Re: [PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements

2005-03-03 Thread Bostjan Skufca @ domenca.si
Well, of course this was never ment to protect you from inside attacks. But if you also disable eval() then I believe it's pretty much harder to create a successfull attack via chmod-777-write-exec procedure (from outside). This patch is ment to prevent accidental DOS attacks by recursive

Re: [PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements

2005-03-02 Thread Markus Mayer
Correct me if I'm wrong, but isn't this already available in the standard PHP? In the php.ini file, you can refuse the inclusion of url's : allow_url_fopen = Off I think also Hardened PHP offers additional similar protections. Markus On Wednesday 02 March 2005 08:57, Tom Z.

Re: [PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements

2005-03-02 Thread Bostjan Skufca @ domenca.com
From system security's standpoint: ?php $content = file_get_contents('http://www.domain.net/file.inc'); echo $content; ? is OK, but ?php include('http://www.domain.net/file.inc'); ? is NOT! Nice patch, Tom, will probably use it myself too... regards, Bostjan On Wednesday 02 March 2005

Re: [PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements

2005-03-02 Thread Richard Lynch
Bostjan Skufca @ domenca.com wrote: From system security's standpoint: ?php $content = file_get_contents('http://www.domain.net/file.inc'); echo $content; ? is OK, but ?php include('http://www.domain.net/file.inc'); ? is NOT! Nice patch, Tom, will probably use it myself too...

[PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements

2005-03-01 Thread Tom Z. Meinlschmidt
Hi, I've experienced a lot of attacks in my hosting server due to silly users and their scripts with holes. So I prepared this little patch to 4.3.10, which disables using url wrappers in include/include_once/require/require_once statemens (switchable in php.ini). See readme.security from patch

[PHP] patch of php

2002-07-25 Thread Hong Tian
Hi, I download patch of php-4.2.0-to-4.2.2.patch.gz from http://www.php.net and try to update our PHP 4.2.0 to 4.2.2. But I can't find instructions how to update PHP by using this patch of php-4.2.0-to-4.2.2.patch.gz. Could anyone tell me how to patch it or where can I find this information

Re: [PHP] patch of php

2002-07-25 Thread Greg Donald
On Thu, 25 Jul 2002, Hong Tian wrote: I download patch of php-4.2.0-to-4.2.2.patch.gz from http://www.php.net and try to update our PHP 4.2.0 to 4.2.2. But I can't find instructions how to update PHP by using this patch of php-4.2.0-to-4.2.2.patch.gz. Could anyone tell me how to patch

RE: [PHP] patch of php

2002-07-25 Thread Hong Tian
Thanks! -Original Message- From: Greg Donald [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 4:13 PM To: Hong Tian Cc: [EMAIL PROTECTED] Subject: Re: [PHP] patch of php On Thu, 25 Jul 2002, Hong Tian wrote: I download patch of php-4.2.0-to-4.2.2.patch.gz from http

Re: [PHP] Patch for PHP 4.0.6 memory limit problem posted

2001-07-02 Thread Rouvas Stathis
This is the official PHP 4.0.6 version. After line 448 insert: #if MEMORY_LIMIT AG(allocated_memory) -= REAL_SIZE(ptr-size); #endif If you'll take a good look at the diff file the first half is what you're supposed to have and the second half is what

[PHP] Patch for PHP 4.0.6 memory limit problem posted

2001-07-01 Thread Andi Gutmans
the patch. Andi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Patch for PHP 4.0.6 memory limit problem posted

2001-07-01 Thread Rouvas Stathis
Patch cannot be successfully applied. Any suggestions ? Output from patch application: start rouvas@aspasia(12) /opt/ide2/rouvas/tmp/php-4.0.6/Zend patch -i patch.zend_alloc.c patching file zend_alloc.c Hunk #1 FAILED at 446. 1 out of 1 hunk FAILED -- saving rejects to file zend_alloc.c.rej

Re: [PHP] Patch for PHP 4.0.6 memory limit problem posted

2001-07-01 Thread Andi Gutmans
from patch application: start rouvas@aspasia(12) /opt/ide2/rouvas/tmp/php-4.0.6/Zend patch -i patch.zend_alloc.c patching file zend_alloc.c Hunk #1 FAILED at 446. 1 out of 1 hunk FAILED -- saving rejects to file zend_alloc.c.rej rouvas@aspasia(13) /opt/ide2/rouvas/tmp/php-4.0.6/Zend cat

Re: [PHP] Patch for PHP 4.0.6 memory limit problem posted

2001-07-01 Thread Rouvas Stathis
suggestions ? Output from patch application: start rouvas@aspasia(12) /opt/ide2/rouvas/tmp/php-4.0.6/Zend patch -i patch.zend_alloc.c patching file zend_alloc.c Hunk #1 FAILED at 446. 1 out of 1 hunk FAILED -- saving rejects to file zend_alloc.c.rej rouvas@aspasia(13) /opt/ide2/rouvas/tmp

Re: [PHP] Patch for PHP 4.0.6 memory limit problem posted

2001-07-01 Thread Andi Gutmans
At 10:17 PM 7/1/2001 +0300, Rouvas Stathis wrote: It is indeed strange, since in the sources I have (downloaded about a week ago), I already have the exact source that the patch presents (without the lines prefixed with +). I'm looking at $PHPHOME/Zend/zend_alloc.c file. Am I to suppose that

Re: [PHP] Patch for PHP 4.0.6 memory limit problem posted

2001-07-01 Thread Rouvas Stathis
Andi Gutmans wrote: At 10:17 PM 7/1/2001 +0300, Rouvas Stathis wrote: It is indeed strange, since in the sources I have (downloaded about a week ago), I already have the exact source that the patch presents (without the lines prefixed with +). I'm looking at $PHPHOME/Zend/zend_alloc.c

Re: [PHP] Patch for PHP 4.0.6 memory limit problem posted

2001-07-01 Thread Andi Gutmans
At 10:49 PM 7/1/2001 +0300, Rouvas Stathis wrote: Andi Gutmans wrote: At 10:17 PM 7/1/2001 +0300, Rouvas Stathis wrote: It is indeed strange, since in the sources I have (downloaded about a week ago), I already have the exact source that the patch presents (without the lines prefixed