Extend open_basedir functionality to allow runtime tightening

NEWS

@@ -10,6 +10,7 @@ PHP                                                                        NEWS
   functions to not call __autoload(). (Dmitry)
 - Changed opendir/dir/scandir to use default context
   when no context argument is passed. (Sara)
+- Changed open_basedir to allow tightening in runtime contexts. (Sara)
 
 - Removed old legacy:
   . "register_globals" support. (Pierre)

main/fopen_wrappers.c

@@ -82,6 +82,64 @@
 #endif
 /* }}} */
 
+/* {{{ OnUpdateBaseDir
+Allows any change to open_basedir setting in during Startup and Shutdown events,
+or a tightening during activation/runtime/deactivation */
+PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
+{
+	char **p, *pathbuf, *ptr, *end;
+#ifndef ZTS
+	char *base = (char *) mh_arg2;
+#else
+	char *base = (char *) ts_resource(*((int *) mh_arg2));
+#endif
+
+	p = (char **) (base+(size_t) mh_arg1);
+
+	if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN) {
+		/* We're in a PHP_INI_SYSTEM context, no restrictions */
+		*p = new_value;
+		return SUCCESS;
+	}
+
+
+	/* Elsewise, we're in runtime */
+	if (!*p || !**p) {
+		/* open_basedir not set yet, go ahead and give it a value */
+		*p = new_value;
+		return SUCCESS;
+	}
+
+	/* Shortcut: When we have a open_basedir and someone tries to unset, we know it'll fail */
+	if (!new_value || !*new_value) {
+		return FAILURE;
+	}
+
+	/* Is the proposed open_basedir at least as restrictive as the current setting? */
+	ptr = pathbuf = estrdup(new_value);
+	while (ptr && *ptr) {
+		end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+		if (end != NULL) {
+			*end = '\0';
+			end++;
+		}
+		if (php_check_open_basedir_ex(ptr, 0 TSRMLS_CC) != 0) {
+			/* At least one portion of this open_basedir is less restrictive than the prior one, FAIL */
+			efree(pathbuf);
+			return FAILURE;
+		}
+		ptr = end;
+	}
+	efree(pathbuf);
+
+	/* Everything checks out, set it */
+	*p = new_value;
+
+	return SUCCESS;
+}
+/* }}} */
+
+
 /* {{{ php_check_specific_open_basedir
 	When open_basedir is not NULL, check if the given filename is located in
 	open_basedir. Returns -1 if error or not in the open_basedir, else 0

main/fopen_wrappers.h

@@ -23,6 +23,7 @@
 
 BEGIN_EXTERN_C()
 #include "php_globals.h"
+#include "php_ini.h"
 
 PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC);
 PHPAPI char *expand_filepath(const char *filepath, char *real_path TSRMLS_DC);
@@ -35,6 +36,8 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
 
 PHPAPI int php_is_url(char *path);
 PHPAPI char *php_strip_url_passwd(char *path);
+
+PHPAPI ZEND_INI_MH(OnUpdateBaseDir);
 END_EXTERN_C()
 
 #endif

main/main.c

@@ -339,6 +339,7 @@ static PHP_INI_MH(OnUpdateDefaultMimetype)
 #else
 #	define DEFAULT_SENDMAIL_PATH NULL
 #endif
+
 /* {{{ PHP_INI
  */
 PHP_INI_BEGIN()
@@ -392,7 +393,7 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("extension_dir",			PHP_EXTENSION_DIR,		PHP_INI_SYSTEM,		OnUpdateStringUnempty,	extension_dir,			php_core_globals,	core_globals)
 	STD_PHP_INI_ENTRY("include_path",			PHP_INCLUDE_PATH,		PHP_INI_ALL,		OnUpdateStringUnempty,	include_path,			php_core_globals,	core_globals)
 	PHP_INI_ENTRY("max_execution_time",			"30",		PHP_INI_ALL,			OnUpdateTimeout)
-	STD_PHP_INI_ENTRY("open_basedir",			NULL,		PHP_INI_SYSTEM,		OnUpdateString,			open_basedir,			php_core_globals,	core_globals)
+	STD_PHP_INI_ENTRY("open_basedir",			NULL,		PHP_INI_ALL,		OnUpdateBaseDir,			open_basedir,			php_core_globals,	core_globals)
 
 	STD_PHP_INI_BOOLEAN("file_uploads",			"1",		PHP_INI_SYSTEM,		OnUpdateBool,			file_uploads,			php_core_globals,	core_globals)
 	STD_PHP_INI_ENTRY("upload_max_filesize",	"2M",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLong,			upload_max_filesize,	php_core_globals,	core_globals)