From b109f8e3bdcb3b552236b9b89fb190a34d4f0ad1 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 25 Oct 2002 01:06:46 +0000
Subject: [PATCH] Added a mechanism allowing the disabling of the ability to
 change certain INI options when safe_mode is enabled.

ATM three options are limited:
max_execution_time
memory_limit
child_terminate

This patch also fixes bug #17287.
---
 ext/standard/basic_functions.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index c0a11fb27af..93f1a783c21 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -2344,6 +2344,18 @@ PHP_FUNCTION(ini_set)
 		}
 	}	
 		
+#define _CHECK_SAFEMODE_INI(ini, var) strncmp(ini, Z_STRVAL_PP(var), sizeof(ini))
+		
+	/* checks that ensure the user does not overwrite certain ini settings when safe_mode is enabled */
+	if (PG(safe_mode)) {
+		if (!_CHECK_SAFEMODE_INI("max_execution_time", varname) ||
+			!_CHECK_SAFEMODE_INI("memory_limit", varname) ||
+			!_CHECK_SAFEMODE_INI("child_terminate", varname)) {
+			zval_dtor(return_value);
+			RETURN_FALSE;
+		}	
+	}	
+		
 	if (zend_alter_ini_entry(Z_STRVAL_PP(varname), Z_STRLEN_PP(varname)+1, Z_STRVAL_PP(new_value), Z_STRLEN_PP(new_value),
 								PHP_INI_USER, PHP_INI_STAGE_RUNTIME) == FAILURE) {
 		zval_dtor(return_value);