diff --git a/features/safe-mode.xml b/features/safe-mode.xml
index e5b82fcec1..d51f356e98 100644
--- a/features/safe-mode.xml
+++ b/features/safe-mode.xml
@@ -1,579 +1,579 @@
-
-
-
- Safe Mode
-
-
- The PHP safe mode is an attempt to solve the shared-server security
- problem. It is architecturally incorrect to try to solve this
- problem at the PHP level, but since the alternatives at the web
- server and OS levels aren't very realistic, many people,
- especially ISP's, use safe mode for now.
-
-
-
- Security and Safe Mode
-
-
- For further details and definition of the PHP_INI_* constants see
- ini_set.
-
-
- Here is a short explanation of the configuration directives.
-
-
-
- safe_mode
- boolean
-
-
-
- Whether to enable PHP's safe mode. Read the
- Security and chapter for more
- information.
-
-
-
-
-
- safe_mode_gid
- boolean
-
-
-
- By default, Safe Mode does a UID compare check when
- opening files. If you want to relax this to a GID compare,
- then turn on safe_mode_gid.
- Whether to use UID (&false;) or
- GID (&true;) checking upon file
- access.
-
-
-
-
-
- safe_mode_include_dir
- string
-
-
-
- UID/GID checks are bypassed when
- including files from this directory and its subdirectories (directory
- must also be in include_path
- or full path must including).
-
-
- As of PHP 4.2.0, this directive can take a semi-colon separated
- path in a similar fashion to the
- include_path directive,
- rather than just a single directory.
-
-
- The restriction specified is actually a prefix, not a directory name.
- This means that "safe_mode_include_dir = /dir/incl" also allows
- access to "/dir/include" and "/dir/incls" if they exist. When you
- want to restrict access to only the specified directory, end with a
- slash. For example: "safe_mode_include_dir = /dir/incl/"
-
-
-
-
-
- safe_mode_exec_dir
- string
-
-
-
- If PHP is used in safe mode, system and the other
- functions executing system programs
- refuse to start programs that are not in this directory.
-
-
-
-
-
- safe_mode_allowed_env_vars
- string
-
-
-
- Setting certain environment variables may be a potential security breach.
- This directive contains a comma-delimited list of prefixes. In Safe Mode,
- the user may only alter environment variables whose names begin with the
- prefixes supplied here. By default, users will only be able to set
- environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
-
-
-
- If this directive is empty, PHP will let the user modify ANY
- environment variable!
-
-
-
-
-
-
- safe_mode_protected_env_vars
- string
-
-
-
- This directive contains a comma-delimited list of environment
- variables that the end user won't be able to change using
- putenv. These variables will be protected
- even if safe_mode_allowed_env_vars is set to allow to change them.
-
-
-
-
-
- open_basedir
- string
-
-
-
- Limit the files that can be opened by PHP to the specified
- directory-tree, including the file itself. This directive
- is NOT affected by whether Safe Mode is
- turned On or Off.
-
-
- When a script tries to open a file with,
- for example, fopen or gzopen, the location of the file is
- checked. When the file is outside the specified directory-tree,
- PHP will refuse to open it. All symbolic links are resolved,
- so it's not possible to avoid this restriction with a symlink.
-
-
- The special value .
- indicates that the directory in which the script is stored will
- be used as base-directory.
-
-
- Under Windows, separate the directories with a semicolon. On all
- other systems, separate the directories with a colon. As an Apache
- module, open_basedir paths from parent directories are now
- automatically inherited.
-
-
- The restriction specified with open_basedir is actually a
- prefix, not a directory name. This means that "open_basedir =
- /dir/incl" also allows access to "/dir/include" and
- "/dir/incls" if they exist. When you want to restrict access
- to only the specified directory, end with a slash. For example:
- "open_basedir = /dir/incl/"
-
-
-
- Support for multiple directories was added in 3.0.7.
-
-
-
- The default is to allow all files to be opened.
-
-
-
-
-
- disable_functions
- string
-
-
-
- This directive allows you to disable certain functions for
- security reasons. It takes
- on a comma-dilimited list of function names. disable_functions
- is not affected by Safe Mode.
-
-
- This directive must be set in &php.ini; For example, you
- cannot set this in httpd.conf.
-
-
-
-
-
-
- See also: register_globals,
- display_errors, and
- log_errors
-
-
-
- When safe_mode is on, PHP checks to see
- if the owner of the current script matches the owner of the file to be
- operated on by a file function. For example:
-
-
-
- Running this script.php
-
-
-]]>
-
- results in this error when safe mode is enabled:
-
-
-
-
-
- However, there may be environments where a strict UID
- check is not appropriate and a relaxed GID check is
- sufficient. This is supported by means of the safe_mode_gid switch. Setting it to
- On performs the relaxed GID checking,
- setting it to Off (the default) performs
- UID checking.
-
-
- If instead of safe_mode, you set an
- open_basedir directory then all
- file operations will be limited to files under the specified directory
- For example (Apache httpd.conf example):
-
-
- php_admin_value open_basedir /docroot
-
-]]>
-
- If you run the same script.php with this
- open_basedir setting
- then this is the result:
-
-
-
-
-
- You can also disable individual functions. Note that the disable_functions
- directive can not be used outside of the &php.ini; file which means that
- you cannot disable functions on a per-virtualhost or per-directory basis
- in your httpd.conf file.
- If we add this to our &php.ini; file:
-
-
-
- Then we get this output:
-
-
-
-
-
-
-
- Functions restricted/disabled by safe mode
-
- This is a still probably incomplete and possibly incorrect listing
- of the functions limited by
- safe mode.
-
-
- Safe mode limited functions
-
-
-
- Function
- Limitations
-
-
-
-
- dbmopen
- &sm.uidcheck;
-
-
- dbase_open
- &sm.uidcheck;
-
-
- filepro
- &sm.uidcheck;
-
-
- filepro_rowcount
- &sm.uidcheck;
-
-
- filepro_retrieve
- &sm.uidcheck;
-
-
- ifx_*
- sql_safe_mode restrictions, (!= safe mode)
-
-
-
- ingres_*
- sql_safe_mode restrictions, (!= safe mode)
-
-
-
- mysql_*
- sql_safe_mode restrictions, (!= safe mode)
-
-
-
- pg_loimport
- &sm.uidcheck;
-
-
-
- posix_mkfifo
- &sm.uidcheck.dir;
-
-
- putenv
- Obeys the safe_mode_protected_env_vars and
- safe_mode_allowed_env_vars ini-directives. See also the documentation
- on putenv
-
-
-
- move_uploaded_file
- &sm.uidcheck;
-
-
-
-
-
- chdir
- &sm.uidcheck.dir;
-
-
- dl
- &sm.disabled;
-
-
- backtick operator
- &sm.disabled;
-
-
- shell_exec (functional equivalent
- of backticks)
- &sm.disabled;
-
-
- exec
- You can only execute executables within the safe_mode_exec_dir.
- For practical reasons it's currently not allowed to have
- .. components in the path to the executable.
-
-
- system
- You can only execute executables within the safe_mode_exec_dir.
- For practical reasons it's currently not allowed to have
- .. components in the path to the executable.
-
-
- passthru
- You can only execute executables within the safe_mode_exec_dir.
- For practical reasons it's currently not allowed to have
- .. components in the path to the executable.
-
-
- popen
- You can only execute executables within the safe_mode_exec_dir.
- For practical reasons it's currently not allowed to have
- .. components in the path to the executable.
-
-
-
- mkdir
- &sm.uidcheck.dir;
-
-
- rmdir
- &sm.uidcheck;
-
-
- rename
- &sm.uidcheck; &sm.uidcheck.dir;
-
-
- unlink
- &sm.uidcheck; &sm.uidcheck.dir;
-
-
- copy
- &sm.uidcheck; &sm.uidcheck.dir; (on
- source and
- target)
-
-
- chgrp
- &sm.uidcheck;
-
-
- chown
- &sm.uidcheck;
-
-
- chmod
- &sm.uidcheck; In addition, you cannot
- set the SUID, SGID and sticky bits
-
-
- touch
- &sm.uidcheck; &sm.uidcheck.dir;
-
-
- symlink
- &sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
- checked)
-
-
- link
- &sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
- checked)
-
-
- getallheaders
- In safe mode, headers beginning with 'authorization'
- (case-insensitive)
- will not be returned. Warning: this is broken with the aol-server
- implementation of getallheaders!
-
-
- header
- In safe mode, the uid of the script is added to the
- realm part of the
- WWW-Authenticate header if you set this
- header (used for HTTP Authentication).
-
-
- PHP_AUTH variables
-
- In safe mode, the variables PHP_AUTH_USER,
- PHP_AUTH_PW, and AUTH_TYPE
- are not available in $_SERVER. Regardless, you
- can still use REMOTE_USER for the USER.
- (note: only affected since PHP 4.3.0)
-
-
-
-
- highlight_file,
- show_source
-
-
- &sm.uidcheck; &sm.uidcheck.dir; (note: only affected since PHP 4.2.1)
-
-
-
-
- parse_ini_file
-
-
- &sm.uidcheck; &sm.uidcheck.dir; (note: only affected since PHP 4.2.1)
-
-
-
- Any function that uses
- php4/main/fopen_wrappers.c
-
- ??
-
-
-
-
-
-
-
-
-
-
+
+
+
+ Safe Mode
+
+
+ The PHP safe mode is an attempt to solve the shared-server security
+ problem. It is architecturally incorrect to try to solve this
+ problem at the PHP level, but since the alternatives at the web
+ server and OS levels aren't very realistic, many people,
+ especially ISP's, use safe mode for now.
+
+
+
+ Security and Safe Mode
+
+
+ For further details and definition of the PHP_INI_* constants see
+ ini_set.
+
+
+ Here is a short explanation of the configuration directives.
+
+
+
+ safe_mode
+ boolean
+
+
+
+ Whether to enable PHP's safe mode. Read the
+ Security and chapter for more
+ information.
+
+
+
+
+
+ safe_mode_gid
+ boolean
+
+
+
+ By default, Safe Mode does a UID compare check when
+ opening files. If you want to relax this to a GID compare,
+ then turn on safe_mode_gid.
+ Whether to use UID (&false;) or
+ GID (&true;) checking upon file
+ access.
+
+
+
+
+
+ safe_mode_include_dir
+ string
+
+
+
+ UID/GID checks are bypassed when
+ including files from this directory and its subdirectories (directory
+ must also be in include_path
+ or full path must including).
+
+
+ As of PHP 4.2.0, this directive can take a semi-colon separated
+ path in a similar fashion to the
+ include_path directive,
+ rather than just a single directory.
+
+
+ The restriction specified is actually a prefix, not a directory name.
+ This means that "safe_mode_include_dir = /dir/incl" also allows
+ access to "/dir/include" and "/dir/incls" if they exist. When you
+ want to restrict access to only the specified directory, end with a
+ slash. For example: "safe_mode_include_dir = /dir/incl/"
+
+
+
+
+
+ safe_mode_exec_dir
+ string
+
+
+
+ If PHP is used in safe mode, system and the other
+ functions executing system programs
+ refuse to start programs that are not in this directory.
+
+
+
+
+
+ safe_mode_allowed_env_vars
+ string
+
+
+
+ Setting certain environment variables may be a potential security breach.
+ This directive contains a comma-delimited list of prefixes. In Safe Mode,
+ the user may only alter environment variables whose names begin with the
+ prefixes supplied here. By default, users will only be able to set
+ environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
+
+
+
+ If this directive is empty, PHP will let the user modify ANY
+ environment variable!
+
+
+
+
+
+
+ safe_mode_protected_env_vars
+ string
+
+
+
+ This directive contains a comma-delimited list of environment
+ variables that the end user won't be able to change using
+ putenv. These variables will be protected
+ even if safe_mode_allowed_env_vars is set to allow to change them.
+
+
+
+
+
+ open_basedir
+ string
+
+
+
+ Limit the files that can be opened by PHP to the specified
+ directory-tree, including the file itself. This directive
+ is NOT affected by whether Safe Mode is
+ turned On or Off.
+
+
+ When a script tries to open a file with,
+ for example, fopen or gzopen, the location of the file is
+ checked. When the file is outside the specified directory-tree,
+ PHP will refuse to open it. All symbolic links are resolved,
+ so it's not possible to avoid this restriction with a symlink.
+
+
+ The special value .
+ indicates that the directory in which the script is stored will
+ be used as base-directory.
+
+
+ Under Windows, separate the directories with a semicolon. On all
+ other systems, separate the directories with a colon. As an Apache
+ module, open_basedir paths from parent directories are now
+ automatically inherited.
+
+
+ The restriction specified with open_basedir is actually a
+ prefix, not a directory name. This means that "open_basedir =
+ /dir/incl" also allows access to "/dir/include" and
+ "/dir/incls" if they exist. When you want to restrict access
+ to only the specified directory, end with a slash. For example:
+ "open_basedir = /dir/incl/"
+
+
+
+ Support for multiple directories was added in 3.0.7.
+
+
+
+ The default is to allow all files to be opened.
+
+
+
+
+
+ disable_functions
+ string
+
+
+
+ This directive allows you to disable certain functions for
+ security reasons. It takes
+ on a comma-dilimited list of function names. disable_functions
+ is not affected by Safe Mode.
+
+
+ This directive must be set in &php.ini; For example, you
+ cannot set this in httpd.conf.
+
+
+
+
+
+
+ See also: register_globals,
+ display_errors, and
+ log_errors
+
+
+
+ When safe_mode is on, PHP checks to see
+ if the owner of the current script matches the owner of the file to be
+ operated on by a file function. For example:
+
+
+
+ Running this script.php
+
+
+]]>
+
+ results in this error when safe mode is enabled:
+
+
+
+
+
+ However, there may be environments where a strict UID
+ check is not appropriate and a relaxed GID check is
+ sufficient. This is supported by means of the safe_mode_gid switch. Setting it to
+ On performs the relaxed GID checking,
+ setting it to Off (the default) performs
+ UID checking.
+
+
+ If instead of safe_mode, you set an
+ open_basedir directory then all
+ file operations will be limited to files under the specified directory
+ For example (Apache httpd.conf example):
+
+
+ php_admin_value open_basedir /docroot
+
+]]>
+
+ If you run the same script.php with this
+ open_basedir setting
+ then this is the result:
+
+
+
+
+
+ You can also disable individual functions. Note that the disable_functions
+ directive can not be used outside of the &php.ini; file which means that
+ you cannot disable functions on a per-virtualhost or per-directory basis
+ in your httpd.conf file.
+ If we add this to our &php.ini; file:
+
+
+
+ Then we get this output:
+
+
+
+
+
+
+
+ Functions restricted/disabled by safe mode
+
+ This is a still probably incomplete and possibly incorrect listing
+ of the functions limited by
+ safe mode.
+
+
+ Safe mode limited functions
+
+
+
+ Function
+ Limitations
+
+
+
+
+ dbmopen
+ &sm.uidcheck;
+
+
+ dbase_open
+ &sm.uidcheck;
+
+
+ filepro
+ &sm.uidcheck;
+
+
+ filepro_rowcount
+ &sm.uidcheck;
+
+
+ filepro_retrieve
+ &sm.uidcheck;
+
+
+ ifx_*
+ sql_safe_mode restrictions, (!= safe mode)
+
+
+
+ ingres_*
+ sql_safe_mode restrictions, (!= safe mode)
+
+
+
+ mysql_*
+ sql_safe_mode restrictions, (!= safe mode)
+
+
+
+ pg_loimport
+ &sm.uidcheck;
+
+
+
+ posix_mkfifo
+ &sm.uidcheck.dir;
+
+
+ putenv
+ Obeys the safe_mode_protected_env_vars and
+ safe_mode_allowed_env_vars ini-directives. See also the documentation
+ on putenv
+
+
+
+ move_uploaded_file
+ &sm.uidcheck;
+
+
+
+
+
+ chdir
+ &sm.uidcheck.dir;
+
+
+ dl
+ &sm.disabled;
+
+
+ backtick operator
+ &sm.disabled;
+
+
+ shell_exec (functional equivalent
+ of backticks)
+ &sm.disabled;
+
+
+ exec
+ You can only execute executables within the safe_mode_exec_dir.
+ For practical reasons it's currently not allowed to have
+ .. components in the path to the executable.
+
+
+ system
+ You can only execute executables within the safe_mode_exec_dir.
+ For practical reasons it's currently not allowed to have
+ .. components in the path to the executable.
+
+
+ passthru
+ You can only execute executables within the safe_mode_exec_dir.
+ For practical reasons it's currently not allowed to have
+ .. components in the path to the executable.
+
+
+ popen
+ You can only execute executables within the safe_mode_exec_dir.
+ For practical reasons it's currently not allowed to have
+ .. components in the path to the executable.
+
+
+
+ mkdir
+ &sm.uidcheck.dir;
+
+
+ rmdir
+ &sm.uidcheck;
+
+
+ rename
+ &sm.uidcheck; &sm.uidcheck.dir;
+
+
+ unlink
+ &sm.uidcheck; &sm.uidcheck.dir;
+
+
+ copy
+ &sm.uidcheck; &sm.uidcheck.dir; (on
+ source and
+ target)
+
+
+ chgrp
+ &sm.uidcheck;
+
+
+ chown
+ &sm.uidcheck;
+
+
+ chmod
+ &sm.uidcheck; In addition, you cannot
+ set the SUID, SGID and sticky bits
+
+
+ touch
+ &sm.uidcheck; &sm.uidcheck.dir;
+
+
+ symlink
+ &sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
+ checked)
+
+
+ link
+ &sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
+ checked)
+
+
+ getallheaders
+ In safe mode, headers beginning with 'authorization'
+ (case-insensitive)
+ will not be returned. Warning: this is broken with the aol-server
+ implementation of getallheaders!
+
+
+ header
+ In safe mode, the uid of the script is added to the
+ realm part of the
+ WWW-Authenticate header if you set this
+ header (used for HTTP Authentication).
+
+
+ PHP_AUTH variables
+
+ In safe mode, the variables PHP_AUTH_USER,
+ PHP_AUTH_PW, and AUTH_TYPE
+ are not available in $_SERVER. Regardless, you
+ can still use REMOTE_USER for the USER.
+ (note: only affected since PHP 4.3.0)
+
+
+
+
+ highlight_file,
+ show_source
+
+
+ &sm.uidcheck; &sm.uidcheck.dir; (note: only affected since PHP 4.2.1)
+
+
+
+
+ parse_ini_file
+
+
+ &sm.uidcheck; &sm.uidcheck.dir; (note: only affected since PHP 4.2.1)
+
+
+
+ Any function that uses
+ php4/main/fopen_wrappers.c
+
+ ??
+
+
+
+