,288749,288784,288793,288834,288892-288893,288896,288940,288943,288945,288953,288973,289004,289019,289027-289028,289030,289039,289046,289049,289076,289123,289214,289216,289247,289249,289285,289339,289341,289351,289366,289368,289372,289445-289446,289531,289546-289547,289557,289568,289581,289587,289612,289621-289624,289666-289667,289779
/php/php-src/trunk/NEWS:284726
   + /php/php-src/branches/PHP_5_3/NEWS:288028,288034,288067,288081,288083,288085,288087-288088,288096,288111,288116-288117,288159,288202-288204,288208,288215,288246,288263,288265,288267,288329,288339,288351,288354,288378-288379,288393,288396,288411,288437,288439,288446-288448,288462,288510-288511,288514-288518,288522-288524,288531,288537,288541,288547-288548,288555,288562,288571,288575,288580,288583,288585,288598,288603,288638,288644,288653,288676,288679,288705,288741,288743,288745-288747,288749,288784,288793,288834,288892-288893,288896,288940,288943,288945,288953,288973,289004,289019,289027-289028,289030,289039,289046,289049,289076,289123,289214,289216,289247,289249,289285,289339,289341,289351,289366,289368,289372,289445-289446,289531,289546-289547,289557,289568,289581,289587,289612,289621-289624,289666-289667,289779,289990
/php/php-src/trunk/NEWS:284726


Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysql
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/ext/mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/mysql:284726
   + /php/php-src/branches/PHP_5_3/ext/mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/mysql:284726


Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysqli
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/ext/mysqli:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/mysqli:284726
   + /php/php-src/branches/PHP_5_3/ext/mysqli:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/mysqli:284726


Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysqlnd
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/ext/mysqlnd:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/mysqlnd:284726
   + /php/php-src/branches/PHP_5_3/ext/mysqlnd:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/mysqlnd:284726


Property changes on: php/php-src/branches/PHP_5_3_1/ext/pdo_mysql
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/ext/pdo_mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/pdo_mysql:284726
   + /php/php-src/branches/PHP_5_3/ext/pdo_mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/pdo_mysql:284726


Property changes on: php/php-src/branches/PHP_5_3_1/ext/tidy/tests
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/ext/tidy/tests:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941
   + /php/php-src/branches/PHP_5_3/ext/tidy/tests:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941

Modified: php/php-src/branches/PHP_5_3_1/main/main.c
===================================================================
--- php/php-src/branches/PHP_5_3_1/main/main.c	2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/main/main.c	2009-10-28 11:03:36 UTC (rev 290025)
@@ -515,6 +515,7 @@
 	PHP_INI_ENTRY("mail.force_extra_parameters",NULL,		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnChangeMailForceExtra)
 	PHP_INI_ENTRY("disable_functions",			"",			PHP_INI_SYSTEM,		NULL)
 	PHP_INI_ENTRY("disable_classes",			"",			PHP_INI_SYSTEM,		NULL)
+	PHP_INI_ENTRY("max_file_uploads",			"100",			PHP_INI_SYSTEM,		NULL)

 	STD_PHP_INI_BOOLEAN("allow_url_fopen",		"1",		PHP_INI_SYSTEM,		OnUpdateBool,		allow_url_fopen,		php_core_globals,		core_globals)
 	STD_PHP_INI_BOOLEAN("allow_url_include",	"0",		PHP_INI_SYSTEM,		OnUpdateBool,		allow_url_include,		php_core_globals,		core_globals)

Modified: php/php-src/branches/PHP_5_3_1/main/rfc1867.c
===================================================================
--- php/php-src/branches/PHP_5_3_1/main/rfc1867.c	2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/main/rfc1867.c	2009-10-28 11:03:36 UTC (rev 290025)
@@ -795,7 +795,13 @@
 	zend_llist header;
 	void *event_extra_data = NULL;
 	int llen = 0;
+	char *max_uploads = INI_STR("max_file_uploads");
+	int upload_cnt = 0;

+	if (max_uploads && *max_uploads) {
+		upload_cnt = atoi(max_uploads);
+	}
+
 	if (SG(request_info).content_length > SG(post_max_size)) {
 		sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size));
 		return;
@@ -973,6 +979,9 @@
 			/* If file_uploads=off, skip the file part */
 			if (!PG(file_uploads)) {
 				skip_upload = 1;
+			} else if (upload_cnt <= 0) {
+				skip_upload = 1;
+				sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded");
 			}

 			/* Return with an error if the posted data is garbled */
@@ -1017,6 +1026,7 @@
 			if (!skip_upload) {
 				/* Handle file */
 				fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC);
+				upload_cnt--;
 				if (fd==-1) {
 					sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file");
 					cancel_upload = UPLOAD_ERROR_E;

Modified: php/php-src/branches/PHP_5_3_1/php.ini-development
===================================================================
--- php/php-src/branches/PHP_5_3_1/php.ini-development	2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/php.ini-development	2009-10-28 11:03:36 UTC (rev 290025)
@@ -878,6 +878,9 @@
 ; http://php.net/upload-max-filesize
 upload_max_filesize = 2M

+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 100
+
 ;;;;;;;;;;;;;;;;;;
 ; Fopen wrappers ;
 ;;;;;;;;;;;;;;;;;;

Modified: php/php-src/branches/PHP_5_3_1/php.ini-production
===================================================================
--- php/php-src/branches/PHP_5_3_1/php.ini-production	2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/php.ini-production	2009-10-28 11:03:36 UTC (rev 290025)
@@ -878,6 +878,9 @@
 ; http://php.net/upload-max-filesize
 upload_max_filesize = 2M

+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 100
+
 ;;;;;;;;;;;;;;;;;;
 ; Fopen wrappers ;
 ;;;;;;;;;;;;;;;;;;


Property changes on: php/php-src/branches/PHP_5_3_1/tests/security/open_basedir_parse_ini_file.phpt
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
   + /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to