From 968f8d372f3cdebdf4e327459861380bbfe00569 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Fri, 20 Nov 2009 11:14:27 +0000 Subject: [PATCH] Move not safe mode settings (bug #46955) git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@291064 c90b9560-bf6c-de11-be94-00142212c4b1 --- appendices/ini.xml | 126 ++++++++++++++++++++++++++++++++++++++++ features/safe-mode.xml | 128 ++--------------------------------------- 2 files changed, 130 insertions(+), 124 deletions(-) diff --git a/appendices/ini.xml b/appendices/ini.xml index 1f3521546c..35bf1dc29f 100644 --- a/appendices/ini.xml +++ b/appendices/ini.xml @@ -3722,6 +3722,18 @@ auto_prepend_file=security.php PHP_INI_PERDIR PHP_INI_ALL in PHP <= 4.0.0. + + disable_functions + "" + &php.ini; only + Available since PHP 4.0.1. + + + disable_classes + "" + &php.ini; only + Available since PHP 4.3.2. + expose_php "1" @@ -3854,6 +3866,50 @@ auto_prepend_file=security.php + + + disable_functions + string + + + + This directive allows you to disable certain functions for + security reasons. It takes + on a comma-delimited list of function names. disable_functions + is not affected by Safe Mode. + + + This directive must be set in &php.ini; For example, you + cannot set this in &httpd.conf;. + + + + + + + disable_classes + string + + + + This directive allows you to disable certain classes for + security reasons. It takes + on a comma-delimited list of class names. disable_classes + is not affected by Safe Mode. + + + This directive must be set in &php.ini; For example, you + cannot set this in &httpd.conf;. + + + Availability note + + This directive became available in PHP 4.3.2 + + + + + zend.ze1_compatibility_mode @@ -4561,6 +4617,12 @@ auto_prepend_file=security.php PHP_INI_ALL + + open_basedir + NULL + PHP_INI_ALL + PHP_INI_SYSTEM in PHP < 5.3.0 + doc_root NULL @@ -4709,6 +4771,70 @@ include_path=".;c:\php\includes" + + + open_basedir + string + + + + Limit the files that can be opened by PHP to the specified + directory-tree, including the file itself. This directive + is NOT affected by whether Safe Mode is + turned On or Off. + + + When a script tries to open a file with, for example, + fopen or gzopen, + the location of the file is checked. When the file is outside the + specified directory-tree, PHP will refuse to open it. All symbolic + links are resolved, so it's not possible to avoid this restriction + with a symlink. If the file doesn't exist then the symlink couldn't be + resolved and the filename is compared to (a resolved) + . + + + The special value . + indicates that the working directory of the script will be used as the + base-directory. This is, however, a little dangerous as the working directory + of the script can easily be changed with chdir. + + + In httpd.conf, can be turned off + (e.g. for some virtual hosts) + the same way as + any other configuration directive with "php_admin_value open_basedir + none". + + + Under Windows, separate the directories with a semicolon. On all + other systems, separate the directories with a colon. As an Apache + module, paths from parent directories are now + automatically inherited. + + + The restriction specified with is actually a + prefix, not a directory name. This means that "open_basedir + = /dir/incl" also allows access to "/dir/include" and + "/dir/incls" if they exist. When you want to restrict access + to only the specified directory, end with a slash. For example: + open_basedir = /dir/incl/ + + + The default is to allow all files to be opened. + + + + As of PHP 5.3.0 open_basedir can be tightened at run-time. This means + that if open_basedir is set to /www/ in &php.ini; + a script can tighten the configuration to + /www/tmp/ at run-time with + ini_set + + + + + doc_root diff --git a/features/safe-mode.xml b/features/safe-mode.xml index b2f7e879b6..f3e8f3e7bb 100644 --- a/features/safe-mode.xml +++ b/features/safe-mode.xml @@ -67,24 +67,6 @@ PHP_INI_SYSTEM Removed in PHP 6.0.0. - - open_basedir - NULL - PHP_INI_ALL - PHP_INI_SYSTEM in PHP < 5.3.0 - - - disable_functions - "" - &php.ini; only - Available since PHP 4.0.1. - - - disable_classes - "" - &php.ini; only - Available since PHP 4.3.2. - @@ -210,115 +192,13 @@ - - - open_basedir - string - - - - Limit the files that can be opened by PHP to the specified - directory-tree, including the file itself. This directive - is NOT affected by whether Safe Mode is - turned On or Off. - - - When a script tries to open a file with, for example, - fopen or gzopen, - the location of the file is checked. When the file is outside the - specified directory-tree, PHP will refuse to open it. All symbolic - links are resolved, so it's not possible to avoid this restriction - with a symlink. If the file doesn't exist then the symlink couldn't be - resolved and the filename is compared to (a resolved) - . - - - The special value . - indicates that the working directory of the script will be used as the - base-directory. This is, however, a little dangerous as the working directory - of the script can easily be changed with chdir. - - - In httpd.conf, can be turned off - (e.g. for some virtual hosts) - the same way as - any other configuration directive with "php_admin_value open_basedir - none". - - - Under Windows, separate the directories with a semicolon. On all - other systems, separate the directories with a colon. As an Apache - module, paths from parent directories are now - automatically inherited. - - - The restriction specified with is actually a - prefix, not a directory name. This means that "open_basedir - = /dir/incl" also allows access to "/dir/include" and - "/dir/incls" if they exist. When you want to restrict access - to only the specified directory, end with a slash. For example: - open_basedir = /dir/incl/ - - - The default is to allow all files to be opened. - - - - As of PHP 5.3.0 open_basedir can be tightened at run-time. This means - that if open_basedir is set to /www/ in &php.ini; - a script can tighten the configuration to - /www/tmp/ at run-time with - ini_set - - - - - - - disable_functions - string - - - - This directive allows you to disable certain functions for - security reasons. It takes - on a comma-delimited list of function names. disable_functions - is not affected by Safe Mode. - - - This directive must be set in &php.ini; For example, you - cannot set this in &httpd.conf;. - - - - - - disable_classes - string - - - - This directive allows you to disable certain classes for - security reasons. It takes - on a comma-delimited list of class names. disable_classes - is not affected by Safe Mode. - - - This directive must be set in &php.ini; For example, you - cannot set this in &httpd.conf;. - - - Availability note - - This directive became available in PHP 4.3.2 - - - - - See also: register_globals, + See also: open_basedir, + disable_functions, + disable_classes, + register_globals, display_errors, and log_errors.