Re: [PHP-DEV] [patch] solaris getcwd() brokeness

xes their problems with solaris. > > I've held off from looking at this, as I didn't want to duplicate any > effort you have been making. > > --Wez. > > On Sun, 16 Feb 2003, Andi Gutmans wrote: > > > At 03:41 PM 2/13/2003 -0500, James E. Flemer wrote: > >

Re: [PHP-DEV] [patch] solaris getcwd() brokeness

On Sun, 16 Feb 2003, Andi Gutmans wrote: > At 03:41 PM 2/13/2003 -0500, James E. Flemer wrote: > >RCS file: /repository/TSRM/tsrm_virtual_cwd.c,v > >retrieving revision 1.41 > >diff -u -b -r1.41 tsrm_virtual_cwd.c > >--- TSRM/tsrm_virtual_cwd.c 6 Nov 2002 18:07:22 -

Re: [PHP-DEV] [patch] solaris getcwd() brokeness

ch looks fine but I didn't quite understand the > rest. PHP only uses realpath() if it doesn't fail, so what is the exact > problem? What does that other code do? > > Andi > > At 03:29 PM 2/12/2003 -0500, James E. Flemer wrote: > >Well all the fancy new streams c

Re: [PHP-DEV] [patch] solaris getcwd() brokeness

Here's that same patch, but without leaking a file descriptor. Any comments yet? Any objections to committing it? -James On Wed, 12 Feb 2003, James E. Flemer wrote: > Well all the fancy new streams code in 4.3.0 seems to > tickle a Solaris issue with getcwd(). It seems that unde

[PHP-DEV] [patch] solaris getcwd() brokeness

Well all the fancy new streams code in 4.3.0 seems to tickle a Solaris issue with getcwd(). It seems that under certain cases solaris' getcwd() fails when other os' work. Consequently 4.3.0 causes a huge ammount of breakage for some sites running solaris. Below is a patch that seems to work aroun

Re: [PHP-DEV] preg_replace oddity [exploitable]

On Mon, 3 Feb 2003, Maxim Maletsky wrote: > "James E. Flemer" <[EMAIL PROTECTED]> wrote... : > > > I found a more evil example: > > > > > $a = "___! `rm -rf /tmp/sess_*` !___"; > > $b = preg_replace("/!(.*)!/e", "

Re: [PHP-DEV] preg_replace oddity [exploitable]

ssion, print must be used. (Yes I know why, just pointing it out.) -James On Thu, 30 Jan 2003, James E. Flemer wrote: > Can someone explain what is going on here: > > --- foo.php --- >$a = "___! 52); echo(42 !___"; > $b = preg_replace("/!(.*)!/e"

[PHP-DEV] preg_replace oddity

Can someone explain what is going on here: --- foo.php --- --- end --- --- output --- 52 --- a: ___! 52); echo(42 !___ b: ___1___ --- end --- I understand that one is supposed to use single quotes around the \\1 in the above preg_replace. But what happens when they do not? Clearly the echo(42)

Re: [PHP-DEV] 4.2.3

Perhaps the "Status" field could be expanded so that bugs that are deemed necessary for the "stable" branch would follow a path like: open -> ... -> fixed in current -> merged to stable -> closed (or something like that) That way if a bug is fixed in "current", it will remain "open" until it

Re: [PHP-DEV] Re: [PHP-DOC] Re: #3793 [Ana->Opn]: session.gc_maxlifetimedoes not work

Would it be difficult to just add a "dirty" flag somewhere, so that the session data only gets written out iff a variable has been added, removed, or changed? That way existing php code using sessions would have improved performance. Perhaps combine this idea with Zeev's idea of using 'touch'. I d

[PHP-DEV] multipart/form-data bug [crossposted]

Sorry for the cross-post, but I don't know which side is causing this bug, Apache or PHP. OS: Solaris 8 Apache: 1.3.26 PHP: 4.2.2 (DSO) By default, PHP sets "max_post_size" to 8Mb. If the post data exceeds that, it seems PHP discards all of it (no post data gets to the script). In my situation "

Re: [PHP-DEV] [PATCH] ext/standard/tests/general_functions/proc_open.phpt

Committed. Thanks! -James On Sat, 3 Aug 2002, Melvyn Sopacua wrote: > Self explanatory: > Index: ext/standard/tests/general_functions/proc_open.phpt > === > RCS file: > /repository/php4/ext/standard/tests/general_functions/proc_open

Re: [PHP-DEV] RE: [Gallery-users] can't create albums (fwd)

Yep, on FreeBSD mode_t is "u_int16_t", whereas on Linux it is a "__u_int". -James On 6 May 2002, Jim Winstead wrote: > James E. Flemer <[EMAIL PROTECTED]> wrote: > > Perhaps this broke it: (it looks like the most recent > > change to mkdir()) >

Re: [PHP-DEV] RE: [Gallery-users] can't create albums (fwd)

Perhaps this broke it: (it looks like the most recent change to mkdir()) http://cvs.php.net/diff.php/php4/ext/standard/file.c?r1=1.203&r2=1.204&ty=u I am looking into it. -James On Mon, 6 May 2002, Rasmus Lerdorf wrote: > Bug 16905 seems to be real and is biting a few people on *BSD. It looks

RE: [PHP-DEV] bugs: try newer version (?)

[ James (Cox) can you please quote people correctly ... ] Sorry for the confusion. I was not implying in any way that _existing_ bugs be automatically marked as "Try Newer Version", I was suggesting that perhaphs _new_ bugs be marked that way if they are submitted with a (very) old release. That

[PHP-DEV] bugs: try newer version (?)

Is there some policy about when it's ok to pick "try newer version (bogus)" from the quick fix bug menu? Is there anyway to automate that, so when people report bugs in 4.0.6 they can immediately get a response telling them to upgrade and see if the problem has been fixed? There are still 484 open

Re: [PHP-DEV] Re: Bug #16768: mysql_connect("localhost", ...) doesn'tconnect to localhost! (fwd)

On Wed, 24 Apr 2002, Daniel Swarbrick wrote: > Yes, I have MySQL running all the time. I noticed this in > ext/mysql/config.m4 : > > MYSQL_SOCK=/tmp/mysql.sock > for i in \ > /var/run/mysqld/mysqld.sock \ > /var/tmp/mysql.sock \ > /var/lib/mysql/mysql.sock \ > /var/my

Re: [PHP-DEV] RFC: README.SUBMITTING_PATCH (2nd edition)

What about in-line vs. attachments? For patching, attachments are probably easier, but for reviewing I find it useful if the patch is in-line. -James On Mon, 18 Mar 2002, Yasuo Ohgaki wrote: > Hi all, > > I've added David and Zeev's suggestion and added a little. > Please fix/add/comment. Thank

[PHP-DEV] Is HAVE_GETCWD needed?

I am trying to beat out a bug with opendir(), getcwd(), and VCWD_GETCWD. Way back in Oct. '99 when thies added the PHP function "getcwd()", he had this code: #if HAVE_GETCWD ret = getcwd(path, MAXPATHLEN); #elif HAVE_GETWD ret = getwd(path); #endif and since then "getcwd" and "getw

Re: [PHP-DEV] opendir SafeMode Multiuser Problem/Patch

Well actually, open_basedir is not *supposed* to check UIDs. However, safe_mode *is*, and it was not for the opendir() function. So I patched it to do so (in CVS). Also I noticed that when the CHECKUID_ALLOW_ONLY_DIR flag is passed to php_checkuid(), that it misses the case where you are referring

Re: [PHP-DEV] PHP Safe Mode Filesystem Circumvention Problem (fwd)

y are, the saftey check could just try matching a (list of) regex(s). -James On Tue, 5 Feb 2002, Mats Lindh wrote: > - [EMAIL PROTECTED]% (James E. Flemer): > > This patch I think will catch all cases, unless there is > > some way that mysql can escape characters (\x44 or > >

Re: [PHP-DEV] PHP Safe Mode Filesystem Circumvention Problem (fwd)

Gutmans wrote: > > > We have always said that safe mode isn't very safe. I'm sure there are > > other ways of circumventing it. > > Unless a few people focus specifically on safe mode I don't think this will > > change. > > > > Andi > > &g

Re: [PHP-DEV] PHP Safe Mode Filesystem Circumvention Problem (fwd)

BTW I just noticed that this has been entered as bug #15375. -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] PHP Safe Mode Filesystem Circumvention Problem (fwd)

Comments on this? I am going to take a look at the code in the mysql extension, and at the code in mysql as well tomorrow. Not sure if this is directly a PHP problem (vs a mysql problem), but it is something that PHP *could* block it seems. -James -- Forwarded message -- Date: Sun

[PHP-DEV] [patch] safe_mode_include_dir

Hello ... It's been a while since I've actively been committing to PHP. So I thought I'd run this by everyone first. This is a patch to change the behavior of the PHP.INI directive "safe_mode_include_dir" (which I added about 6 months ago). As it is currently, "safe_mode_include_dir" takes a sing

Re: [PHP-DEV] namespace/package feature in PHP 5?

Are (any of) the Zend lists public? (either to browse or submit.) -James On Thu, 19 Jul 2001, Zeev Suraski wrote: > Language-level things like this one are being discussed at > [EMAIL PROTECTED] This feature was actually discussed quite a lot in > > Zeev -- PHP Development Mailing List

[PHP-DEV] include() fall back to scripts' cwd

Rather than having this be a seperate case at the end of php_fopen_with_path(), how about it just get appended to the (local) search path? I am adding a 'safe_mode_include_dir', which will let you include files you don't own if they are in the safe_mode_include_dir. By appending the scripts cwd t

[PHP-DEV] xmlrpc_error_number causes core dump

It looks like xmlrpc_error_number [ in main/main.c, main/php_globals.h ] is typed wrong. It causes apache to core dump on Solaris 8. It is crashing in OnUpdateString(), which should be OnUpdateInt() right [main.c]? Also xmlrpc_error_number should be a long, not a short [php_globals.h]? I don't kn

Re: [PHP-DEV] safe_mode.c: php_checkuid() mode

Nix those mumblings about file existence ... but what about bits vs not-bits for the mode? -James On Mon, 9 Jul 2001, James E. Flemer wrote: > Rasmus, can you clarify the 'mode' parameter in > php_checkuid()? In safe_mode.h there are 5 defined values, > the 5th is

[PHP-DEV] safe_mode.c: php_checkuid() mode

Rasmus, can you clarify the 'mode' parameter in php_checkuid()? In safe_mode.h there are 5 defined values, the 5th is: (which is used in fopen_wrappers.c ...) #define CHECKUID_CHECK_MODE_PARAM 4 However, in safe_mode.c CHECKUID_CHECK_MODE_PARAM is not used, and furthermore if 'fopen_mode'

Re: [PHP-DEV] [patch] safe mode gid check

here: > > http://php.net/anoncvs.php > > -Rasmus > > On Mon, 9 Jul 2001, James E. Flemer wrote: > > > This is a patch against php-4.0.4pl1. > > > > Description: > > In Safe Mode, when opening files the UID of the script > > owner and the UID of the de

[PHP-DEV] [patch] safe mode gid check

This is a patch against php-4.0.4pl1. Description: In Safe Mode, when opening files the UID of the script owner and the UID of the destination file are compared. In some circumstances it is desired that this check be relaxed to a GID compare. The attached patch adds a php ini directive "safe_mo