Re: [PHP-DEV] RC4 + windows
At 01:32 22.12.2002, Edin Kadribasic wrote: On Sunday 22 December 2002 00:51, Marcus Börger wrote: Hi, i can no longer load mhash and domxml dll's under windows RC4. marcus Rememberd to copy .dlls from dlls folder to a folder in PATH like c:\winnt\system32? Edin After adding the dlls to my path it works. Did something change? I mean with later distributions it worked without adding the path. marcus -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
Possible values are: - php_auth_exposure=user Only PHP_AUTH_USER is exposed. - php_auth_exposure=pw Only PHP_AUTH_PW is exposed - php_auth_exposure=user,pw Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed Moriyoshi, have you considered using constants here instead of strings? For example: - php_auth_exposure=AUTH_EXPOSE_USER Only PHP_AUTH_USER is exposed. - php_auth_exposure=AUTH_EXPOSE_PW Only PHP_AUTH_PW is exposed - php_auth_exposure=AUTH_EXPOSE_USER | AUTH_EXPOSE_PW Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed It resembles the style used by error reporting, which will be less confusing for novices. Regards, Leon -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
On Sat, 21 Dec 2002, Leon Atkinson wrote: Possible values are: - php_auth_exposure=user Only PHP_AUTH_USER is exposed. - php_auth_exposure=pw Only PHP_AUTH_PW is exposed - php_auth_exposure=user,pw Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed Moriyoshi, have you considered using constants here instead of strings? For example: - php_auth_exposure=AUTH_EXPOSE_USER Only PHP_AUTH_USER is exposed. - php_auth_exposure=AUTH_EXPOSE_PW Only PHP_AUTH_PW is exposed - php_auth_exposure=AUTH_EXPOSE_USER | AUTH_EXPOSE_PW Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed It resembles the style used by error reporting, which will be less confusing for novices. There is no difference here, both are strings anyway. And the latest option AUTH_EXPOSE_USER | AUTH_EXPOSE_PW wont work in an httpd.conf file. Also, this is NOT the style we have in php.ini. I don't see any valid point to use this thing. Derick -- - Derick Rethans http://derickrethans.nl/ PHP Magazine - PHP Magazine for Professionals http://php-mag.net/ - -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
There is no difference here, both are strings anyway. And the latest option AUTH_EXPOSE_USER | AUTH_EXPOSE_PW wont work in an httpd.conf file. Also, this is NOT the style we have in php.ini. I don't see any valid point to use this thing. Derick, you may have a point about it not being as friendly to httpd.conf, but if you look at php.ini-dist, you'll see: ; If you use constants in your value, and these constants belong to a ; dynamically loaded extension (either a PHP extension or a Zend extension), ; you may only use these constants *after* the line that loads the extension. Which implies constants ARE available inside php.ini. (Yes, I know they aren't in httpd.conf or .htaccess). You'll also see this: ; error_reporting is a bit-field. Or each number up to get desired error ; reporting level [snip] ; Examples: ; ; - Show all errors, except for notices ; ;error_reporting = E_ALL ~E_NOTICE Which is the style I was talking about. The patch in question is using two flags, which suggests the a bitfield. It's true there's at least one ini setting that uses a string of comma-separated values (mbstring's encoding settings), but are there other examples of setting a couple of on/off values in a string like this? I guess variables_order is kind of like this. Maybe it would be better to have two flag directives instead of one value directive. Anyway, it probably doesn't matter. Regards, Leon -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
On Fri, 20 Dec 2002, Frank Kromann wrote: Hi Andrei, Should I commit a small fix to the Windows projects to avoid having the CGI and CLI produce php.exe to the same directory ? What will the fix do exactly? -Andrei http://www.gravitonic.com/ What's a polar bear? A rectangular bear after a coordinate transform. -- Bill White ([EMAIL PROTECTED]) -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
Moriyoshi,
I appreciate your effort here, but it seems that while this approach is
more flexible, it is also bound to have more complicated. I have decided
to apply Philip's patch for 4.3.0.
On Sat, 21 Dec 2002, Moriyoshi Koizumi wrote:
Ohh, it seems we have been working on the same patch simultaneously :)
Attached is my version of fix for bug #20441, which adopts a new ini entry
php_auth_exposure so that administrators can selectively expose auth
information to the clients regardless of safe_mode settings.
Possible values are:
- php_auth_exposure=user
Only PHP_AUTH_USER is exposed.
- php_auth_exposure=pw
Only PHP_AUTH_PW is exposed
- php_auth_exposure=user,pw
Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed
Hope this helps.
Moriyoshi
Philip Olson [EMAIL PROTECTED] wrote:
Attatched is a patch that essentially goes back
to 4.2.3 behavior except the external auth will not
be available with PHP in safe mode. REMOTE_USER
exists regardless.
It seems some people also wanted an ini option, I don't
know how to do that! :)
References for this patch:
http://bugs.php.net/20441
http://cvs.php.net/diff.php/php4/sapi/apache/mod_php4.c?r1=1.132r2=1.133
On a related note, I'm curious why PHP_AUTH_TYPE does
not exist, only the variable AUTH_TYPE does (for me).
PHP_AUTH_TYPE has been documented forever, not sure if
it used to exist but various parts of PHP4 source make
it seem like it should.
Regards,
Philip Olson
p.s. Thanks to Wez and Steph for teaching me not to fear
the source.
On Fri, 20 Dec 2002, Andrei Zmievski wrote:
Everyone,
I have just released 4.3.0RC4. Despite the quote in my signature, I am
determined to keep this one the very last final RC of the interminable
4.3.0 development cycle. Towards that end, I will closely monitor the
CVS commits and revert any that do not satisfactorily explain what
critical or showstopper bug they are fixing. I am aware that
PHP_AUTH_USER issue raises certain concerns, but no one apparently could
make a patch. If, however, one appears very soon, I may consider it a
special one and apply it for 4.3.0.
-Andrei http://www.gravitonic.com/
The time from now until the completion
of the project tends to become constant. -- Douglas Hartree
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Index: main/main.c
===
RCS file: /repository/php4/main/main.c,v
retrieving revision 1.520
diff -u -r1.520 main.c
--- main/main.c 16 Dec 2002 15:43:52 - 1.520
+++ main/main.c 21 Dec 2002 06:17:30 -
@@ -112,6 +112,9 @@
static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC);
+static PHP_INI_MH(OnUpdate_php_auth_exposure);
+#define PHP_EXPOSE_AUTH_USER 0x0001
+#define PHP_EXPOSE_AUTH_PW 0x0002
static char *short_track_vars_names[] = {
_POST,
@@ -275,6 +278,7 @@
STD_PHP_INI_ENTRY(output_handler, NULL,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler,
php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN(register_argc_argv, 1,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv,
php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN(register_globals, 0,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_globals,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY(php_auth_exposure, none,
PHP_INI_SYSTEM, OnUpdate_php_auth_exposure, php_auth_exposure,
php_core_globals, core_globals)
#if PHP_SAFE_MODE
STD_PHP_INI_BOOLEAN(safe_mode,1,
PHP_INI_SYSTEM, OnUpdateBool, safe_mode,
php_core_globals, core_globals)
#else
@@ -1191,6 +1195,7 @@
SG(request_info).argv=(char **)NULL;
PG(connection_status) = PHP_CONNECTION_NORMAL;
PG(during_request_startup) = 0;
+ PG(php_auth_exposure) = 0;
CG(zend_lineno) = 0;
@@ -1378,10 +1383,12 @@
}
/* PHP Authentication support */
- if (SG(request_info).auth_user) {
+ if ((PG(php_auth_exposure) PHP_EXPOSE_AUTH_USER)
+ SG(request_info).auth_user) {
php_register_variable(PHP_AUTH_USER, SG(request_info).auth_user,
array_ptr TSRMLS_CC);
}
- if (SG(request_info).auth_password) {
+ if ((PG(php_auth_exposure) PHP_EXPOSE_AUTH_PW)
+ SG(request_info).auth_password) {
php_register_variable(PHP_AUTH_PW, SG(request_info).auth_password,
array_ptr TSRMLS_CC);
}
}
@@ -1820,6 +1827,66 @@
}
/* }}} */
#endif
+
Re: [PHP-DEV] RC4: ground rules
Should I commit a small fix to the Windows projects to avoid having the CGI and CLI produce php.exe to the same directory ? Andrei I think that we should include this small change in 4.3.0. It cannot possibly affect anything in the negative way and I will make sure that the files are correctly placed in the distribution. Edin -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
Andrei Zmievski [EMAIL PROTECTED] wrote:
Moriyoshi,
I appreciate your effort here, but it seems that while this approach is
more flexible, it is also bound to have more complicated. I have decided
to apply Philip's patch for 4.3.0.
I think my patch is too complicated to be included in 4.3.0 release too,
and there is still room for the discussion whether to prepare a special
ini entry like php_auth_exposure for those variables.
Moriyoshi
On Sat, 21 Dec 2002, Moriyoshi Koizumi wrote:
Ohh, it seems we have been working on the same patch simultaneously :)
Attached is my version of fix for bug #20441, which adopts a new ini entry
php_auth_exposure so that administrators can selectively expose auth
information to the clients regardless of safe_mode settings.
Possible values are:
- php_auth_exposure=user
Only PHP_AUTH_USER is exposed.
- php_auth_exposure=pw
Only PHP_AUTH_PW is exposed
- php_auth_exposure=user,pw
Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed
Hope this helps.
Moriyoshi
Philip Olson [EMAIL PROTECTED] wrote:
Attatched is a patch that essentially goes back
to 4.2.3 behavior except the external auth will not
be available with PHP in safe mode. REMOTE_USER
exists regardless.
It seems some people also wanted an ini option, I don't
know how to do that! :)
References for this patch:
http://bugs.php.net/20441
http://cvs.php.net/diff.php/php4/sapi/apache/mod_php4.c?r1=1.132r2=1.133
On a related note, I'm curious why PHP_AUTH_TYPE does
not exist, only the variable AUTH_TYPE does (for me).
PHP_AUTH_TYPE has been documented forever, not sure if
it used to exist but various parts of PHP4 source make
it seem like it should.
Regards,
Philip Olson
p.s. Thanks to Wez and Steph for teaching me not to fear
the source.
On Fri, 20 Dec 2002, Andrei Zmievski wrote:
Everyone,
I have just released 4.3.0RC4. Despite the quote in my signature, I am
determined to keep this one the very last final RC of the interminable
4.3.0 development cycle. Towards that end, I will closely monitor the
CVS commits and revert any that do not satisfactorily explain what
critical or showstopper bug they are fixing. I am aware that
PHP_AUTH_USER issue raises certain concerns, but no one apparently could
make a patch. If, however, one appears very soon, I may consider it a
special one and apply it for 4.3.0.
-Andrei http://www.gravitonic.com/
The time from now until the completion
of the project tends to become constant. -- Douglas Hartree
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Index: main/main.c
===
RCS file: /repository/php4/main/main.c,v
retrieving revision 1.520
diff -u -r1.520 main.c
--- main/main.c 16 Dec 2002 15:43:52 - 1.520
+++ main/main.c 21 Dec 2002 06:17:30 -
@@ -112,6 +112,9 @@
static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC);
+static PHP_INI_MH(OnUpdate_php_auth_exposure);
+#define PHP_EXPOSE_AUTH_USER 0x0001
+#define PHP_EXPOSE_AUTH_PW 0x0002
static char *short_track_vars_names[] = {
_POST,
@@ -275,6 +278,7 @@
STD_PHP_INI_ENTRY(output_handler, NULL,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler,
php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN(register_argc_argv, 1,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv,
php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN(register_globals, 0,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_globals,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY(php_auth_exposure, none,
PHP_INI_SYSTEM, OnUpdate_php_auth_exposure, php_auth_exposure,
php_core_globals, core_globals)
#if PHP_SAFE_MODE
STD_PHP_INI_BOOLEAN(safe_mode,1,
PHP_INI_SYSTEM, OnUpdateBool, safe_mode,
php_core_globals, core_globals)
#else
@@ -1191,6 +1195,7 @@
SG(request_info).argv=(char **)NULL;
PG(connection_status) = PHP_CONNECTION_NORMAL;
PG(during_request_startup) = 0;
+ PG(php_auth_exposure) = 0;
CG(zend_lineno) = 0;
@@ -1378,10 +1383,12 @@
}
/* PHP Authentication support */
- if (SG(request_info).auth_user) {
+ if ((PG(php_auth_exposure) PHP_EXPOSE_AUTH_USER)
+ SG(request_info).auth_user) {
php_register_variable(PHP_AUTH_USER, SG(request_info).auth_user,
array_ptr
Re: [PHP-DEV] RC4: ground rules
On Sat, 21 Dec 2002, Edin Kadribasic wrote: Andrei I think that we should include this small change in 4.3.0. It cannot possibly affect anything in the negative way and I will make sure that the files are correctly placed in the distribution. Ok, go ahead with this. -Andrei http://www.gravitonic.com/ * Who is Ray and why would we want to selectively trace him? * -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
On Sun, 22 Dec 2002, Moriyoshi Koizumi wrote: Andrei Zmievski [EMAIL PROTECTED] wrote: Moriyoshi, I appreciate your effort here, but it seems that while this approach is more flexible, it is also bound to have more complicated. I have decided ^^ Sorry about this grammar infelicity - it's a result of rewriting the message. -Andrei http://www.gravitonic.com/ The church is near but the road is icy; the bar is far away but I will walk carefully. -- Russian proverb -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
Hi, Possible values are: - php_auth_exposure=user Only PHP_AUTH_USER is exposed. - php_auth_exposure=pw Only PHP_AUTH_PW is exposed - php_auth_exposure=user,pw Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed Moriyoshi, have you considered using constants here instead of strings? For example: - php_auth_exposure=AUTH_EXPOSE_USER Only PHP_AUTH_USER is exposed. - php_auth_exposure=AUTH_EXPOSE_PW Only PHP_AUTH_PW is exposed - php_auth_exposure=AUTH_EXPOSE_USER | AUTH_EXPOSE_PW Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed It resembles the style used by error reporting, which will be less confusing for novices. At first I thought of using constants like you mentioned, but I decided to not do so in my patch because I don't want to pollute the namespace with such trivial constants that are likely to be used only in ini settings. There is no difference here, both are strings anyway. And the latest option AUTH_EXPOSE_USER | AUTH_EXPOSE_PW wont work in an httpd.conf file. Also, this is NOT the style we have in php.ini. I don't see any valid point to use this thing. I don't think this entry needs to be able to be toggled in per-dir settings. Moriyoshi Derick -- - Derick Rethans http://derickrethans.nl/ PHP Magazine - PHP Magazine for Professionals http://php-mag.net/ - -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
Just create php.exe (CLI version) in Debug_TS\cli, Release_TS\cli and Release_TS_inline\cli - Frank On Fri, 20 Dec 2002, Frank Kromann wrote: Hi Andrei, Should I commit a small fix to the Windows projects to avoid having the CGI and CLI produce php.exe to the same directory ? What will the fix do exactly? -Andrei http://www.gravitonic.com/ What's a polar bear? A rectangular bear after a coordinate transform. -- Bill White ([EMAIL PROTECTED]) -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] RC4 + windows
Hi, i can no longer load mhash and domxml dll's under windows RC4. marcus -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4 + windows
On Sunday 22 December 2002 00:51, Marcus Börger wrote: Hi, i can no longer load mhash and domxml dll's under windows RC4. marcus Rememberd to copy .dlls from dlls folder to a folder in PATH like c:\winnt\system32? Edin -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] RC4 and PHP_AUTH_USER
Andrei said he wants to roll RC4 today. Can someone take a look at http://bugs.php.net/bug.php?id=20441 which is marked as critical for 4.3.0. Thanks -- Phil Driscoll -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] RC4: ground rules
Everyone, I have just released 4.3.0RC4. Despite the quote in my signature, I am determined to keep this one the very last final RC of the interminable 4.3.0 development cycle. Towards that end, I will closely monitor the CVS commits and revert any that do not satisfactorily explain what critical or showstopper bug they are fixing. I am aware that PHP_AUTH_USER issue raises certain concerns, but no one apparently could make a patch. If, however, one appears very soon, I may consider it a special one and apply it for 4.3.0. -Andrei http://www.gravitonic.com/ The time from now until the completion of the project tends to become constant. -- Douglas Hartree -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
Hi Andrei, Should I commit a small fix to the Windows projects to avoid having the CGI and CLI produce php.exe to the same directory ? - Frank Everyone, I have just released 4.3.0RC4. Despite the quote in my signature, I am determined to keep this one the very last final RC of the interminable 4.3.0 development cycle. Towards that end, I will closely monitor the CVS commits and revert any that do not satisfactorily explain what critical or showstopper bug they are fixing. I am aware that PHP_AUTH_USER issue raises certain concerns, but no one apparently could make a patch. If, however, one appears very soon, I may consider it a special one and apply it for 4.3.0. -Andrei http://www.gravitonic.com/ The time from now until the completion of the project tends to become constant. -- Douglas Hartree -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
Attatched is a patch that essentially goes back
to 4.2.3 behavior except the external auth will not
be available with PHP in safe mode. REMOTE_USER
exists regardless.
It seems some people also wanted an ini option, I don't
know how to do that! :)
References for this patch:
http://bugs.php.net/20441
http://cvs.php.net/diff.php/php4/sapi/apache/mod_php4.c?r1=1.132r2=1.133
On a related note, I'm curious why PHP_AUTH_TYPE does
not exist, only the variable AUTH_TYPE does (for me).
PHP_AUTH_TYPE has been documented forever, not sure if
it used to exist but various parts of PHP4 source make
it seem like it should.
Regards,
Philip Olson
p.s. Thanks to Wez and Steph for teaching me not to fear
the source.
On Fri, 20 Dec 2002, Andrei Zmievski wrote:
Everyone,
I have just released 4.3.0RC4. Despite the quote in my signature, I am
determined to keep this one the very last final RC of the interminable
4.3.0 development cycle. Towards that end, I will closely monitor the
CVS commits and revert any that do not satisfactorily explain what
critical or showstopper bug they are fixing. I am aware that
PHP_AUTH_USER issue raises certain concerns, but no one apparently could
make a patch. If, however, one appears very soon, I may consider it a
special one and apply it for 4.3.0.
-Andrei http://www.gravitonic.com/
The time from now until the completion
of the project tends to become constant. -- Douglas Hartree
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Index: mod_php4.c
===
RCS file: /repository/php4/sapi/apache/mod_php4.c,v
retrieving revision 1.148
diff -u -r1.148 mod_php4.c
--- mod_php4.c 1 Dec 2002 03:28:21 - 1.148
+++ mod_php4.c 21 Dec 2002 05:18:12 -
@@ -448,7 +448,7 @@
authorization = table_get(r-headers_in, Authorization);
}
if (authorization
-!auth_type(r)
+(!PG(safe_mode) || (PG(safe_mode) !auth_type(r)))
!strcasecmp(getword(r-pool, authorization, ' '), Basic)) {
tmp = uudecode(r-pool, authorization);
SG(request_info).auth_user = getword_nulls_nc(r-pool, tmp, ':');
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RC4: ground rules
Ohh, it seems we have been working on the same patch simultaneously :)
Attached is my version of fix for bug #20441, which adopts a new ini entry
php_auth_exposure so that administrators can selectively expose auth
information to the clients regardless of safe_mode settings.
Possible values are:
- php_auth_exposure=user
Only PHP_AUTH_USER is exposed.
- php_auth_exposure=pw
Only PHP_AUTH_PW is exposed
- php_auth_exposure=user,pw
Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed
Hope this helps.
Moriyoshi
Philip Olson [EMAIL PROTECTED] wrote:
Attatched is a patch that essentially goes back
to 4.2.3 behavior except the external auth will not
be available with PHP in safe mode. REMOTE_USER
exists regardless.
It seems some people also wanted an ini option, I don't
know how to do that! :)
References for this patch:
http://bugs.php.net/20441
http://cvs.php.net/diff.php/php4/sapi/apache/mod_php4.c?r1=1.132r2=1.133
On a related note, I'm curious why PHP_AUTH_TYPE does
not exist, only the variable AUTH_TYPE does (for me).
PHP_AUTH_TYPE has been documented forever, not sure if
it used to exist but various parts of PHP4 source make
it seem like it should.
Regards,
Philip Olson
p.s. Thanks to Wez and Steph for teaching me not to fear
the source.
On Fri, 20 Dec 2002, Andrei Zmievski wrote:
Everyone,
I have just released 4.3.0RC4. Despite the quote in my signature, I am
determined to keep this one the very last final RC of the interminable
4.3.0 development cycle. Towards that end, I will closely monitor the
CVS commits and revert any that do not satisfactorily explain what
critical or showstopper bug they are fixing. I am aware that
PHP_AUTH_USER issue raises certain concerns, but no one apparently could
make a patch. If, however, one appears very soon, I may consider it a
special one and apply it for 4.3.0.
-Andrei http://www.gravitonic.com/
The time from now until the completion
of the project tends to become constant. -- Douglas Hartree
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Index: main/main.c
===
RCS file: /repository/php4/main/main.c,v
retrieving revision 1.520
diff -u -r1.520 main.c
--- main/main.c 16 Dec 2002 15:43:52 - 1.520
+++ main/main.c 21 Dec 2002 06:17:30 -
@@ -112,6 +112,9 @@
static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC);
+static PHP_INI_MH(OnUpdate_php_auth_exposure);
+#define PHP_EXPOSE_AUTH_USER 0x0001
+#define PHP_EXPOSE_AUTH_PW 0x0002
static char *short_track_vars_names[] = {
_POST,
@@ -275,6 +278,7 @@
STD_PHP_INI_ENTRY(output_handler, NULL,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler,
php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN(register_argc_argv, 1,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv,
php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN(register_globals, 0,
PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_globals,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY(php_auth_exposure, none,
+PHP_INI_SYSTEM, OnUpdate_php_auth_exposure, php_auth_exposure,
+php_core_globals, core_globals)
#if PHP_SAFE_MODE
STD_PHP_INI_BOOLEAN(safe_mode,1,
PHP_INI_SYSTEM, OnUpdateBool, safe_mode,
php_core_globals, core_globals)
#else
@@ -1191,6 +1195,7 @@
SG(request_info).argv=(char **)NULL;
PG(connection_status) = PHP_CONNECTION_NORMAL;
PG(during_request_startup) = 0;
+ PG(php_auth_exposure) = 0;
CG(zend_lineno) = 0;
@@ -1378,10 +1383,12 @@
}
/* PHP Authentication support */
- if (SG(request_info).auth_user) {
+ if ((PG(php_auth_exposure) PHP_EXPOSE_AUTH_USER)
+ SG(request_info).auth_user) {
php_register_variable(PHP_AUTH_USER, SG(request_info).auth_user,
array_ptr TSRMLS_CC);
}
- if (SG(request_info).auth_password) {
+ if ((PG(php_auth_exposure) PHP_EXPOSE_AUTH_PW)
+ SG(request_info).auth_password) {
php_register_variable(PHP_AUTH_PW, SG(request_info).auth_password,
array_ptr TSRMLS_CC);
}
}
@@ -1820,6 +1827,66 @@
}
/* }}} */
#endif
+
+/* {{{ OnUpdate_php_auth_exposure */
+static PHP_INI_MH(OnUpdate_php_auth_exposure)
+{
+ char *comp, *p1;
+ int eos;
+ long val = 0;
+ int sp_cnt;
+
+ comp = NULL;
+
+ p1 = new_value;
+ eos = 0;
+
+ do {
+ if (*p1 == '\0') {
+ eos = 1;
+
[PHP-DEV] RC4
RC4 was released with a fix to the ZTS build and some ming fix build. It's pretty much the same as RC3. Zeev -- Zeev Suraski [EMAIL PROTECTED] CTO co-founder, Zend Technologies Ltd. http://www.zend.com/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
