- Move to the new ts_allocate_id() API
This patch is *bound* to break some files, as I must have had typos somewhere.
If you use any uncommon extension, please try to build it...
has been tested extensively. Most SAPI modules (Apache 1.x, 2.0, thttpd,
AOLserver, CGI, TUX, Caudium, Roxen, NSAPI, Phttpd, Pi3web, Servlet)
call php_request_shutdown() right after php_execute_script (or
equivalent functionality), so that output is possible under an
overwhelmingly number of web-servers.
'officially' disabled during shutdown (this doesn't change the Apache module
behavior, but may change behavior of other server modules, in which it was
possible to emit output during shutdown; I think it's a good step towards
consistency, though)
maintain current behaviour. If this is turned on then $HTTP_RAW_POST_DATA
is always populated with a copy of the raw post data.
@ - Add config option (always_populate_raw_post_data) which when enabled
@ will always populate $HTTP_RAW_POST_DATA regardless of the post mime
@ type (Rasmus)
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ext/standard/dir.c ] changed php_checkuid() to use
CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR
- [ main/safe_mode.c ] added code for new checkuid mode
o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
- [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
of symlink before trimming filename
o New Feature: safe_mode_include_dir (php.ini directive)
- Allows bypassing UID/GID checks when including files
from the directory in safe_mode_include_dir and its
subdirectories. (safe_mode must be on, directory must
also be in include_path or full path must be used when
including)
o Fixed Feature: safe_mode_gid (php.ini directive)
- Correctly check (and report) UID/GID bits on directories
o Changed include() fall back to scripts cwd implementation
- CWD added to the (local) search path in php_fopen_with_path()
instead of seperate case. [ main/fopen_wrappers.c ]
current working directory if everything else fails (include_path).
- Right now this also effects things like opening php.ini. It'll now always
check in the current working directory for php.ini. I think this doesn't
screw up todays behavior.
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a gid check instead of a uid check. (James E. Flemer, Rasmus)
and handle some corner cases better. The scanner has been changed
to the format as proposed in "RE2C - A More Versatile Scanner Generator"
by Cowan et al.
