sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 00:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move not safe mode settings (bug #46955)

Browse source 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@291064 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Jakub Vrana 2009-11-20 11:14:27 +00:00
parent 52d41fb3ab
commit 968f8d372f
2 changed files with 130 additions and 124 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

126
appendices/ini.xml
View file

@ -3722,6 +3722,18 @@ auto_prepend_file=security.php
<entry>PHP_INI_PERDIR</entry>
<entry>PHP_INI_ALL in PHP &lt;= 4.0.0.</entry>
</row>
<row>
<entry>disable_functions</entry>
<entry>""</entry>
<entry>&php.ini; only</entry>
<entry>Available since PHP 4.0.1.</entry>
</row>
<row>
<entry>disable_classes</entry>
<entry>""</entry>
<entry>&php.ini; only</entry>
<entry>Available since PHP 4.3.2.</entry>
</row>
<row>
<entry>expose_php</entry>
<entry>"1"</entry>
@ -3854,6 +3866,50 @@ auto_prepend_file=security.php
</listitem>
</varlistentry>
<varlistentry xml:id="ini.disable-functions">
<term>
<parameter>disable_functions</parameter>
<type>string</type>
</term>
<listitem>
<simpara>
This directive allows you to disable certain functions for
<link linkend="security">security</link> reasons. It takes
on a comma-delimited list of function names. disable_functions
is not affected by <link linkend="ini.safe-mode">Safe Mode</link>.
</simpara>
<simpara>
This directive must be set in &php.ini; For example, you
cannot set this in &httpd.conf;.
</simpara>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.disable-classes">
<term>
<parameter>disable_classes</parameter>
<type>string</type>
</term>
<listitem>
<simpara>
This directive allows you to disable certain classes for
<link linkend="security">security</link> reasons. It takes
on a comma-delimited list of class names. disable_classes
is not affected by <link linkend="ini.safe-mode">Safe Mode</link>.
</simpara>
<simpara>
This directive must be set in &php.ini; For example, you
cannot set this in &httpd.conf;.
</simpara>
<note>
<title>Availability note</title>
<simpara>
This directive became available in PHP 4.3.2
</simpara>
</note>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.zend.ze1-compatibility-mode">
<term>
<parameter>zend.ze1_compatibility_mode</parameter>
@ -4561,6 +4617,12 @@ auto_prepend_file=security.php
<entry>PHP_INI_ALL</entry>
<entry></entry>
</row>
<row>
<entry>open_basedir</entry>
<entry>NULL</entry>
<entry>PHP_INI_ALL</entry>
<entry>PHP_INI_SYSTEM in PHP &lt; 5.3.0</entry>
</row>
<row>
<entry>doc_root</entry>
<entry>NULL</entry>
@ -4709,6 +4771,70 @@ include_path=".;c:\php\includes"
</listitem>
</varlistentry>
<varlistentry xml:id="ini.open-basedir">
<term>
<parameter>open_basedir</parameter>
<type>string</type>
</term>
<listitem>
<para>
Limit the files that can be opened by PHP to the specified
directory-tree, including the file itself. This directive
is <emphasis>NOT</emphasis> affected by whether Safe Mode is
turned On or Off.
</para>
<para>
When a script tries to open a file with, for example,
<function>fopen</function> or <function>gzopen</function>,
the location of the file is checked. When the file is outside the
specified directory-tree, PHP will refuse to open it. All symbolic
links are resolved, so it's not possible to avoid this restriction
with a symlink. If the file doesn't exist then the symlink couldn't be
resolved and the filename is compared to (a resolved)
<option>open_basedir</option>.
</para>
<para>
The special value <systemitem class="filesystem">.</systemitem>
indicates that the working directory of the script will be used as the
base-directory. This is, however, a little dangerous as the working directory
of the script can easily be changed with <function>chdir</function>.
</para>
<para>
In <filename>httpd.conf</filename>, <option>open_basedir</option> can be turned off
(e.g. for some virtual hosts)
<link linkend="configuration.changes.apache">the same way</link> as
any other configuration directive with "<literal>php_admin_value open_basedir
none</literal>".
</para>
<para>
Under Windows, separate the directories with a semicolon. On all
other systems, separate the directories with a colon. As an Apache
module, <option>open_basedir</option> paths from parent directories are now
automatically inherited.
</para>
<para>
The restriction specified with <option>open_basedir</option> is actually a
prefix, not a directory name. This means that "<literal>open_basedir
= /dir/incl</literal>" also allows access to "<literal>/dir/include</literal>" and
"<literal>/dir/incls</literal>" if they exist. When you want to restrict access
to only the specified directory, end with a slash. For example:
<literal>open_basedir = /dir/incl/</literal>
</para>
<para>
The default is to allow all files to be opened.
</para>
<note>
<para>
As of PHP 5.3.0 open_basedir can be tightened at run-time. This means
that if open_basedir is set to <literal>/www/</literal> in &php.ini;
a script can tighten the configuration to
<literal>/www/tmp/</literal> at run-time with
<function>ini_set</function>
</para>
</note>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.doc-root">
<term>
<parameter>doc_root</parameter>

128
features/safe-mode.xml
View file

@ -67,24 +67,6 @@
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 6.0.0.</entry>
</row>
<row>
<entry>open_basedir</entry>
<entry>NULL</entry>
<entry>PHP_INI_ALL</entry>
<entry>PHP_INI_SYSTEM in PHP &lt; 5.3.0</entry>
</row>
<row>
<entry>disable_functions</entry>
<entry>""</entry>
<entry>&php.ini; only</entry>
<entry>Available since PHP 4.0.1.</entry>
</row>
<row>
<entry>disable_classes</entry>
<entry>""</entry>
<entry>&php.ini; only</entry>
<entry>Available since PHP 4.3.2.</entry>
</row>
</tbody>
</tgroup>
</table>
@ -210,115 +192,13 @@
</para>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.open-basedir">
<term>
<parameter>open_basedir</parameter>
<type>string</type>
</term>
<listitem>
<para>
Limit the files that can be opened by PHP to the specified
directory-tree, including the file itself. This directive
is <emphasis>NOT</emphasis> affected by whether Safe Mode is
turned On or Off.
</para>
<para>
When a script tries to open a file with, for example,
<function>fopen</function> or <function>gzopen</function>,
the location of the file is checked. When the file is outside the
specified directory-tree, PHP will refuse to open it. All symbolic
links are resolved, so it's not possible to avoid this restriction
with a symlink. If the file doesn't exist then the symlink couldn't be
resolved and the filename is compared to (a resolved)
<option>open_basedir</option>.
</para>
<para>
The special value <systemitem class="filesystem">.</systemitem>
indicates that the working directory of the script will be used as the
base-directory. This is, however, a little dangerous as the working directory
of the script can easily be changed with <function>chdir</function>.
</para>
<para>
In <filename>httpd.conf</filename>, <option>open_basedir</option> can be turned off
(e.g. for some virtual hosts)
<link linkend="configuration.changes.apache">the same way</link> as
any other configuration directive with "<literal>php_admin_value open_basedir
none</literal>".
</para>
<para>
Under Windows, separate the directories with a semicolon. On all
other systems, separate the directories with a colon. As an Apache
module, <option>open_basedir</option> paths from parent directories are now
automatically inherited.
</para>
<para>
The restriction specified with <option>open_basedir</option> is actually a
prefix, not a directory name. This means that "<literal>open_basedir
= /dir/incl</literal>" also allows access to "<literal>/dir/include</literal>" and
"<literal>/dir/incls</literal>" if they exist. When you want to restrict access
to only the specified directory, end with a slash. For example:
<literal>open_basedir = /dir/incl/</literal>
</para>
<para>
The default is to allow all files to be opened.
</para>
<note>
<para>
As of PHP 5.3.0 open_basedir can be tightened at run-time. This means
that if open_basedir is set to <literal>/www/</literal> in &php.ini;
a script can tighten the configuration to
<literal>/www/tmp/</literal> at run-time with
<function>ini_set</function>
</para>
</note>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.disable-functions">
<term>
<parameter>disable_functions</parameter>
<type>string</type>
</term>
<listitem>
<simpara>
This directive allows you to disable certain functions for
<link linkend="security">security</link> reasons. It takes
on a comma-delimited list of function names. disable_functions
is not affected by <link linkend="ini.safe-mode">Safe Mode</link>.
</simpara>
<simpara>
This directive must be set in &php.ini; For example, you
cannot set this in &httpd.conf;.
</simpara>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.disable-classes">
<term>
<parameter>disable_classes</parameter>
<type>string</type>
</term>
<listitem>
<simpara>
This directive allows you to disable certain classes for
<link linkend="security">security</link> reasons. It takes
on a comma-delimited list of class names. disable_classes
is not affected by <link linkend="ini.safe-mode">Safe Mode</link>.
</simpara>
<simpara>
This directive must be set in &php.ini; For example, you
cannot set this in &httpd.conf;.
</simpara>
<note>
<title>Availability note</title>
<simpara>
This directive became available in PHP 4.3.2
</simpara>
</note>
</listitem>
</varlistentry>
</variablelist>
</para>
<para>
See also: <link linkend="ini.register-globals">register_globals</link>,
See also: <link linkend="ini.open-basedir">open_basedir</link>,
<link linkend="ini.disable-functions">disable_functions</link>,
<link linkend="ini.disable-classes">disable_classes</link>,
<link linkend="ini.register-globals">register_globals</link>,
<link linkend="ini.display-errors">display_errors</link>, and
<link linkend="ini.log-errors">log_errors</link>.
</para>