pajoye Wed, 28 Oct 2009 11:03:36 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=290025
Log:
- Merge revision 289990, introduce new INI setting max_file_uploads [DOC] added
to 5.2 as well
Changed paths:
_U php/php-src/branches/PHP_5_3_1/
UU php/php-src/branches/PHP_5_3_1/NEWS
_U php/php-src/branches/PHP_5_3_1/ext/mysql/
_U php/php-src/branches/PHP_5_3_1/ext/mysqli/
_U php/php-src/branches/PHP_5_3_1/ext/mysqlnd/
_U php/php-src/branches/PHP_5_3_1/ext/pdo_mysql/
_U php/php-src/branches/PHP_5_3_1/ext/tidy/tests/
U php/php-src/branches/PHP_5_3_1/main/main.c
U php/php-src/branches/PHP_5_3_1/main/rfc1867.c
U php/php-src/branches/PHP_5_3_1/php.ini-development
U php/php-src/branches/PHP_5_3_1/php.ini-production
_U
php/php-src/branches/PHP_5_3_1/tests/security/open_basedir_parse_ini_file.phpt
Property changes on: php/php-src/branches/PHP_5_3_1
___________________________________________________________________
Modified: svn:mergeinfo
- /php/php-src/branches/PHP_5_3:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779
/php/php-src/trunk:284726
+ /php/php-src/branches/PHP_5_3:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk:284726
Modified: php/php-src/branches/PHP_5_3_1/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3_1/NEWS 2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/NEWS 2009-10-28 11:03:36 UTC (rev 290025)
@@ -1,6 +1,10 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2009, PHP 5.3.1 RC3
+- Added "max_file_uploads" INI directive, which can be set to limit the
+ number of file uploads per-request to 100 by default, to prevent possible
+ DOS via temporary file exhaustion. (Ilia)
+
- Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
- Fixed bug #49986 (Missing ICU DLLs on windows package). (Pierre)
Property changes on: php/php-src/branches/PHP_5_3_1/NEWS
___________________________________________________________________
Modified: svn:mergeinfo
- /php/php-src/branches/PHP_5_3/NEWS:288028,288034,288067,288081,288083,288085,288087-288088,288096,288111,288116-288117,288159,288202-288204,288208,288215,288246,288263,288265,288267,288329,288339,288351,288354,288378-288379,288393,288396,288411,288437,288439,288446-288448,288462,288510-288511,288514-288518,288522-288524,288531,288537,288541,288547-288548,288555,288562,288571,288575,288580,288583,288585,288598,288603,288638,288644,288653,288676,288679,288705,288741,288743,288745-288747,288749,288784,288793,288834,288892-288893,288896,288940,288943,288945,288953,288973,289004,289019,289027-289028,289030,289039,289046,289049,289076,289123,289214,289216,289247,289249,289285,289339,289341,289351,289366,289368,289372,289445-289446,289531,289546-289547,289557,289568,289581,289587,289612,289621-289624,289666-289667,289779
/php/php-src/trunk/NEWS:284726
+ /php/php-src/branches/PHP_5_3/NEWS:288028,288034,288067,288081,288083,288085,288087-288088,288096,288111,288116-288117,288159,288202-288204,288208,288215,288246,288263,288265,288267,288329,288339,288351,288354,288378-288379,288393,288396,288411,288437,288439,288446-288448,288462,288510-288511,288514-288518,288522-288524,288531,288537,288541,288547-288548,288555,288562,288571,288575,288580,288583,288585,288598,288603,288638,288644,288653,288676,288679,288705,288741,288743,288745-288747,288749,288784,288793,288834,288892-288893,288896,288940,288943,288945,288953,288973,289004,289019,289027-289028,289030,289039,289046,289049,289076,289123,289214,289216,289247,289249,289285,289339,289341,289351,289366,289368,289372,289445-289446,289531,289546-289547,289557,289568,289581,289587,289612,289621-289624,289666-289667,289779,289990
/php/php-src/trunk/NEWS:284726
Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysql
___________________________________________________________________
Modified: svn:mergeinfo
- /php/php-src/branches/PHP_5_3/ext/mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/mysql:284726
+ /php/php-src/branches/PHP_5_3/ext/mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/mysql:284726
Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysqli
___________________________________________________________________
Modified: svn:mergeinfo
- /php/php-src/branches/PHP_5_3/ext/mysqli:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/mysqli:284726
+ /php/php-src/branches/PHP_5_3/ext/mysqli:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/mysqli:284726
Property changes on: php/php-src/branches/PHP_5_3_1/ext/mysqlnd
___________________________________________________________________
Modified: svn:mergeinfo
- /php/php-src/branches/PHP_5_3/ext/mysqlnd:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/mysqlnd:284726
+ /php/php-src/branches/PHP_5_3/ext/mysqlnd:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/mysqlnd:284726
Property changes on: php/php-src/branches/PHP_5_3_1/ext/pdo_mysql
___________________________________________________________________
Modified: svn:mergeinfo
- /php/php-src/branches/PHP_5_3/ext/pdo_mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/pdo_mysql:284726
+ /php/php-src/branches/PHP_5_3/ext/pdo_mysql:288202-289561,289612,289621-289624,289666,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/pdo_mysql:284726
Property changes on: php/php-src/branches/PHP_5_3_1/ext/tidy/tests
___________________________________________________________________
Modified: svn:mergeinfo
- /php/php-src/branches/PHP_5_3/ext/tidy/tests:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941
+ /php/php-src/branches/PHP_5_3/ext/tidy/tests:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941
Modified: php/php-src/branches/PHP_5_3_1/main/main.c
===================================================================
--- php/php-src/branches/PHP_5_3_1/main/main.c 2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/main/main.c 2009-10-28 11:03:36 UTC (rev 290025)
@@ -515,6 +515,7 @@
PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra)
PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL)
PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)
+ PHP_INI_ENTRY("max_file_uploads", "100", PHP_INI_SYSTEM, NULL)
STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals)
Modified: php/php-src/branches/PHP_5_3_1/main/rfc1867.c
===================================================================
--- php/php-src/branches/PHP_5_3_1/main/rfc1867.c 2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/main/rfc1867.c 2009-10-28 11:03:36 UTC (rev 290025)
@@ -795,7 +795,13 @@
zend_llist header;
void *event_extra_data = NULL;
int llen = 0;
+ char *max_uploads = INI_STR("max_file_uploads");
+ int upload_cnt = 0;
+ if (max_uploads && *max_uploads) {
+ upload_cnt = atoi(max_uploads);
+ }
+
if (SG(request_info).content_length > SG(post_max_size)) {
sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size));
return;
@@ -973,6 +979,9 @@
/* If file_uploads=off, skip the file part */
if (!PG(file_uploads)) {
skip_upload = 1;
+ } else if (upload_cnt <= 0) {
+ skip_upload = 1;
+ sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded");
}
/* Return with an error if the posted data is garbled */
@@ -1017,6 +1026,7 @@
if (!skip_upload) {
/* Handle file */
fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC);
+ upload_cnt--;
if (fd==-1) {
sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file");
cancel_upload = UPLOAD_ERROR_E;
Modified: php/php-src/branches/PHP_5_3_1/php.ini-development
===================================================================
--- php/php-src/branches/PHP_5_3_1/php.ini-development 2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/php.ini-development 2009-10-28 11:03:36 UTC (rev 290025)
@@ -878,6 +878,9 @@
; http://php.net/upload-max-filesize
upload_max_filesize = 2M
+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 100
+
;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
Modified: php/php-src/branches/PHP_5_3_1/php.ini-production
===================================================================
--- php/php-src/branches/PHP_5_3_1/php.ini-production 2009-10-28 10:14:29 UTC (rev 290024)
+++ php/php-src/branches/PHP_5_3_1/php.ini-production 2009-10-28 11:03:36 UTC (rev 290025)
@@ -878,6 +878,9 @@
; http://php.net/upload-max-filesize
upload_max_filesize = 2M
+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 100
+
;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
Property changes on: php/php-src/branches/PHP_5_3_1/tests/security/open_basedir_parse_ini_file.phpt
___________________________________________________________________
Modified: svn:mergeinfo
- /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
+ /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:288351,289341,289612,289621-289624,289666-289667,289690,289706,289752,289763,289768,289779,289990
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
