mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-15 08:28:54 +00:00
Remove safe_mode related information
Sorry, translators, for breaking your builds again. git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@350871 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
parent
ab003724ad
commit
dec1f8445a
51 changed files with 40 additions and 829 deletions
|
@ -1590,8 +1590,7 @@ include_path = ".:${USER}/pear/php"
|
|||
<listitem>
|
||||
<para>
|
||||
PHP's "root directory" on the server. Only used if
|
||||
non-empty. If PHP is configured with &safemode;, no files outside
|
||||
this directory are served.
|
||||
non-empty.
|
||||
If PHP was not compiled with FORCE_REDIRECT, you <emphasis>should
|
||||
</emphasis> set doc_root if you are running PHP as a CGI under any web
|
||||
server (other than IIS). The alternative is to use the
|
||||
|
|
|
@ -2045,42 +2045,6 @@
|
|||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode">safe_mode</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-allowed-env-vars">safe_mode_allowed_env_vars</link></entry>
|
||||
<entry>"PHP_"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link></entry>
|
||||
<entry>""</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-gid">safe_mode_gid</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-protected-env-vars">safe_mode_protected_env_vars</link></entry>
|
||||
<entry>"LD_LIBRARY_PATH"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.sendmail-from">sendmail_from</link></entry>
|
||||
<entry>NULL</entry>
|
||||
|
|
|
@ -579,7 +579,7 @@ try {
|
|||
</listitem>
|
||||
<listitem>
|
||||
<simpara>
|
||||
<link linkend="ini.safe-mode">safe_mode</link>
|
||||
safe_mode
|
||||
</simpara>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
|
|
@ -60,7 +60,7 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<simpara>
|
||||
<link linkend="features.safe-mode">Safe mode</link> is no
|
||||
Safe mode is no
|
||||
longer supported. Any applications that rely on safe mode may need
|
||||
adjustment, in terms of security.
|
||||
</simpara>
|
||||
|
@ -1321,12 +1321,12 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<simpara>
|
||||
<link linkend="ini.safe-mode">safe_mode</link>,
|
||||
<link linkend="ini.safe-mode-gid">safe_mode_gid</link>,
|
||||
<link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>,
|
||||
<link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>,
|
||||
<link linkend="ini.safe-mode-allowed-env-vars">safe_mode_allowed_env_vars</link>, and
|
||||
<link linkend="ini.safe-mode-protected-env-vars">safe_mode_protected_env_vars</link>
|
||||
safe_mode,
|
||||
safe_mode_gid,
|
||||
safe_mode_include_dir,
|
||||
safe_mode_exec_dir,
|
||||
safe_mode_allowed_env_vars, and
|
||||
safe_mode_protected_env_vars
|
||||
</simpara>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
|
|
@ -138,17 +138,6 @@ function http_digest_parse($txt)
|
|||
for now.
|
||||
</para>
|
||||
|
||||
<simpara>
|
||||
In order to prevent someone from writing a script which
|
||||
reveals the password for a page that was authenticated through a
|
||||
traditional external mechanism, the PHP_AUTH variables will not be
|
||||
set if external authentication is enabled for that particular
|
||||
page and &safemode; is enabled. Regardless,
|
||||
<varname>REMOTE_USER</varname> can be used
|
||||
to identify the externally-authenticated user. So, you can use
|
||||
<varname>$_SERVER['REMOTE_USER']</varname>.
|
||||
</simpara>
|
||||
|
||||
<note>
|
||||
<title>Configuration Note</title>
|
||||
<para>
|
||||
|
@ -223,13 +212,6 @@ if (!isset($_SERVER['PHP_AUTH_USER']) ||
|
|||
be set to <literal>0</literal> (the default value).
|
||||
</simpara>
|
||||
</note>
|
||||
<note>
|
||||
<para>
|
||||
If <link linkend="ini.safe-mode">safe mode</link> is enabled, the
|
||||
uid of the script is added to the <literal>realm</literal> part of
|
||||
the <literal>WWW-Authenticate</literal> header.
|
||||
</para>
|
||||
</note>
|
||||
|
||||
</chapter>
|
||||
|
||||
|
|
|
@ -1,610 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- $Revision$ -->
|
||||
<chapter xml:id="features.safe-mode" xmlns="http://docbook.org/ns/docbook">
|
||||
<title>Safe Mode</title>
|
||||
|
||||
<para>
|
||||
The PHP safe mode is an attempt to solve the shared-server security
|
||||
problem. It is architecturally incorrect to try to solve this
|
||||
problem at the PHP level, but since the alternatives at the web
|
||||
server and OS levels aren't very realistic, many people,
|
||||
especially ISP's, use safe mode for now.
|
||||
</para>
|
||||
|
||||
&warn.deprecated.feature-5-3-0.removed-5-4-0;
|
||||
|
||||
<para>
|
||||
<table>
|
||||
<title>Changelog for <literal>safe mode</literal></title>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>&Version;</entry>
|
||||
<entry>&Description;</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>5.4.0</entry>
|
||||
<entry>
|
||||
Removed from PHP, and generates a fatal <constant>E_CORE_ERROR</constant>
|
||||
level error when enabled.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>5.3.0</entry>
|
||||
<entry>
|
||||
Deprecated, and <constant>E_DEPRECATED</constant> errors were added.
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
|
||||
<sect1 xml:id="ini.sect.safe-mode">
|
||||
<title>Security and Safe Mode</title>
|
||||
<para>
|
||||
<table>
|
||||
<title>Security and Safe Mode Configuration Directives</title>
|
||||
<tgroup cols="4">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>&Name;</entry>
|
||||
<entry>&Default;</entry>
|
||||
<entry>&Changeable;</entry>
|
||||
<entry>&Changelog;</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode">safe_mode</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-gid">safe_mode_gid</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link></entry>
|
||||
<entry>""</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-allowed-env-vars">safe_mode_allowed_env_vars</link></entry>
|
||||
<entry>"PHP_"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.safe-mode-protected-env-vars">safe_mode_protected_env_vars</link></entry>
|
||||
<entry>"LD_LIBRARY_PATH"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
&ini.php.constants;
|
||||
</para>
|
||||
|
||||
&ini.descriptions.title;
|
||||
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry xml:id="ini.safe-mode">
|
||||
<term>
|
||||
<parameter>safe_mode</parameter>
|
||||
<type>boolean</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Whether to enable PHP's safe mode.
|
||||
If PHP is compiled with <literal>--enable-safe-mode</literal> then
|
||||
defaults to On, otherwise Off.
|
||||
</para>
|
||||
&warn.deprecated.feature-5-3-0.removed-5-4-0;
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry xml:id="ini.safe-mode-gid">
|
||||
<term>
|
||||
<parameter>safe_mode_gid</parameter>
|
||||
<type>boolean</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
By default, Safe Mode does a UID compare check when
|
||||
opening files. If you want to relax this to a GID compare,
|
||||
then turn on safe_mode_gid.
|
||||
Whether to use <literal>UID</literal> (&false;) or
|
||||
<literal>GID</literal> (&true;) checking upon file
|
||||
access.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry xml:id="ini.safe-mode-include-dir">
|
||||
<term>
|
||||
<parameter>safe_mode_include_dir</parameter>
|
||||
<type>string</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>UID</literal>/<literal>GID</literal> checks are bypassed when
|
||||
including files from this directory and its subdirectories (directory
|
||||
must also be in <link linkend="ini.include-path">include_path</link>
|
||||
or full path must including).
|
||||
</para>
|
||||
<simpara>
|
||||
This directive can take a colon (semi-colon on
|
||||
Windows) separated path in a fashion similar to the
|
||||
<link linkend="ini.include-path">include_path</link> directive,
|
||||
rather than just a single directory.
|
||||
</simpara>
|
||||
<simpara>
|
||||
The restriction specified is actually a prefix, not a directory name.
|
||||
This means that "<literal>safe_mode_include_dir = /dir/incl</literal>" also allows
|
||||
access to "<literal>/dir/include</literal>" and
|
||||
"<literal>/dir/incls</literal>" if they exist. When you
|
||||
want to restrict access to only the specified directory, end with a
|
||||
slash. For example: "<literal>safe_mode_include_dir = /dir/incl/</literal>"
|
||||
</simpara>
|
||||
<simpara>
|
||||
If the value of this directive is empty, no files with different
|
||||
<literal>UID</literal>/<literal>GID</literal> can be included.
|
||||
</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry xml:id="ini.safe-mode-exec-dir">
|
||||
<term>
|
||||
<parameter>safe_mode_exec_dir</parameter>
|
||||
<type>string</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
If PHP is used in safe mode, <function>system</function> and the other
|
||||
<link linkend="ref.exec">functions executing system programs</link>
|
||||
refuse to start programs that are not in this directory.
|
||||
You have to use <literal>/</literal> as directory separator on all
|
||||
environments including Windows.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry xml:id="ini.safe-mode-allowed-env-vars">
|
||||
<term>
|
||||
<parameter>safe_mode_allowed_env_vars</parameter>
|
||||
<type>string</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Setting certain environment variables may be a potential security breach.
|
||||
This directive contains a comma-delimited list of prefixes. In Safe Mode,
|
||||
the user may only alter environment variables whose names begin with the
|
||||
prefixes supplied here. By default, users will only be able to set
|
||||
environment variables that begin with <literal>PHP_</literal>
|
||||
(e.g. <literal>PHP_FOO=BAR</literal>).
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
If this directive is empty, PHP will let the user modify ANY
|
||||
environment variable!
|
||||
</para>
|
||||
</note>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry xml:id="ini.safe-mode-protected-env-vars">
|
||||
<term>
|
||||
<parameter>safe_mode_protected_env_vars</parameter>
|
||||
<type>string</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This directive contains a comma-delimited list of environment
|
||||
variables that the end user won't be able to change using
|
||||
<function>putenv</function>. These variables will be protected
|
||||
even if safe_mode_allowed_env_vars is set to allow to change them.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
<para>
|
||||
See also: <link linkend="ini.open-basedir">open_basedir</link>,
|
||||
<link linkend="ini.disable-functions">disable_functions</link>,
|
||||
<link linkend="ini.disable-classes">disable_classes</link>,
|
||||
<link linkend="ini.register-globals">register_globals</link>,
|
||||
<link linkend="ini.display-errors">display_errors</link>, and
|
||||
<link linkend="ini.log-errors">log_errors</link>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When <link linkend="ini.safe-mode">safe_mode</link> is on, PHP checks to see
|
||||
if the owner of the current script matches the owner of the file to be
|
||||
operated on by a file function or its directory. For example:
|
||||
<programlisting role="ls">
|
||||
<![CDATA[
|
||||
-rw-rw-r-- 1 rasmus rasmus 33 Jul 1 19:20 script.php
|
||||
-rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd
|
||||
]]>
|
||||
</programlisting>
|
||||
Running <filename>script.php</filename>:
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
readfile('/etc/passwd');
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
results in this error when safe mode is enabled:
|
||||
<screen>
|
||||
<![CDATA[
|
||||
Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not
|
||||
allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
|
||||
]]>
|
||||
</screen>
|
||||
</para>
|
||||
<para>
|
||||
However, there may be environments where a strict <literal>UID</literal>
|
||||
check is not appropriate and a relaxed <literal>GID</literal> check is
|
||||
sufficient. This is supported by means of the <link
|
||||
linkend="ini.safe-mode-gid">safe_mode_gid</link> switch. Setting it to
|
||||
<literal>On</literal> performs the relaxed <literal>GID</literal> checking,
|
||||
setting it to <literal>Off</literal> (the default) performs
|
||||
<literal>UID</literal> checking.
|
||||
</para>
|
||||
<para>
|
||||
If instead of <link linkend="ini.safe-mode">safe_mode</link>, you set an
|
||||
<link linkend="ini.open-basedir">open_basedir</link> directory then all
|
||||
file operations will be limited to files under the specified directory.
|
||||
For example (Apache &httpd.conf; example):
|
||||
<programlisting role="ini">
|
||||
<![CDATA[
|
||||
<Directory /docroot>
|
||||
php_admin_value open_basedir /docroot
|
||||
</Directory>
|
||||
]]>
|
||||
</programlisting>
|
||||
If you run the same <filename>script.php</filename> with this
|
||||
<link linkend="ini.open-basedir">open_basedir</link> setting
|
||||
then this is the result:
|
||||
<screen>
|
||||
<![CDATA[
|
||||
Warning: open_basedir restriction in effect. File is in wrong directory in
|
||||
/docroot/script.php on line 2
|
||||
]]>
|
||||
</screen>
|
||||
</para>
|
||||
<para>
|
||||
You can also disable individual functions. Note that the
|
||||
<link linkend="ini.disable-functions">disable_functions</link>
|
||||
directive can not be used outside of the &php.ini; file which means that
|
||||
you cannot disable functions on a per-virtualhost or per-directory basis
|
||||
in your &httpd.conf; file.
|
||||
If we add this to our &php.ini; file:
|
||||
<programlisting role="ini">
|
||||
<![CDATA[
|
||||
disable_functions = readfile,system
|
||||
]]>
|
||||
</programlisting>
|
||||
Then we get this output:
|
||||
<screen>
|
||||
<![CDATA[
|
||||
Warning: readfile() has been disabled for security reasons in
|
||||
/docroot/script.php on line 2
|
||||
]]>
|
||||
</screen>
|
||||
</para>
|
||||
<warning>
|
||||
<para>
|
||||
These PHP restrictions are not valid in executed binaries, of course.
|
||||
</para>
|
||||
</warning>
|
||||
</sect1>
|
||||
|
||||
<sect1 xml:id="features.safe-mode.functions">
|
||||
<title>Functions restricted/disabled by safe mode</title>
|
||||
<para>
|
||||
This is a still probably incomplete and possibly incorrect listing
|
||||
of the functions limited by
|
||||
<link linkend="features.safe-mode">safe mode</link>.
|
||||
<!-- TODO: add ¬e.sm.*; to the functions mentioned here.
|
||||
That entity should link to this section -->
|
||||
<table>
|
||||
<title>Safe mode limited functions</title>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>Function</entry>
|
||||
<entry>Limitations</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><function>dbmopen</function></entry>
|
||||
<entry>&sm.uidcheck;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>dbase_open</function></entry>
|
||||
<entry>&sm.uidcheck;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>filepro</function></entry>
|
||||
<entry>&sm.uidcheck;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>filepro_rowcount</function></entry>
|
||||
<entry>&sm.uidcheck;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>filepro_retrieve</function></entry>
|
||||
<entry>&sm.uidcheck;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>ifx_*</entry>
|
||||
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
|
||||
<!-- TODO: more info on sql-safe-mode -->
|
||||
</row>
|
||||
<row>
|
||||
<entry>ingres_*</entry>
|
||||
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
|
||||
<!-- TODO: more info on sql-safe-mode -->
|
||||
</row>
|
||||
<row>
|
||||
<entry>mysql_*</entry>
|
||||
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
|
||||
<!-- TODO: more info on sql-safe-mode -->
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>pg_lo_import</function></entry>
|
||||
<entry>&sm.uidcheck;</entry>
|
||||
<!-- source TODO: there is no PHP-warning for that safe-mode-restriction -->
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>posix_mkfifo</function></entry>
|
||||
<entry>&sm.uidcheck.dir;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>putenv</function></entry>
|
||||
<entry>Obeys the safe_mode_protected_env_vars and
|
||||
safe_mode_allowed_env_vars ini-directives. See also the documentation
|
||||
on <function>putenv</function></entry>
|
||||
<!-- TODO: document those directives in chapters/config.xml -->
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>move_uploaded_file</function></entry>
|
||||
<entry>&sm.uidcheck; <!-- TODO: check this --></entry>
|
||||
</row>
|
||||
|
||||
<!-- TODO: from here on, add warning to the function itself -->
|
||||
|
||||
<row>
|
||||
<entry><function>chdir</function></entry>
|
||||
<entry>&sm.uidcheck.dir;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>dl</function></entry>
|
||||
<entry>&sm.disabled;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="language.operators.execution">backtick operator</link></entry>
|
||||
<entry>&sm.disabled;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>shell_exec</function> (functional equivalent
|
||||
of backticks)</entry>
|
||||
<entry>&sm.disabled;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>exec</function></entry>
|
||||
<entry>You can only execute executables within the <link
|
||||
linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
|
||||
For practical reasons it's currently not allowed to have
|
||||
<literal>..</literal> components in the path to the executable.
|
||||
<function>escapeshellcmd</function> is executed on the argument of this
|
||||
function.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>system</function></entry>
|
||||
<entry>You can only execute executables within the <link
|
||||
linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
|
||||
For practical reasons it's currently not allowed to have
|
||||
<literal>..</literal> components in the path to the executable.
|
||||
<function>escapeshellcmd</function> is executed on the argument of this
|
||||
function.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>passthru</function></entry>
|
||||
<entry>You can only execute executables within the <link
|
||||
linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
|
||||
For practical reasons it's currently not allowed to have
|
||||
<literal>..</literal> components in the path to the executable.
|
||||
<function>escapeshellcmd</function> is executed on the argument of this
|
||||
function.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>popen</function></entry>
|
||||
<entry>You can only execute executables within the <link
|
||||
linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
|
||||
For practical reasons it's currently not allowed to have
|
||||
<literal>..</literal> components in the path to the executable.
|
||||
<function>escapeshellcmd</function> is executed on the argument of this
|
||||
function.</entry>
|
||||
<!-- TODO: not sure. popen uses a completely different implementation
|
||||
Don't know why, don't know whether it's behaving the same -->
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>fopen</function></entry>
|
||||
<entry>&sm.uidcheck.dir;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>mkdir</function></entry>
|
||||
<entry>&sm.uidcheck.dir;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>rmdir</function></entry>
|
||||
<entry>&sm.uidcheck.dir;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>rename</function></entry>
|
||||
<entry>&sm.uidcheck; &sm.uidcheck.dir;<!-- on the old name only, it seems. Is rename preventing moving files? --></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>unlink</function></entry>
|
||||
<entry>&sm.uidcheck; &sm.uidcheck.dir;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>copy</function></entry>
|
||||
<entry>&sm.uidcheck; &sm.uidcheck.dir; (on
|
||||
<parameter>source</parameter> and
|
||||
<parameter>target</parameter>)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>chgrp</function></entry>
|
||||
<entry>&sm.uidcheck;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>chown</function></entry>
|
||||
<entry>&sm.uidcheck;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>chmod</function></entry>
|
||||
<entry>&sm.uidcheck; In addition, you cannot
|
||||
set the SUID, SGID and sticky bits</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>touch</function></entry>
|
||||
<entry>&sm.uidcheck; &sm.uidcheck.dir;</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>symlink</function></entry>
|
||||
<entry>&sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
|
||||
checked)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>link</function></entry>
|
||||
<entry>&sm.uidcheck; &sm.uidcheck.dir; (note: only the target is
|
||||
checked)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>apache_request_headers</function></entry>
|
||||
<entry>In safe mode, headers beginning with <literal>authorization</literal>
|
||||
(case-insensitive) will not be returned.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>header</function></entry>
|
||||
<entry>In safe mode, the uid of the script is added to the
|
||||
<literal>realm</literal> part of the
|
||||
<literal>WWW-Authenticate</literal> header if you set this
|
||||
header (used for HTTP Authentication).</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="features.http-auth">PHP_AUTH variables</link></entry>
|
||||
<entry>
|
||||
In safe mode, the variables <varname>PHP_AUTH_USER</varname>,
|
||||
<varname>PHP_AUTH_PW</varname>, and <varname>AUTH_TYPE</varname>
|
||||
are not available in <varname>$_SERVER</varname>. Regardless, you
|
||||
can still use <varname>REMOTE_USER</varname> for the USER.
|
||||
(note: only affected since PHP 4.3.0)
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<function>highlight_file</function>,
|
||||
<function>show_source</function>
|
||||
</entry>
|
||||
<entry>
|
||||
&sm.uidcheck; &sm.uidcheck.dir;
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<function>parse_ini_file</function>
|
||||
</entry>
|
||||
<entry>
|
||||
&sm.uidcheck; &sm.uidcheck.dir;
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<function>set_time_limit</function>
|
||||
</entry>
|
||||
<entry>
|
||||
Has no effect when PHP is running in &safemode;.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<link linkend="ini.max-execution-time">max_execution_time</link>
|
||||
</entry>
|
||||
<entry>
|
||||
Has no effect when PHP is running in &safemode;.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<function>mail</function>
|
||||
</entry>
|
||||
<entry>
|
||||
In safe mode, the fifth parameter is disabled.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<function>session_start</function>
|
||||
</entry>
|
||||
<entry>
|
||||
The owner of a script must be the same as owner of a <link
|
||||
linkend="ini.session.save-path">session.save_path</link> directory if
|
||||
the default <literal>files</literal> <link
|
||||
linkend="ini.session.save-handler">session.save_handler</link> is
|
||||
used.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
All filesystem and stream functions.
|
||||
</entry>
|
||||
<entry>
|
||||
&sm.uidcheck; &sm.uidcheck.dir; (see the <link
|
||||
linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>
|
||||
&php.ini; option.
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
||||
|
||||
<!-- Keep this comment at the end of the file
|
||||
Local variables:
|
||||
mode: sgml
|
||||
sgml-omittag:t
|
||||
sgml-shorttag:t
|
||||
sgml-minimize-attributes:nil
|
||||
sgml-always-quote-attributes:t
|
||||
sgml-indent-step:1
|
||||
sgml-indent-data:t
|
||||
indent-tabs-mode:nil
|
||||
sgml-parent-document:nil
|
||||
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
|
||||
sgml-exposed-tags:nil
|
||||
sgml-local-catalogs:nil
|
||||
sgml-local-ecat-files:nil
|
||||
End:
|
||||
vim600: syn=xml fen fdm=syntax fdl=2 si
|
||||
vim: et tw=78 syn=sgml
|
||||
vi: ts=1 sw=1
|
||||
-->
|
|
@ -31,7 +31,7 @@
|
|||
If you want to get help on the mailing list, please try to be
|
||||
precise and give the necessary details about your environment
|
||||
(which operating system, what PHP version, what web server, if
|
||||
you are running PHP as CGI or a server module, &safemode;, etc.), and
|
||||
you are running PHP as CGI or a server module, etc.), and
|
||||
preferably enough code to make others able to reproduce and test
|
||||
your problem.
|
||||
</simpara>
|
||||
|
|
|
@ -1269,13 +1269,17 @@ is printed or viewed but it will show up if the document is converted to
|
|||
pdf by either Acrobat Distiller™ or Ghostview.</para>'>
|
||||
|
||||
<!-- Notes for safe-mode limited functions: -->
|
||||
|
||||
<!-- Not used in EN anymore -->
|
||||
<!ENTITY note.sm.disabled '<note xmlns="http://docbook.org/ns/docbook"><simpara>&sm.disabled;</simpara></note>'>
|
||||
|
||||
<!-- Not used in EN anymore -->
|
||||
<!ENTITY note.sm.uidcheck '<note xmlns="http://docbook.org/ns/docbook"><simpara>When <link
|
||||
linkend="features.safe-mode">safe mode</link> is enabled, PHP checks whether
|
||||
the files or directories being operated upon have the same UID (owner) as the
|
||||
script that is being executed.</simpara></note>'>
|
||||
|
||||
<!-- Not used in EN anymore -->
|
||||
<!ENTITY note.sm.uidcheck.dir '<note xmlns="http://docbook.org/ns/docbook"><simpara>When <link
|
||||
linkend="features.safe-mode">safe mode</link> is enabled, PHP checks whether
|
||||
the directory in which the script is operating has the same UID (owner) as the
|
||||
|
@ -1293,23 +1297,29 @@ language construct and not a function, it cannot be called using
|
|||
<!-- Common pieces in features/safe-mode.xml
|
||||
Jade doesn't allow in-line entities, so I put them here... Though they
|
||||
should have been inline in safe-mode.xml -->
|
||||
|
||||
<!-- Not used in EN anymore -->
|
||||
<!ENTITY sm.uidcheck 'Checks whether the files or directories being operated
|
||||
upon have the same UID (owner) as the script that is being executed.'>
|
||||
|
||||
<!-- Not used in EN anymore -->
|
||||
<!ENTITY warn.sm.exec '<warning xmlns="http://docbook.org/ns/docbook"><simpara>With <link linkend="features.safe-mode">safe mode</link> enabled,
|
||||
the command string is escaped with <function>escapeshellcmd</function>. Thus,
|
||||
<literal>echo y | echo x</literal> becomes <literal>echo y \| echo x</literal>.</simpara></warning>'>
|
||||
|
||||
<!-- Not used in EN anymore -->
|
||||
<!ENTITY note.exec-path '<note xmlns="http://docbook.org/ns/docbook"><simpara>When
|
||||
<link linkend="features.safe-mode">safe mode</link> is enabled, you can only
|
||||
execute files within the <link linkend="ini.safe-mode-exec-dir">safe_mode_exec_dir</link>.
|
||||
For practical reasons, it is currently not allowed to have <literal>..</literal>
|
||||
components in the path to the executable.</simpara></note>'>
|
||||
|
||||
<!-- Not used in EN anymore -->
|
||||
<!ENTITY sm.uidcheck.dir 'Checks whether the directory in which
|
||||
the script is operating has the same UID (owner) as the script that is being
|
||||
executed.'>
|
||||
|
||||
<!-- Not used in EN anymore -->
|
||||
<!ENTITY sm.disabled 'This function is disabled when PHP is running in <link xmlns="http://docbook.org/ns/docbook"
|
||||
linkend="features.safe-mode">safe mode</link>.'>
|
||||
|
||||
|
|
|
@ -1914,8 +1914,8 @@ echo "<pre>$output</pre>";
|
|||
</para>
|
||||
<note>
|
||||
<para>
|
||||
The backtick operator is disabled when &safemode; is enabled
|
||||
or <function>shell_exec</function> is disabled.
|
||||
The backtick operator is disabled when
|
||||
<function>shell_exec</function> is disabled.
|
||||
</para>
|
||||
</note>
|
||||
<note>
|
||||
|
|
|
@ -31,11 +31,6 @@
|
|||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.sm.disabled;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
&reftitle.seealso;
|
||||
<para>
|
||||
|
|
|
@ -382,7 +382,7 @@
|
|||
<listitem>
|
||||
<simpara>
|
||||
This constant is not available when <link linkend="ini.open-basedir">open_basedir</link>
|
||||
or <link linkend="ini.safe-mode">safe_mode</link> are enabled.
|
||||
is enabled.
|
||||
</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -19,7 +19,6 @@
|
|||
If the file already exists, it is not truncated.
|
||||
<function>dbase_pack</function> can be called to force truncation.
|
||||
</para>
|
||||
¬e.sm.uidcheck;
|
||||
¬e.open-basedir.func;
|
||||
</refsect1>
|
||||
<refsect1 role="parameters">
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
<function>dbase_open</function> opens a dBase database with the given
|
||||
access mode.
|
||||
</para>
|
||||
¬e.sm.uidcheck;
|
||||
¬e.open-basedir.func;
|
||||
</refsect1>
|
||||
<refsect1 role="parameters">
|
||||
|
|
|
@ -82,7 +82,6 @@ echo getcwd() . "\n";
|
|||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.sm.uidcheck.dir;
|
||||
<caution>
|
||||
<para>
|
||||
If the PHP interpreter has been built with ZTS (Zend Thread Safety) enabled,
|
||||
|
|
|
@ -99,8 +99,6 @@ echo exec('whoami');
|
|||
&warn.escapeshell;
|
||||
¬e.exec-bg;
|
||||
¬e.exec-bypass-shell;
|
||||
¬e.exec-path;
|
||||
&warn.sm.exec;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
|
|
|
@ -65,8 +65,6 @@
|
|||
&reftitle.notes;
|
||||
&warn.escapeshell;
|
||||
¬e.exec-bg;
|
||||
¬e.exec-path;
|
||||
&warn.sm.exec;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
|
|
|
@ -75,15 +75,6 @@ echo "<pre>$output</pre>";
|
|||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
<note>
|
||||
<para>
|
||||
&sm.disabled;
|
||||
</para>
|
||||
</note>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
&reftitle.seealso;
|
||||
<para>
|
||||
|
|
|
@ -96,8 +96,6 @@ echo '
|
|||
&reftitle.notes;
|
||||
&warn.escapeshell;
|
||||
¬e.exec-bg;
|
||||
¬e.exec-path;
|
||||
&warn.sm.exec;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
|
|
|
@ -21,9 +21,6 @@
|
|||
<para>
|
||||
These functions are also closely related to the
|
||||
<link linkend="language.operators.execution">backtick operator</link>.
|
||||
Also, while in &safemode; you
|
||||
must consider the <link linkend="ini.safe-mode-exec-dir">
|
||||
safe_mode_exec_dir</link> directive.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
|
|
|
@ -15,7 +15,6 @@
|
|||
<para>
|
||||
Returns the data from the specified location in the database.
|
||||
</para>
|
||||
¬e.sm.uidcheck;
|
||||
</refsect1>
|
||||
<refsect1 role="parameters">
|
||||
&reftitle.parameters;
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
<para>
|
||||
Returns the number of rows in the opened filePro database.
|
||||
</para>
|
||||
¬e.sm.uidcheck;
|
||||
</refsect1>
|
||||
<refsect1 role="returnvalues">
|
||||
&reftitle.returnvalues;
|
||||
|
|
|
@ -19,7 +19,6 @@
|
|||
No locking is done, so you should avoid modifying your filePro
|
||||
database while it may be opened in PHP.
|
||||
</para>
|
||||
¬e.sm.uidcheck;
|
||||
</refsect1>
|
||||
<refsect1 role="parameters">
|
||||
&reftitle.parameters;
|
||||
|
|
|
@ -78,7 +78,6 @@ printf($format, $filename, date('r'), filegroup($filename));
|
|||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.no-remote;
|
||||
¬e.sm.uidcheck;
|
||||
<note>
|
||||
<simpara>
|
||||
On Windows, this function fails silently when applied on a regular file.
|
||||
|
|
|
@ -109,14 +109,6 @@ chmod("/somedir/somefile", 0750);
|
|||
</para>
|
||||
</note>
|
||||
¬e.no-remote;
|
||||
<note>
|
||||
<para>
|
||||
When &safemode; is enabled, PHP checks whether the files or directories
|
||||
you are about to operate on have the same UID (owner) as the script that
|
||||
is being executed. In addition, you cannot set the SUID, SGID and sticky
|
||||
bits.
|
||||
</para>
|
||||
</note>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
|
|
|
@ -97,7 +97,6 @@ Array
|
|||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.no-remote;
|
||||
¬e.sm.uidcheck;
|
||||
<note>
|
||||
<simpara>
|
||||
On Windows, this function fails silently when applied on a regular file.
|
||||
|
|
|
@ -50,15 +50,6 @@
|
|||
files.
|
||||
</para>
|
||||
</note>
|
||||
<warning>
|
||||
<para>
|
||||
This function returns &false; for files inaccessible due to <link
|
||||
linkend="features.safe-mode">safe mode</link> restrictions. However these
|
||||
files still can be <link linkend="function.include">included</link> if
|
||||
they are located in <link
|
||||
linkend="ini.safe-mode-include-dir">safe_mode_include_dir</link>.
|
||||
</para>
|
||||
</warning>
|
||||
<note>
|
||||
<para>
|
||||
The check is done using the real UID/GID instead of the effective one.
|
||||
|
|
|
@ -80,7 +80,6 @@ print_r(posix_getgrgid(filegroup($filename)));
|
|||
<simplelist>
|
||||
<member><function>fileowner</function></member>
|
||||
<member><function>posix_getgrgid</function></member>
|
||||
<member><link linkend="ini.safe-mode-gid">safe_mode_gid</link></member>
|
||||
</simplelist>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
|
|
@ -41,8 +41,8 @@
|
|||
a local file, then it will try to open a stream on that file.
|
||||
The file must be accessible to PHP, so you need to ensure that
|
||||
the file access permissions allow this access.
|
||||
If you have enabled &safemode;
|
||||
or <link linkend="ini.open-basedir">open_basedir</link> further
|
||||
If you have enabled
|
||||
<link linkend="ini.open-basedir">open_basedir</link> further
|
||||
restrictions may apply.
|
||||
</para>
|
||||
<para>
|
||||
|
@ -325,7 +325,6 @@ $handle = fopen("ftp://user:password@example.com/somefile.txt", "w");
|
|||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
&warn.ssl-non-standard;
|
||||
¬e.sm.uidcheck.dir;
|
||||
<note>
|
||||
<para>
|
||||
If you are experiencing problems with reading and writing to files and
|
||||
|
|
|
@ -28,8 +28,8 @@
|
|||
Path to the file. If <parameter>filename</parameter> is a relative
|
||||
filename, it will be checked relative to the current working
|
||||
directory. If <parameter>filename</parameter> is a symbolic or hard link
|
||||
then the link will be resolved and checked. If you have enabled &safemode;,
|
||||
or <link linkend="ini.open-basedir">open_basedir</link> further
|
||||
then the link will be resolved and checked. If you have enabled
|
||||
<link linkend="ini.open-basedir">open_basedir</link> further
|
||||
restrictions may apply.
|
||||
</para>
|
||||
</listitem>
|
||||
|
|
|
@ -78,7 +78,6 @@ lchgrp($link, 8);
|
|||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.no-remote;
|
||||
¬e.sm.uidcheck;
|
||||
¬e.no-windows;
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -76,7 +76,6 @@ lchown($link, 8);
|
|||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.no-remote;
|
||||
¬e.sm.uidcheck;
|
||||
¬e.no-windows;
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -129,11 +129,6 @@ if (!mkdir($structure, 0777, true)) {
|
|||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.sm.uidcheck.dir;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
&reftitle.seealso;
|
||||
<para>
|
||||
|
|
|
@ -100,8 +100,8 @@ foreach ($_FILES["pictures"]["error"] as $key => $error) {
|
|||
&reftitle.notes;
|
||||
<note>
|
||||
<para>
|
||||
<function>move_uploaded_file</function> is both &safemode;
|
||||
and <link linkend="ini.open-basedir">open_basedir</link>
|
||||
<function>move_uploaded_file</function> is
|
||||
<link linkend="ini.open-basedir">open_basedir</link>
|
||||
aware. However, restrictions are placed only on the
|
||||
<parameter>destination</parameter> path as to allow the moving
|
||||
of uploaded files in which <parameter>filename</parameter> may conflict
|
||||
|
|
|
@ -107,8 +107,6 @@ pclose($handle);
|
|||
<function>proc_open</function>.
|
||||
</para>
|
||||
</note>
|
||||
¬e.exec-path;
|
||||
&warn.sm.exec;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
|
|
|
@ -69,11 +69,6 @@ rmdir('examples');
|
|||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.sm.uidcheck.dir;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
&reftitle.seealso;
|
||||
<para>
|
||||
|
|
|
@ -265,8 +265,7 @@
|
|||
<para>
|
||||
The default host to connect to when no host is specified
|
||||
in <function>ifx_connect</function> or
|
||||
<function>ifx_pconnect</function>. Doesn't apply in
|
||||
&safemode;.
|
||||
<function>ifx_pconnect</function>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -279,8 +278,7 @@
|
|||
<para>
|
||||
The default user id to use when none is specified
|
||||
in <function>ifx_connect</function> or
|
||||
<function>ifx_pconnect</function>. Doesn't apply in
|
||||
&safemode;.
|
||||
<function>ifx_pconnect</function>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -293,8 +291,7 @@
|
|||
<para>
|
||||
The default password to use when none is specified
|
||||
in <function>ifx_connect</function> or
|
||||
<function>ifx_pconnect</function>. Doesn't apply in
|
||||
&safemode;.
|
||||
<function>ifx_pconnect</function>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -95,7 +95,7 @@
|
|||
<para>
|
||||
&return.success; If the functionality of loading modules is not available
|
||||
or has been disabled (either by setting
|
||||
<link linkend="ini.enable-dl">enable_dl</link> off or by enabling &safemode;
|
||||
<link linkend="ini.enable-dl">enable_dl</link> off
|
||||
in &php.ini;) an <constant>E_ERROR</constant> is emitted
|
||||
and execution is stopped. If <function>dl</function> fails because the
|
||||
specified library couldn't be loaded, in addition to &false; an
|
||||
|
@ -147,7 +147,6 @@ if (!extension_loaded('sqlite')) {
|
|||
<function>dl</function> is case sensitive on Unix platforms.
|
||||
</para>
|
||||
</note>
|
||||
¬e.sm.disabled;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
|
|
|
@ -18,23 +18,6 @@
|
|||
request. At the end of the request the environment is restored to its
|
||||
original state.
|
||||
</para>
|
||||
<para>
|
||||
Setting certain environment variables may be a potential security breach.
|
||||
The <literal>safe_mode_allowed_env_vars</literal> directive contains a
|
||||
comma-delimited list of prefixes. In Safe Mode, the user may only alter
|
||||
environment variables whose names begin with the prefixes supplied by
|
||||
this directive. By default, users will only be able to set environment
|
||||
variables that begin with <literal>PHP_</literal> (e.g.
|
||||
<literal>PHP_FOO=BAR</literal>). Note: if this directive is empty, PHP
|
||||
will let the user modify ANY environment variable!
|
||||
</para>
|
||||
<para>
|
||||
The <literal>safe_mode_protected_env_vars</literal> directive contains a
|
||||
comma-delimited list of environment variables, that the end user won't be
|
||||
able to change using <function>putenv</function>. These variables will
|
||||
be protected even if <literal>safe_mode_allowed_env_vars</literal> is set
|
||||
to allow to change them.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="parameters">
|
||||
|
@ -76,18 +59,6 @@ putenv("UNIQID=$uniqid");
|
|||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
<warning>
|
||||
<para>
|
||||
The <literal>safe_mode_allowed_env_vars</literal> and
|
||||
<literal>safe_mode_protected_env_vars</literal> directives only take
|
||||
effect when <link linkend="features.safe-mode">safe_mode</link> is
|
||||
enabled.
|
||||
</para>
|
||||
</warning>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
&reftitle.seealso;
|
||||
<para>
|
||||
|
|
|
@ -53,13 +53,6 @@
|
|||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
<warning>
|
||||
<para>
|
||||
This function has no effect when PHP is running in &safemode;. There is
|
||||
no workaround other than turning off safe mode or changing the time limit
|
||||
in the &php.ini;.
|
||||
</para>
|
||||
</warning>
|
||||
<note>
|
||||
<para>
|
||||
The <function>set_time_limit</function> function and the configuration
|
||||
|
|
|
@ -202,9 +202,7 @@
|
|||
The main reason for turning dynamic loading off is
|
||||
security. With dynamic loading, it's possible to ignore all
|
||||
<link linkend="ini.open-basedir">open_basedir</link> restrictions.
|
||||
The default is to allow dynamic loading, except when using
|
||||
&safemode;. In &safemode;, it's
|
||||
always impossible to use <function>dl</function>.
|
||||
The default is to allow dynamic loading.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -229,11 +227,6 @@
|
|||
<function>set_time_limit</function> function for more
|
||||
details.
|
||||
</para>
|
||||
<para>
|
||||
You can not change this setting with <function>ini_set</function> when
|
||||
running in &safemode;. The only workaround is to turn off safe mode or
|
||||
by changing the time limit in the &php.ini;.
|
||||
</para>
|
||||
<para>
|
||||
Your web server can have other timeout configurations that may
|
||||
also interrupt PHP execution. Apache has a
|
||||
|
|
|
@ -203,8 +203,7 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The default server host to use when connecting to the database
|
||||
server if no other host is specified. Doesn't apply in
|
||||
<link linkend="ini.safe-mode">safe mode</link>.
|
||||
server if no other host is specified.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -217,8 +216,7 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The default user name to use when connecting to the database
|
||||
server if no other name is specified. Doesn't apply in
|
||||
<link linkend="ini.safe-mode">safe mode</link>.
|
||||
server if no other name is specified.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -231,8 +229,7 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The default password to use when connecting to the database
|
||||
server if no other password is specified. Doesn't apply in
|
||||
<link linkend="ini.safe-mode">safe mode</link>.
|
||||
server if no other password is specified.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -239,14 +239,6 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
|
|||
which can be resolved by upgrading to Service Pack 2 or later.
|
||||
</para>
|
||||
</note>
|
||||
<note>
|
||||
<simpara>
|
||||
If <link linkend="ini.safe-mode">safe mode</link> is enabled the
|
||||
uid of the script is added to the <literal>realm</literal> part
|
||||
of the <literal>WWW-Authenticate</literal> header if you set
|
||||
this header (used for HTTP Authentication).
|
||||
</simpara>
|
||||
</note>
|
||||
<note>
|
||||
<para>
|
||||
Most contemporary clients accept relative <acronym>URI</acronym>s as argument to
|
||||
|
|
|
@ -24,7 +24,6 @@
|
|||
To use the large object interface, it is necessary to
|
||||
enclose it within a transaction block.
|
||||
</para>
|
||||
¬e.sm.uidcheck;
|
||||
<note>
|
||||
<para>
|
||||
This function used to be called <function>pg_loimport</function>.
|
||||
|
|
|
@ -16,13 +16,7 @@
|
|||
<warning>
|
||||
<para>
|
||||
Sensitive data can be retrieved with the POSIX functions, e.g.
|
||||
<function>posix_getpwnam</function> and friends. None of the
|
||||
POSIX function perform any kind of access
|
||||
checking when <link linkend="ini.safe-mode">safe mode</link> is enabled.
|
||||
It's therefore <emphasis role="strong">strongly</emphasis> advised to
|
||||
disable the POSIX extension at all (use
|
||||
<literal>--disable-posix</literal> in your configure line) if you're
|
||||
operating in such an environment.
|
||||
<function>posix_getpwnam</function> and friends.
|
||||
</para>
|
||||
</warning>
|
||||
¬e.no-windows.extension;
|
||||
|
|
|
@ -92,7 +92,6 @@ if (posix_access($file, POSIX_R_OK | POSIX_W_OK)) {
|
|||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.sm.uidcheck;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
|
|
|
@ -128,7 +128,6 @@ Array
|
|||
<member><function>posix_getgrnam</function></member>
|
||||
<member><function>filegroup</function></member>
|
||||
<member><function>stat</function></member>
|
||||
<member><link linkend="ini.safe-mode-gid">safe_mode_gid</link></member>
|
||||
<member>POSIX man page GETGRNAM(3)</member>
|
||||
</simplelist>
|
||||
</para>
|
||||
|
|
|
@ -126,7 +126,6 @@ Array
|
|||
<member><function>posix_getgrgid</function></member>
|
||||
<member><function>filegroup</function></member>
|
||||
<member><function>stat</function></member>
|
||||
<member><link linkend="ini.safe-mode-gid">safe_mode_gid</link></member>
|
||||
<member>POSIX man page GETGRNAM(3)</member>
|
||||
</simplelist>
|
||||
</para>
|
||||
|
|
|
@ -57,7 +57,6 @@
|
|||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
¬e.sm.uidcheck;
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
||||
|
|
|
@ -128,7 +128,7 @@ if ($db = sqlite_open('mysqlitedb', 0666, $sqliteerror)) {
|
|||
</note>
|
||||
<note>
|
||||
<simpara>
|
||||
SQLite is &safemode; and open_basedir aware.
|
||||
SQLite is open_basedir aware.
|
||||
</simpara>
|
||||
</note>
|
||||
</refsect1>
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
<term><parameter>options</parameter></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Whether or not to enforce <link linkend="ini.safe-mode">safe_mode</link> (0x04).
|
||||
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -18,7 +18,6 @@
|
|||
This method is called in response to all <function>stat</function> related
|
||||
functions, such as:
|
||||
<simplelist>
|
||||
<member><function>chmod</function> (only when <link linkend="ini.safe-mode">safe_mode</link> is enabled)</member>
|
||||
<member><function>copy</function></member>
|
||||
<member><function>fileperms</function></member>
|
||||
<member><function>fileinode</function></member>
|
||||
|
|
Loading…
Reference in a new issue