Remove safe_mode related information

Sorry, translators, for breaking your builds again.


git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@350871 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Christoph Michael Becker 2020-10-13 22:07:26 +00:00
parent ab003724ad
commit dec1f8445a
51 changed files with 40 additions and 829 deletions

View file

@ -1590,8 +1590,7 @@ include_path = ".:${USER}/pear/php"
<listitem>
<para>
PHP's "root directory" on the server. Only used if
non-empty. If PHP is configured with &safemode;, no files outside
this directory are served.
non-empty.
If PHP was not compiled with FORCE_REDIRECT, you <emphasis>should
</emphasis> set doc_root if you are running PHP as a CGI under any web
server (other than IIS). The alternative is to use the

View file

@ -2045,42 +2045,6 @@
<entry>PHP_INI_PERDIR</entry>
<entry></entry>
</row>
<row>
<entry><link linkend="ini.safe-mode">safe_mode</link></entry>
<entry>"0"</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-allowed-env-vars">safe_mode_allowed_env_vars</link></entry>
<entry>"PHP_"</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link></entry>
<entry>""</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-gid">safe_mode_gid</link></entry>
<entry>"0"</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link></entry>
<entry>NULL</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-protected-env-vars">safe_mode_protected_env_vars</link></entry>
<entry>"LD_LIBRARY_PATH"</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.sendmail-from">sendmail_from</link></entry>
<entry>NULL</entry>

View file

@ -579,7 +579,7 @@ try {
</listitem>
<listitem>
<simpara>
<link linkend="ini.safe-mode">safe_mode</link>
safe_mode
</simpara>
</listitem>
<listitem>

View file

@ -60,7 +60,7 @@
<itemizedlist>
<listitem>
<simpara>
<link linkend="features.safe-mode">Safe mode</link> is no
Safe mode is no
longer supported. Any applications that rely on safe mode may need
adjustment, in terms of security.
</simpara>
@ -1321,12 +1321,12 @@
</listitem>
<listitem>
<simpara>
<link linkend="ini.safe-mode">safe_mode</link>,
<link linkend="ini.safe-mode-gid">safe_mode_gid</link>,
<link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>,
<link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>,
<link linkend="ini.safe-mode-allowed-env-vars">safe_mode_allowed_env_vars</link>, and
<link linkend="ini.safe-mode-protected-env-vars">safe_mode_protected_env_vars</link>
safe_mode,
safe_mode_gid,
safe_mode_include_dir,
safe_mode_exec_dir,
safe_mode_allowed_env_vars, and
safe_mode_protected_env_vars
</simpara>
</listitem>
</itemizedlist>

View file

@ -138,17 +138,6 @@ function http_digest_parse($txt)
for now.
</para>
<simpara>
In order to prevent someone from writing a script which
reveals the password for a page that was authenticated through a
traditional external mechanism, the PHP_AUTH variables will not be
set if external authentication is enabled for that particular
page and &safemode; is enabled. Regardless,
<varname>REMOTE_USER</varname> can be used
to identify the externally-authenticated user. So, you can use
<varname>$_SERVER['REMOTE_USER']</varname>.
</simpara>
<note>
<title>Configuration Note</title>
<para>
@ -223,13 +212,6 @@ if (!isset($_SERVER['PHP_AUTH_USER']) ||
be set to <literal>0</literal> (the default value).
</simpara>
</note>
<note>
<para>
If <link linkend="ini.safe-mode">safe mode</link> is enabled, the
uid of the script is added to the <literal>realm</literal> part of
the <literal>WWW-Authenticate</literal> header.
</para>
</note>
</chapter>

View file

@ -1,610 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<chapter xml:id="features.safe-mode" xmlns="http://docbook.org/ns/docbook">
<title>Safe Mode</title>
<para>
The PHP safe mode is an attempt to solve the shared-server security
problem. It is architecturally incorrect to try to solve this
problem at the PHP level, but since the alternatives at the web
server and OS levels aren't very realistic, many people,
especially ISP's, use safe mode for now.
</para>
&warn.deprecated.feature-5-3-0.removed-5-4-0;
<para>
<table>
<title>Changelog for <literal>safe mode</literal></title>
<tgroup cols="2">
<thead>
<row>
<entry>&Version;</entry>
<entry>&Description;</entry>
</row>
</thead>
<tbody>
<row>
<entry>5.4.0</entry>
<entry>
Removed from PHP, and generates a fatal <constant>E_CORE_ERROR</constant>
level error when enabled.
</entry>
</row>
<row>
<entry>5.3.0</entry>
<entry>
Deprecated, and <constant>E_DEPRECATED</constant> errors were added.
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
<sect1 xml:id="ini.sect.safe-mode">
<title>Security and Safe Mode</title>
<para>
<table>
<title>Security and Safe Mode Configuration Directives</title>
<tgroup cols="4">
<thead>
<row>
<entry>&Name;</entry>
<entry>&Default;</entry>
<entry>&Changeable;</entry>
<entry>&Changelog;</entry>
</row>
</thead>
<tbody>
<row>
<entry><link linkend="ini.safe-mode">safe_mode</link></entry>
<entry>"0"</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-gid">safe_mode_gid</link></entry>
<entry>"0"</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link></entry>
<entry>NULL</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link></entry>
<entry>""</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-allowed-env-vars">safe_mode_allowed_env_vars</link></entry>
<entry>"PHP_"</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
<row>
<entry><link linkend="ini.safe-mode-protected-env-vars">safe_mode_protected_env_vars</link></entry>
<entry>"LD_LIBRARY_PATH"</entry>
<entry>PHP_INI_SYSTEM</entry>
<entry>Removed in PHP 5.4.0.</entry>
</row>
</tbody>
</tgroup>
</table>
&ini.php.constants;
</para>
&ini.descriptions.title;
<para>
<variablelist>
<varlistentry xml:id="ini.safe-mode">
<term>
<parameter>safe_mode</parameter>
<type>boolean</type>
</term>
<listitem>
<para>
Whether to enable PHP's safe mode.
If PHP is compiled with <literal>--enable-safe-mode</literal> then
defaults to On, otherwise Off.
</para>
&warn.deprecated.feature-5-3-0.removed-5-4-0;
</listitem>
</varlistentry>
<varlistentry xml:id="ini.safe-mode-gid">
<term>
<parameter>safe_mode_gid</parameter>
<type>boolean</type>
</term>
<listitem>
<para>
By default, Safe Mode does a UID compare check when
opening files. If you want to relax this to a GID compare,
then turn on safe_mode_gid.
Whether to use <literal>UID</literal> (&false;) or
<literal>GID</literal> (&true;) checking upon file
access.
</para>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.safe-mode-include-dir">
<term>
<parameter>safe_mode_include_dir</parameter>
<type>string</type>
</term>
<listitem>
<para>
<literal>UID</literal>/<literal>GID</literal> checks are bypassed when
including files from this directory and its subdirectories (directory
must also be in <link linkend="ini.include-path">include_path</link>
or full path must including).
</para>
<simpara>
This directive can take a colon (semi-colon on
Windows) separated path in a fashion similar to the
<link linkend="ini.include-path">include_path</link> directive,
rather than just a single directory.
</simpara>
<simpara>
The restriction specified is actually a prefix, not a directory name.
This means that "<literal>safe_mode_include_dir = /dir/incl</literal>" also allows
access to "<literal>/dir/include</literal>" and
"<literal>/dir/incls</literal>" if they exist. When you
want to restrict access to only the specified directory, end with a
slash. For example: "<literal>safe_mode_include_dir = /dir/incl/</literal>"
</simpara>
<simpara>
If the value of this directive is empty, no files with different
<literal>UID</literal>/<literal>GID</literal> can be included.
</simpara>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.safe-mode-exec-dir">
<term>
<parameter>safe_mode_exec_dir</parameter>
<type>string</type>
</term>
<listitem>
<para>
If PHP is used in safe mode, <function>system</function> and the other
<link linkend="ref.exec">functions executing system programs</link>
refuse to start programs that are not in this directory.
You have to use <literal>/</literal> as directory separator on all
environments including Windows.
</para>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.safe-mode-allowed-env-vars">
<term>
<parameter>safe_mode_allowed_env_vars</parameter>
<type>string</type>
</term>
<listitem>
<para>
Setting certain environment variables may be a potential security breach.
This directive contains a comma-delimited list of prefixes. In Safe Mode,
the user may only alter environment variables whose names begin with the
prefixes supplied here. By default, users will only be able to set
environment variables that begin with <literal>PHP_</literal>
(e.g. <literal>PHP_FOO=BAR</literal>).
</para>
<note>
<para>
If this directive is empty, PHP will let the user modify ANY
environment variable!
</para>
</note>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.safe-mode-protected-env-vars">
<term>
<parameter>safe_mode_protected_env_vars</parameter>
<type>string</type>
</term>
<listitem>
<para>
This directive contains a comma-delimited list of environment
variables that the end user won't be able to change using
<function>putenv</function>. These variables will be protected
even if safe_mode_allowed_env_vars is set to allow to change them.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
<para>
See also: <link linkend="ini.open-basedir">open_basedir</link>,
<link linkend="ini.disable-functions">disable_functions</link>,
<link linkend="ini.disable-classes">disable_classes</link>,
<link linkend="ini.register-globals">register_globals</link>,
<link linkend="ini.display-errors">display_errors</link>, and
<link linkend="ini.log-errors">log_errors</link>.
</para>
<para>
When <link linkend="ini.safe-mode">safe_mode</link> is on, PHP checks to see
if the owner of the current script matches the owner of the file to be
operated on by a file function or its directory. For example:
<programlisting role="ls">
<![CDATA[
-rw-rw-r-- 1 rasmus rasmus 33 Jul 1 19:20 script.php
-rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd
]]>
</programlisting>
Running <filename>script.php</filename>:
<programlisting role="php">
<![CDATA[
<?php
readfile('/etc/passwd');
?>
]]>
</programlisting>
results in this error when safe mode is enabled:
<screen>
<![CDATA[
Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not
allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
]]>
</screen>
</para>
<para>
However, there may be environments where a strict <literal>UID</literal>
check is not appropriate and a relaxed <literal>GID</literal> check is
sufficient. This is supported by means of the <link
linkend="ini.safe-mode-gid">safe_mode_gid</link> switch. Setting it to
<literal>On</literal> performs the relaxed <literal>GID</literal> checking,
setting it to <literal>Off</literal> (the default) performs
<literal>UID</literal> checking.
</para>
<para>
If instead of <link linkend="ini.safe-mode">safe_mode</link>, you set an
<link linkend="ini.open-basedir">open_basedir</link> directory then all
file operations will be limited to files under the specified directory.
For example (Apache &httpd.conf; example):
<programlisting role="ini">
<![CDATA[
<Directory /docroot>
php_admin_value open_basedir /docroot
</Directory>
]]>
</programlisting>
If you run the same <filename>script.php</filename> with this
<link linkend="ini.open-basedir">open_basedir</link> setting
then this is the result:
<screen>
<![CDATA[
Warning: open_basedir restriction in effect. File is in wrong directory in
/docroot/script.php on line 2
]]>
</screen>
</para>
<para>
You can also disable individual functions. Note that the
<link linkend="ini.disable-functions">disable_functions</link>
directive can not be used outside of the &php.ini; file which means that
you cannot disable functions on a per-virtualhost or per-directory basis
in your &httpd.conf; file.
If we add this to our &php.ini; file:
<programlisting role="ini">
<![CDATA[
disable_functions = readfile,system
]]>
</programlisting>
Then we get this output:
<screen>
<![CDATA[
Warning: readfile() has been disabled for security reasons in
/docroot/script.php on line 2
]]>
</screen>
</para>
<warning>
<para>
These PHP restrictions are not valid in executed binaries, of course.
</para>
</warning>
</sect1>
<sect1 xml:id="features.safe-mode.functions">
<title>Functions restricted/disabled by safe mode</title>
<para>
This is a still probably incomplete and possibly incorrect listing
of the functions limited by
<link linkend="features.safe-mode">safe mode</link>.
<!-- TODO: add &note.sm.*; to the functions mentioned here.
That entity should link to this section -->
<table>
<title>Safe mode limited functions</title>
<tgroup cols="2">
<thead>
<row>
<entry>Function</entry>
<entry>Limitations</entry>
</row>
</thead>
<tbody>
<row>
<entry><function>dbmopen</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>dbase_open</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>filepro</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>filepro_rowcount</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>filepro_retrieve</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry>ifx_*</entry>
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
<!-- TODO: more info on sql-safe-mode -->
</row>
<row>
<entry>ingres_*</entry>
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
<!-- TODO: more info on sql-safe-mode -->
</row>
<row>
<entry>mysql_*</entry>
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
<!-- TODO: more info on sql-safe-mode -->
</row>
<row>
<entry><function>pg_lo_import</function></entry>
<entry>&sm.uidcheck;</entry>
<!-- source TODO: there is no PHP-warning for that safe-mode-restriction -->
</row>
<row>
<entry><function>posix_mkfifo</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>putenv</function></entry>
<entry>Obeys the safe_mode_protected_env_vars and
safe_mode_allowed_env_vars ini-directives. See also the documentation
on <function>putenv</function></entry>
<!-- TODO: document those directives in chapters/config.xml -->
</row>
<row>
<entry><function>move_uploaded_file</function></entry>
<entry>&sm.uidcheck; <!-- TODO: check this --></entry>
</row>
<!-- TODO: from here on, add warning to the function itself -->
<row>
<entry><function>chdir</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>dl</function></entry>
<entry>&sm.disabled;</entry>
</row>
<row>
<entry><link linkend="language.operators.execution">backtick operator</link></entry>
<entry>&sm.disabled;</entry>
</row>
<row>
<entry><function>shell_exec</function> (functional equivalent
of backticks)</entry>
<entry>&sm.disabled;</entry>
</row>
<row>
<entry><function>exec</function></entry>
<entry>You can only execute executables within the <link
linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
For practical reasons it's currently not allowed to have
<literal>..</literal> components in the path to the executable.
<function>escapeshellcmd</function> is executed on the argument of this
function.</entry>
</row>
<row>
<entry><function>system</function></entry>
<entry>You can only execute executables within the <link
linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
For practical reasons it's currently not allowed to have
<literal>..</literal> components in the path to the executable.
<function>escapeshellcmd</function> is executed on the argument of this
function.</entry>
</row>
<row>
<entry><function>passthru</function></entry>
<entry>You can only execute executables within the <link
linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
For practical reasons it's currently not allowed to have
<literal>..</literal> components in the path to the executable.
<function>escapeshellcmd</function> is executed on the argument of this
function.</entry>
</row>
<row>
<entry><function>popen</function></entry>
<entry>You can only execute executables within the <link
linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
For practical reasons it's currently not allowed to have
<literal>..</literal> components in the path to the executable.
<function>escapeshellcmd</function> is executed on the argument of this
function.</entry>
<!-- TODO: not sure. popen uses a completely different implementation
Don't know why, don't know whether it's behaving the same -->
</row>
<row>
<entry><function>fopen</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>mkdir</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>rmdir</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>rename</function></entry>
<entry>&sm.uidcheck; &sm.uidcheck.dir;<!-- on the old name only, it seems. Is rename preventing moving files? --></entry>
</row>
<row>
<entry><function>unlink</function></entry>
<entry>&sm.uidcheck; &sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>copy</function></entry>
<entry>&sm.uidcheck; &sm.uidcheck.dir; (on
<parameter>source</parameter> and
<parameter>target</parameter>)</entry>
</row>
<row>
<entry><function>chgrp</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>chown</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>chmod</function></entry>
<entry>&sm.uidcheck; In addition, you cannot
set the SUID, SGID and sticky bits</entry>
</row>
<row>
<entry><function>touch</function></entry>
<entry>&sm.uidcheck; &sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>symlink</function></entry>
<entry>&sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
checked)</entry>
</row>
<row>
<entry><function>link</function></entry>
<entry>&sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
checked)</entry>
</row>
<row>
<entry><function>apache_request_headers</function></entry>
<entry>In safe mode, headers beginning with <literal>authorization</literal>
(case-insensitive) will not be returned.</entry>
</row>
<row>
<entry><function>header</function></entry>
<entry>In safe mode, the uid of the script is added to the
<literal>realm</literal> part of the
<literal>WWW-Authenticate</literal> header if you set this
header (used for HTTP Authentication).</entry>
</row>
<row>
<entry><link linkend="features.http-auth">PHP_AUTH variables</link></entry>
<entry>
In safe mode, the variables <varname>PHP_AUTH_USER</varname>,
<varname>PHP_AUTH_PW</varname>, and <varname>AUTH_TYPE</varname>
are not available in <varname>$_SERVER</varname>. Regardless, you
can still use <varname>REMOTE_USER</varname> for the USER.
(note: only affected since PHP 4.3.0)
</entry>
</row>
<row>
<entry>
<function>highlight_file</function>,
<function>show_source</function>
</entry>
<entry>
&sm.uidcheck; &sm.uidcheck.dir;
</entry>
</row>
<row>
<entry>
<function>parse_ini_file</function>
</entry>
<entry>
&sm.uidcheck; &sm.uidcheck.dir;
</entry>
</row>
<row>
<entry>
<function>set_time_limit</function>
</entry>
<entry>
Has no effect when PHP is running in &safemode;.
</entry>
</row>
<row>
<entry>
<link linkend="ini.max-execution-time">max_execution_time</link>
</entry>
<entry>
Has no effect when PHP is running in &safemode;.
</entry>
</row>
<row>
<entry>
<function>mail</function>
</entry>
<entry>
In safe mode, the fifth parameter is disabled.
</entry>
</row>
<row>
<entry>
<function>session_start</function>
</entry>
<entry>
The owner of a script must be the same as owner of a <link
linkend="ini.session.save-path">session.save_path</link> directory if
the default <literal>files</literal> <link
linkend="ini.session.save-handler">session.save_handler</link> is
used.
</entry>
</row>
<row>
<entry>
All filesystem and stream functions.
</entry>
<entry>
&sm.uidcheck; &sm.uidcheck.dir; (see the <link
linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>
&php.ini; option.
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->

View file

@ -31,7 +31,7 @@
If you want to get help on the mailing list, please try to be
precise and give the necessary details about your environment
(which operating system, what PHP version, what web server, if
you are running PHP as CGI or a server module, &safemode;, etc.), and
you are running PHP as CGI or a server module, etc.), and
preferably enough code to make others able to reproduce and test
your problem.
</simpara>

View file

@ -1269,13 +1269,17 @@ is printed or viewed but it will show up if the document is converted to
pdf by either Acrobat Distiller™ or Ghostview.</para>'>
<!-- Notes for safe-mode limited functions: -->
<!-- Not used in EN anymore -->
<!ENTITY note.sm.disabled '<note xmlns="http://docbook.org/ns/docbook"><simpara>&sm.disabled;</simpara></note>'>
<!-- Not used in EN anymore -->
<!ENTITY note.sm.uidcheck '<note xmlns="http://docbook.org/ns/docbook"><simpara>When <link
linkend="features.safe-mode">safe mode</link> is enabled, PHP checks whether
the files or directories being operated upon have the same UID (owner) as the
script that is being executed.</simpara></note>'>
<!-- Not used in EN anymore -->
<!ENTITY note.sm.uidcheck.dir '<note xmlns="http://docbook.org/ns/docbook"><simpara>When <link
linkend="features.safe-mode">safe mode</link> is enabled, PHP checks whether
the directory in which the script is operating has the same UID (owner) as the
@ -1293,23 +1297,29 @@ language construct and not a function, it cannot be called using
<!-- Common pieces in features/safe-mode.xml
Jade doesn't allow in-line entities, so I put them here... Though they
should have been inline in safe-mode.xml -->
<!-- Not used in EN anymore -->
<!ENTITY sm.uidcheck 'Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.'>
<!-- Not used in EN anymore -->
<!ENTITY warn.sm.exec '<warning xmlns="http://docbook.org/ns/docbook"><simpara>With <link linkend="features.safe-mode">safe mode</link> enabled,
the command string is escaped with <function>escapeshellcmd</function>. Thus,
<literal>echo y | echo x</literal> becomes <literal>echo y \| echo x</literal>.</simpara></warning>'>
<!-- Not used in EN anymore -->
<!ENTITY note.exec-path '<note xmlns="http://docbook.org/ns/docbook"><simpara>When
<link linkend="features.safe-mode">safe mode</link> is enabled, you can only
execute files within the <link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
For practical reasons, it is currently not allowed to have <literal>..</literal>
components in the path to the executable.</simpara></note>'>
<!-- Not used in EN anymore -->
<!ENTITY sm.uidcheck.dir 'Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.'>
<!-- Not used in EN anymore -->
<!ENTITY sm.disabled 'This function is disabled when PHP is running in <link xmlns="http://docbook.org/ns/docbook"
linkend="features.safe-mode">safe mode</link>.'>

View file

@ -1914,8 +1914,8 @@ echo "<pre>$output</pre>";
</para>
<note>
<para>
The backtick operator is disabled when &safemode; is enabled
or <function>shell_exec</function> is disabled.
The backtick operator is disabled when
<function>shell_exec</function> is disabled.
</para>
</note>
<note>

View file

@ -31,11 +31,6 @@
</para>
</refsect1>
<refsect1 role="notes">
&reftitle.notes;
&note.sm.disabled;
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>

View file

@ -382,7 +382,7 @@
<listitem>
<simpara>
This constant is not available when <link linkend="ini.open-basedir">open_basedir</link>
or <link linkend="ini.safe-mode">safe_mode</link> are enabled.
is enabled.
</simpara>
</listitem>
</varlistentry>

View file

@ -19,7 +19,6 @@
If the file already exists, it is not truncated.
<function>dbase_pack</function> can be called to force truncation.
</para>
&note.sm.uidcheck;
&note.open-basedir.func;
</refsect1>
<refsect1 role="parameters">

View file

@ -16,7 +16,6 @@
<function>dbase_open</function> opens a dBase database with the given
access mode.
</para>
&note.sm.uidcheck;
&note.open-basedir.func;
</refsect1>
<refsect1 role="parameters">

View file

@ -82,7 +82,6 @@ echo getcwd() . "\n";
<refsect1 role="notes">
&reftitle.notes;
&note.sm.uidcheck.dir;
<caution>
<para>
If the PHP interpreter has been built with ZTS (Zend Thread Safety) enabled,

View file

@ -99,8 +99,6 @@ echo exec('whoami');
&warn.escapeshell;
&note.exec-bg;
&note.exec-bypass-shell;
&note.exec-path;
&warn.sm.exec;
</refsect1>
<refsect1 role="seealso">

View file

@ -65,8 +65,6 @@
&reftitle.notes;
&warn.escapeshell;
&note.exec-bg;
&note.exec-path;
&warn.sm.exec;
</refsect1>
<refsect1 role="seealso">

View file

@ -75,15 +75,6 @@ echo "<pre>$output</pre>";
</para>
</refsect1>
<refsect1 role="notes">
&reftitle.notes;
<note>
<para>
&sm.disabled;
</para>
</note>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>

View file

@ -96,8 +96,6 @@ echo '
&reftitle.notes;
&warn.escapeshell;
&note.exec-bg;
&note.exec-path;
&warn.sm.exec;
</refsect1>
<refsect1 role="seealso">

View file

@ -21,9 +21,6 @@
<para>
These functions are also closely related to the
<link linkend="language.operators.execution">backtick operator</link>.
Also, while in &safemode; you
must consider the <link linkend="ini.safe-mode-exec-dir">
safe_mode_exec_dir</link> directive.
</para>
</section>

View file

@ -15,7 +15,6 @@
<para>
Returns the data from the specified location in the database.
</para>
&note.sm.uidcheck;
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;

View file

@ -14,7 +14,6 @@
<para>
Returns the number of rows in the opened filePro database.
</para>
&note.sm.uidcheck;
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;

View file

@ -19,7 +19,6 @@
No locking is done, so you should avoid modifying your filePro
database while it may be opened in PHP.
</para>
&note.sm.uidcheck;
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;

View file

@ -78,7 +78,6 @@ printf($format, $filename, date('r'), filegroup($filename));
<refsect1 role="notes">
&reftitle.notes;
&note.no-remote;
&note.sm.uidcheck;
<note>
<simpara>
On Windows, this function fails silently when applied on a regular file.

View file

@ -109,14 +109,6 @@ chmod("/somedir/somefile", 0750);
</para>
</note>
&note.no-remote;
<note>
<para>
When &safemode; is enabled, PHP checks whether the files or directories
you are about to operate on have the same UID (owner) as the script that
is being executed. In addition, you cannot set the SUID, SGID and sticky
bits.
</para>
</note>
</refsect1>
<refsect1 role="seealso">

View file

@ -97,7 +97,6 @@ Array
<refsect1 role="notes">
&reftitle.notes;
&note.no-remote;
&note.sm.uidcheck;
<note>
<simpara>
On Windows, this function fails silently when applied on a regular file.

View file

@ -50,15 +50,6 @@
files.
</para>
</note>
<warning>
<para>
This function returns &false; for files inaccessible due to <link
linkend="features.safe-mode">safe mode</link> restrictions. However these
files still can be <link linkend="function.include">included</link> if
they are located in <link
linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>.
</para>
</warning>
<note>
<para>
The check is done using the real UID/GID instead of the effective one.

View file

@ -80,7 +80,6 @@ print_r(posix_getgrgid(filegroup($filename)));
<simplelist>
<member><function>fileowner</function></member>
<member><function>posix_getgrgid</function></member>
<member><link linkend="ini.safe-mode-gid">safe_mode_gid</link></member>
</simplelist>
</para>
</refsect1>

View file

@ -41,8 +41,8 @@
a local file, then it will try to open a stream on that file.
The file must be accessible to PHP, so you need to ensure that
the file access permissions allow this access.
If you have enabled &safemode;
or <link linkend="ini.open-basedir">open_basedir</link> further
If you have enabled
<link linkend="ini.open-basedir">open_basedir</link> further
restrictions may apply.
</para>
<para>
@ -325,7 +325,6 @@ $handle = fopen("ftp://user:password@example.com/somefile.txt", "w");
<refsect1 role="notes">
&reftitle.notes;
&warn.ssl-non-standard;
&note.sm.uidcheck.dir;
<note>
<para>
If you are experiencing problems with reading and writing to files and

View file

@ -28,8 +28,8 @@
Path to the file. If <parameter>filename</parameter> is a relative
filename, it will be checked relative to the current working
directory. If <parameter>filename</parameter> is a symbolic or hard link
then the link will be resolved and checked. If you have enabled &safemode;,
or <link linkend="ini.open-basedir">open_basedir</link> further
then the link will be resolved and checked. If you have enabled
<link linkend="ini.open-basedir">open_basedir</link> further
restrictions may apply.
</para>
</listitem>

View file

@ -78,7 +78,6 @@ lchgrp($link, 8);
<refsect1 role="notes">
&reftitle.notes;
&note.no-remote;
&note.sm.uidcheck;
&note.no-windows;
</refsect1>

View file

@ -76,7 +76,6 @@ lchown($link, 8);
<refsect1 role="notes">
&reftitle.notes;
&note.no-remote;
&note.sm.uidcheck;
&note.no-windows;
</refsect1>

View file

@ -129,11 +129,6 @@ if (!mkdir($structure, 0777, true)) {
</para>
</refsect1>
<refsect1 role="notes">
&reftitle.notes;
&note.sm.uidcheck.dir;
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>

View file

@ -100,8 +100,8 @@ foreach ($_FILES["pictures"]["error"] as $key => $error) {
&reftitle.notes;
<note>
<para>
<function>move_uploaded_file</function> is both &safemode;
and <link linkend="ini.open-basedir">open_basedir</link>
<function>move_uploaded_file</function> is
<link linkend="ini.open-basedir">open_basedir</link>
aware. However, restrictions are placed only on the
<parameter>destination</parameter> path as to allow the moving
of uploaded files in which <parameter>filename</parameter> may conflict

View file

@ -107,8 +107,6 @@ pclose($handle);
<function>proc_open</function>.
</para>
</note>
&note.exec-path;
&warn.sm.exec;
</refsect1>
<refsect1 role="seealso">

View file

@ -69,11 +69,6 @@ rmdir('examples');
</para>
</refsect1>
<refsect1 role="notes">
&reftitle.notes;
&note.sm.uidcheck.dir;
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>

View file

@ -265,8 +265,7 @@
<para>
The default host to connect to when no host is specified
in <function>ifx_connect</function> or
<function>ifx_pconnect</function>. Doesn't apply in
&safemode;.
<function>ifx_pconnect</function>.
</para>
</listitem>
</varlistentry>
@ -279,8 +278,7 @@
<para>
The default user id to use when none is specified
in <function>ifx_connect</function> or
<function>ifx_pconnect</function>. Doesn't apply in
&safemode;.
<function>ifx_pconnect</function>.
</para>
</listitem>
</varlistentry>
@ -293,8 +291,7 @@
<para>
The default password to use when none is specified
in <function>ifx_connect</function> or
<function>ifx_pconnect</function>. Doesn't apply in
&safemode;.
<function>ifx_pconnect</function>.
</para>
</listitem>
</varlistentry>

View file

@ -95,7 +95,7 @@
<para>
&return.success; If the functionality of loading modules is not available
or has been disabled (either by setting
<link linkend="ini.enable-dl">enable_dl</link> off or by enabling &safemode;
<link linkend="ini.enable-dl">enable_dl</link> off
in &php.ini;) an <constant>E_ERROR</constant> is emitted
and execution is stopped. If <function>dl</function> fails because the
specified library couldn't be loaded, in addition to &false; an
@ -147,7 +147,6 @@ if (!extension_loaded('sqlite')) {
<function>dl</function> is case sensitive on Unix platforms.
</para>
</note>
&note.sm.disabled;
</refsect1>
<refsect1 role="seealso">

View file

@ -18,23 +18,6 @@
request. At the end of the request the environment is restored to its
original state.
</para>
<para>
Setting certain environment variables may be a potential security breach.
The <literal>safe_mode_allowed_env_vars</literal> directive contains a
comma-delimited list of prefixes. In Safe Mode, the user may only alter
environment variables whose names begin with the prefixes supplied by
this directive. By default, users will only be able to set environment
variables that begin with <literal>PHP_</literal> (e.g.
<literal>PHP_FOO=BAR</literal>). Note: if this directive is empty, PHP
will let the user modify ANY environment variable!
</para>
<para>
The <literal>safe_mode_protected_env_vars</literal> directive contains a
comma-delimited list of environment variables, that the end user won't be
able to change using <function>putenv</function>. These variables will
be protected even if <literal>safe_mode_allowed_env_vars</literal> is set
to allow to change them.
</para>
</refsect1>
<refsect1 role="parameters">
@ -76,18 +59,6 @@ putenv("UNIQID=$uniqid");
</para>
</refsect1>
<refsect1 role="notes">
&reftitle.notes;
<warning>
<para>
The <literal>safe_mode_allowed_env_vars</literal> and
<literal>safe_mode_protected_env_vars</literal> directives only take
effect when <link linkend="features.safe-mode">safe_mode</link> is
enabled.
</para>
</warning>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>

View file

@ -53,13 +53,6 @@
<refsect1 role="notes">
&reftitle.notes;
<warning>
<para>
This function has no effect when PHP is running in &safemode;. There is
no workaround other than turning off safe mode or changing the time limit
in the &php.ini;.
</para>
</warning>
<note>
<para>
The <function>set_time_limit</function> function and the configuration

View file

@ -202,9 +202,7 @@
The main reason for turning dynamic loading off is
security. With dynamic loading, it's possible to ignore all
<link linkend="ini.open-basedir">open_basedir</link> restrictions.
The default is to allow dynamic loading, except when using
&safemode;. In &safemode;, it's
always impossible to use <function>dl</function>.
The default is to allow dynamic loading.
</para>
</listitem>
</varlistentry>
@ -229,11 +227,6 @@
<function>set_time_limit</function> function for more
details.
</para>
<para>
You can not change this setting with <function>ini_set</function> when
running in &safemode;. The only workaround is to turn off safe mode or
by changing the time limit in the &php.ini;.
</para>
<para>
Your web server can have other timeout configurations that may
also interrupt PHP execution. Apache has a

View file

@ -203,8 +203,7 @@
<listitem>
<para>
The default server host to use when connecting to the database
server if no other host is specified. Doesn't apply in
<link linkend="ini.safe-mode">safe mode</link>.
server if no other host is specified.
</para>
</listitem>
</varlistentry>
@ -217,8 +216,7 @@
<listitem>
<para>
The default user name to use when connecting to the database
server if no other name is specified. Doesn't apply in
<link linkend="ini.safe-mode">safe mode</link>.
server if no other name is specified.
</para>
</listitem>
</varlistentry>
@ -231,8 +229,7 @@
<listitem>
<para>
The default password to use when connecting to the database
server if no other password is specified. Doesn't apply in
<link linkend="ini.safe-mode">safe mode</link>.
server if no other password is specified.
</para>
</listitem>
</varlistentry>

View file

@ -239,14 +239,6 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
which can be resolved by upgrading to Service Pack 2 or later.
</para>
</note>
<note>
<simpara>
If <link linkend="ini.safe-mode">safe mode</link> is enabled the
uid of the script is added to the <literal>realm</literal> part
of the <literal>WWW-Authenticate</literal> header if you set
this header (used for HTTP Authentication).
</simpara>
</note>
<note>
<para>
Most contemporary clients accept relative <acronym>URI</acronym>s as argument to

View file

@ -24,7 +24,6 @@
To use the large object interface, it is necessary to
enclose it within a transaction block.
</para>
&note.sm.uidcheck;
<note>
<para>
This function used to be called <function>pg_loimport</function>.

View file

@ -16,13 +16,7 @@
<warning>
<para>
Sensitive data can be retrieved with the POSIX functions, e.g.
<function>posix_getpwnam</function> and friends. None of the
POSIX function perform any kind of access
checking when <link linkend="ini.safe-mode">safe mode</link> is enabled.
It's therefore <emphasis role="strong">strongly</emphasis> advised to
disable the POSIX extension at all (use
<literal>--disable-posix</literal> in your configure line) if you're
operating in such an environment.
<function>posix_getpwnam</function> and friends.
</para>
</warning>
&note.no-windows.extension;

View file

@ -92,7 +92,6 @@ if (posix_access($file, POSIX_R_OK | POSIX_W_OK)) {
<refsect1 role="notes">
&reftitle.notes;
&note.sm.uidcheck;
</refsect1>
<refsect1 role="seealso">

View file

@ -128,7 +128,6 @@ Array
<member><function>posix_getgrnam</function></member>
<member><function>filegroup</function></member>
<member><function>stat</function></member>
<member><link linkend="ini.safe-mode-gid">safe_mode_gid</link></member>
<member>POSIX man page GETGRNAM(3)</member>
</simplelist>
</para>

View file

@ -126,7 +126,6 @@ Array
<member><function>posix_getgrgid</function></member>
<member><function>filegroup</function></member>
<member><function>stat</function></member>
<member><link linkend="ini.safe-mode-gid">safe_mode_gid</link></member>
<member>POSIX man page GETGRNAM(3)</member>
</simplelist>
</para>

View file

@ -57,7 +57,6 @@
<refsect1 role="notes">
&reftitle.notes;
&note.sm.uidcheck;
</refsect1>
</refentry>

View file

@ -128,7 +128,7 @@ if ($db = sqlite_open('mysqlitedb', 0666, $sqliteerror)) {
</note>
<note>
<simpara>
SQLite is &safemode; and open_basedir aware.
SQLite is open_basedir aware.
</simpara>
</note>
</refsect1>

View file

@ -40,7 +40,7 @@
<term><parameter>options</parameter></term>
<listitem>
<para>
Whether or not to enforce <link linkend="ini.safe-mode">safe_mode</link> (0x04).
</para>
</listitem>
</varlistentry>

View file

@ -18,7 +18,6 @@
This method is called in response to all <function>stat</function> related
functions, such as:
<simplelist>
<member><function>chmod</function> (only when <link linkend="ini.safe-mode">safe_mode</link> is enabled)</member>
<member><function>copy</function></member>
<member><function>fileperms</function></member>
<member><function>fileinode</function></member>