subject:"Re\: \[PHP\-CVS\] svn\: \/php\/php\-src\/branches\/PHP_5_3\/ NEWS ext\/xsl\/php_xsl.c ext\/xsl\/php

Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS ext/xsl/php_xsl.c ext/xsl/php_xsl.h ext/xsl/xsltprocessor.c

2011-10-06 Thread Christian Stocker

Fixed

chregu

On 06.10.11 16:31, Hannes Magnusson wrote:
> On Wed, Oct 5, 2011 at 11:56, Christian Stocker  wrote:
>> chregu   Wed, 05 Oct 2011 09:56:01 +
>>
>> Revision: http://svn.php.net/viewvc?view=revision&revision=317759
>>
>> Log:
>> Added xsl.security_prefs ini option to define forbidden operations within 
>> XSLT
>> stylesheets, default is not to enable write operations. This option won't be
>> in 5.4, since there's a new method. Bug #54446
>>
>> Bug: https://bugs.php.net/54446 (To be documented) Arbitrary file creation 
>> via libxslt 'output' extension
>>
>> Changed paths:
>>U   php/php-src/branches/PHP_5_3/NEWS
>>U   php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c
>>U   php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.h
>>U   php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c
>>
>> Modified: php/php-src/branches/PHP_5_3/NEWS
>> ===
>> --- php/php-src/branches/PHP_5_3/NEWS   2011-10-05 09:51:08 UTC (rev 317758)
>> +++ php/php-src/branches/PHP_5_3/NEWS   2011-10-05 09:56:01 UTC (rev 317759)
>> @@ -90,7 +90,13 @@
>>  - SPL:
>>   . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
>> (jgotti at modedemploi dot fr, Hannes)
>> +
>> +- XSL:
>> +  . Added xsl.security_prefs ini option to define forbidden operations 
>> within XSLT
>> +stylesheets, default is not to enable write operations. This option 
>> won't be
>> +in 5.4, since there's a new method. Bug #54446 (Chregu, Nicolas 
>> Gregoire)
>>
>> +
>>  23 Aug 2011, PHP 5.3.8
>>
>>  - Core:
>>
>> Modified: php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c
>> ===
>> --- php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c  2011-10-05 09:51:08 
>> UTC (rev 317758)
>> +++ php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c  2011-10-05 09:56:01 
>> UTC (rev 317759)
>> @@ -141,6 +141,11 @@
>>  }
>>  /* }}} */
>>
>> +PHP_INI_BEGIN()
>> +//XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK | 
>> XSL_SECPREF_WRITE_FILE == 44
>> +PHP_INI_ENTRY("xsl.security_prefs", "44", PHP_INI_ALL, NULL)
>> +PHP_INI_END()
> 
> 
> // comments are not allowed :)
> And please add this option to the php.ini-* files, with similar note
> as the news entry.
> 
> -Hannes

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS ext/xsl/php_xsl.c ext/xsl/php_xsl.h ext/xsl/xsltprocessor.c

2011-10-06 Thread Hannes Magnusson

On Wed, Oct 5, 2011 at 11:56, Christian Stocker  wrote:
> chregu                                   Wed, 05 Oct 2011 09:56:01 +
>
> Revision: http://svn.php.net/viewvc?view=revision&revision=317759
>
> Log:
> Added xsl.security_prefs ini option to define forbidden operations within XSLT
> stylesheets, default is not to enable write operations. This option won't be
> in 5.4, since there's a new method. Bug #54446
>
> Bug: https://bugs.php.net/54446 (To be documented) Arbitrary file creation 
> via libxslt 'output' extension
>
> Changed paths:
>    U   php/php-src/branches/PHP_5_3/NEWS
>    U   php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c
>    U   php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.h
>    U   php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c
>
> Modified: php/php-src/branches/PHP_5_3/NEWS
> ===
> --- php/php-src/branches/PHP_5_3/NEWS   2011-10-05 09:51:08 UTC (rev 317758)
> +++ php/php-src/branches/PHP_5_3/NEWS   2011-10-05 09:56:01 UTC (rev 317759)
> @@ -90,7 +90,13 @@
>  - SPL:
>   . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
>     (jgotti at modedemploi dot fr, Hannes)
> +
> +- XSL:
> +  . Added xsl.security_prefs ini option to define forbidden operations 
> within XSLT
> +    stylesheets, default is not to enable write operations. This option 
> won't be
> +    in 5.4, since there's a new method. Bug #54446 (Chregu, Nicolas Gregoire)
>
> +
>  23 Aug 2011, PHP 5.3.8
>
>  - Core:
>
> Modified: php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c
> ===
> --- php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c      2011-10-05 09:51:08 
> UTC (rev 317758)
> +++ php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c      2011-10-05 09:56:01 
> UTC (rev 317759)
> @@ -141,6 +141,11 @@
>  }
>  /* }}} */
>
> +PHP_INI_BEGIN()
> +//XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK 
> | XSL_SECPREF_WRITE_FILE == 44
> +PHP_INI_ENTRY("xsl.security_prefs", "44", PHP_INI_ALL, NULL)
> +PHP_INI_END()


// comments are not allowed :)
And please add this option to the php.ini-* files, with similar note
as the news entry.

-Hannes

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS ext/xsl/php_xsl.c ext/xsl/php_xsl.h ext/xsl/xsltprocessor.c

Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS ext/xsl/php_xsl.c ext/xsl/php_xsl.h ext/xsl/xsltprocessor.c

2 matches

Site Navigation

Mail list logo

Footer information