Permalink
Browse files

Allow disabling of allow_url_include in a Runkit_Sandbox (PHP >= 5.2)

New test was added
  • Loading branch information...
1 parent bb22dc0 commit 5e179e978af79444d3c877d5681ea91d15134a01 @sgolemon sgolemon committed with Apr 4, 2013
Showing with 38 additions and 0 deletions.
  1. +2 −0 package.xml
  2. +17 −0 runkit_sandbox.c
  3. +19 −0 tests/Runkit_Sandbox.allow_url_include.phpt
View
@@ -45,6 +45,7 @@ Execute code in restricted environment (sandboxing).
in runkit_default_property_remove function. Pass the TRUE value to remove property from existing objects.
This feature works in PHP 5.x and above. The default value for this parameter is FALSE.
+ Namespaces are fully supported by constants manipulation functions (Thanks to Antony Dovgal)
+ + Allow disabling of allow_url_include in a Runkit_Sandbox (PHP >= 5.2) (Thanks to Sara Golemon)
Critical fixes:
* Highly probable crashes on using Reflection objects after modifying removing or renaming of functions, methods, and properties,
@@ -168,6 +169,7 @@ Execute code in restricted environment (sandboxing).
<file name="runkit_return_value_used.phpt" role="test" />
<file name="runkit_zval_inspect.phpt" role="test" />
<file name="runkit_static_vars.phpt" role="test" />
+ <file name="Runkit_Sandbox.allow_url_include.phpt" role="test" />
<file name="Runkit_Sandbox.open_basedir.phpt" role="test" />
<file name="Runkit_Sandbox_.active.phpt" role="test" />
<file name="Runkit_Sandbox_.output_handler.phpt" role="test" />
View
@@ -212,6 +212,8 @@ newstr_ok: ;
* open_basedir must be at or below the currently defined basedir for the same reason that safe_mode can only be turned on
* allow_url_fopen = false
* allow_url_fopen may only be turned off for a sandbox, not on. Once again, don't castrate the existing restrictions
+ * allow_url_include = false
+ * allow_url_include may only be turned off for a sandbox, not on. Once again, don't castrate the existing restrictions
* disable_functions = coma_separated,list_of,additional_functions
* ADDITIONAL functions, on top of already disabled functions to disable
* disable_classes = coma_separated,list_of,additional_classes
@@ -228,6 +230,9 @@ static inline void php_runkit_sandbox_ini_override(php_runkit_sandbox_object *ob
zend_bool safe_mode, safe_mode_gid;
HashTable *safe_mode_include_dirs = NULL;
#endif
+#ifdef ZEND_ENGINE_2_2
+ zend_bool allow_url_include;
+#endif
HashTable *open_basedirs = NULL;
zval **tmpzval;
@@ -247,6 +252,9 @@ static inline void php_runkit_sandbox_ini_override(php_runkit_sandbox_object *ob
open_basedirs = php_runkit_sandbox_parse_multipath(PG(open_basedir) TSRMLS_CC);
}
allow_url_fopen = PG(allow_url_fopen);
+#ifdef ZEND_ENGINE_2_2
+ allow_url_include = PG(allow_url_include);
+#endif
}
tsrm_set_interpreter_context(objval->context);
@@ -430,6 +438,15 @@ static inline void php_runkit_sandbox_ini_override(php_runkit_sandbox_object *ob
}
}
+#ifdef ZEND_ENGINE_2_2
+ /* May only turn off */
+ if (allow_url_include &&
+ (zend_hash_find(options, "allow_url_include", sizeof("allow_url_include"), (void**)&tmpzval) == SUCCESS) &&
+ !zend_is_true(*tmpzval)) {
+ zend_alter_ini_entry("allow_url_include", sizeof("allow_url_include"), "0", 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE);
+ }
+#endif
+
if (
#if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) || (PHP_MAJOR_VERSION < 5)
safe_mode_include_dirs ||
@@ -0,0 +1,19 @@
+--TEST--
+Runkit_Sandbox - Allow disabling of allow_url_include
+--SKIPIF--
+<?php if(!extension_loaded("runkit") || !RUNKIT_FEATURE_SANDBOX) print "skip"; ?>
+--INI--
+allow_url_include="On"
+--FILE--
+<?php
+var_dump(ini_get('allow_url_include'));
+
+$s = new Runkit_Sandbox(array(
+ 'allow_url_include' => false,
+));
+
+var_dump($s->ini_get('allow_url_include'));
+
+--EXPECT--
+string(2) "On"
+string(1) "0"

0 comments on commit 5e179e9

Please sign in to comment.