diff -Nura php-4.4.0/acinclude.m4 hardening-patch-4.4.0-0.4.2/acinclude.m4 --- php-4.4.0/acinclude.m4 2005-04-30 11:31:09.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/acinclude.m4 2005-09-07 18:40:29.039955552 +0200 @@ -1173,6 +1173,36 @@ fi ]) +dnl +dnl Check for broken realpath() +dnl +dnl realpath("/etc/hosts/../passwd",XXX) should not return +dnl "/etc/passwd" +dnl +AC_DEFUN([PHP_AC_BROKEN_REALPATH],[ + AC_CACHE_CHECK(whether realpath is broken, ac_cv_broken_realpath,[ + AC_TRY_RUN([ +main() { + char buf[4096+1]; + buf[0] = 0; + realpath("/etc/hosts/../passwd", buf); + exit(strcmp(buf, "/etc/passwd")==0); +} + ],[ + ac_cv_broken_realpath=no + ],[ + ac_cv_broken_realpath=yes + ],[ + ac_cv_broken_realpath=no + ]) + ]) + if test "$ac_cv_broken_realpath" = "yes"; then + AC_DEFINE(PHP_BROKEN_REALPATH, 1, [Whether realpath is broken]) + else + AC_DEFINE(PHP_BROKEN_REALPATH, 0, [Whether realpath is broken]) + fi +]) + dnl PHP_SHARED_MODULE(module-name, object-var, build-dir, cxx) dnl dnl Basically sets up the link-stage for building module-name diff -Nura php-4.4.0/configure hardening-patch-4.4.0-0.4.2/configure --- php-4.4.0/configure 2005-07-11 12:07:33.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/configure 2005-09-07 18:45:59.447725936 +0200 @@ -394,6 +394,16 @@ ac_default_prefix=/usr/local # Any additions from configure.in: ac_help="$ac_help + --disable-hardening-patch-mm-protect Disable the Memory Manager protection." +ac_help="$ac_help + --disable-hardening-patch-ll-protect Disable the Linked List protection." +ac_help="$ac_help + --disable-hardening-patch-inc-protect Disable include/require protection." +ac_help="$ac_help + --disable-hardening-patch-fmt-protect Disable format string protection." +ac_help="$ac_help + --disable-hardening-patch-hash-protect Disable Zend HashTable DTOR protection." +ac_help="$ac_help SAPI modules: " @@ -846,6 +856,8 @@ ac_help="$ac_help --disable-tokenizer Disable tokenizer support" ac_help="$ac_help + --disable-varfilter Disable Hardening-Patch's variable filter" +ac_help="$ac_help --enable-wddx Enable WDDX support." ac_help="$ac_help --disable-xml Disable XML support using bundled expat lib" @@ -2682,6 +2694,157 @@ +# Check whether --enable-hardening-patch-mm-protect or --disable-hardening-patch-mm-protect was given. +if test "${enable_hardening_patch_mm_protect+set}" = set; then + enableval="$enable_hardening_patch_mm_protect" + + DO_HARDENING_PATCH_MM_PROTECT=$enableval + +else + + DO_HARDENING_PATCH_MM_PROTECT=yes + +fi + + +# Check whether --enable-hardening-patch-ll-protect or --disable-hardening-patch-ll-protect was given. +if test "${enable_hardening_patch_ll_protect+set}" = set; then + enableval="$enable_hardening_patch_ll_protect" + + DO_HARDENING_PATCH_LL_PROTECT=$enableval + +else + + DO_HARDENING_PATCH_LL_PROTECT=yes + +fi + + +# Check whether --enable-hardening-patch-inc-protect or --disable-hardening-patch-inc-protect was given. +if test "${enable_hardening_patch_inc_protect+set}" = set; then + enableval="$enable_hardening_patch_inc_protect" + + DO_HARDENING_PATCH_INC_PROTECT=$enableval + +else + + DO_HARDENING_PATCH_INC_PROTECT=yes + +fi + + +# Check whether --enable-hardening-patch-fmt-protect or --disable-hardening-patch-fmt-protect was given. +if test "${enable_hardening_patch_fmt_protect+set}" = set; then + enableval="$enable_hardening_patch_fmt_protect" + + DO_HARDENING_PATCH_FMT_PROTECT=$enableval + +else + + DO_HARDENING_PATCH_FMT_PROTECT=yes + +fi + + +# Check whether --enable-hardening-patch-hash-protect or --disable-hardening-patch-hash-protect was given. +if test "${enable_hardening_patch_hash_protect+set}" = set; then + enableval="$enable_hardening_patch_hash_protect" + + DO_HARDENING_PATCH_HASH_PROTECT=$enableval + +else + + DO_HARDENING_PATCH_HASH_PROTECT=yes + +fi + + +echo $ac_n "checking whether to protect the Zend Memory Manager""... $ac_c" 1>&6 +echo "configure:2725: checking whether to protect the Zend Memory Manager" >&5 +echo "$ac_t""$DO_HARDENING_PATCH_MM_PROTECT" 1>&6 + +echo $ac_n "checking whether to protect the Zend Linked Lists""... $ac_c" 1>&6 +echo "configure:2729: checking whether to protect the Zend Linked Lists" >&5 +echo "$ac_t""$DO_HARDENING_PATCH_LL_PROTECT" 1>&6 + +echo $ac_n "checking whether to protect include/require statements""... $ac_c" 1>&6 +echo "configure:2733: checking whether to protect include/require statements" >&5 +echo "$ac_t""$DO_HARDENING_PATCH_INC_PROTECT" 1>&6 + +echo $ac_n "checking whether to protect PHP Format String functions""... $ac_c" 1>&6 +echo "configure:2737: checking whether to protect PHP Format String functions" >&5 +echo "$ac_t""$DO_HARDENING_PATCH_FMT_PROTECT" 1>&6 + +echo $ac_n "checking whether to protect the Zend HashTable Destructors""... $ac_c" 1>&6 +echo "configure:2737: checking whether to protect the Zend HashTable Destructors" >&5 +echo "$ac_t""$DO_HARDENING_PATCH_HASH_PROTECT" 1>&6 + + +cat >> confdefs.h <<\EOF +#define HARDENING_PATCH 1 +EOF + + + +if test "$DO_HARDENING_PATCH_MM_PROTECT" = "yes"; then + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_MM_PROTECT 1 +EOF + +else + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_MM_PROTECT 0 +EOF + +fi + +if test "$DO_HARDENING_PATCH_LL_PROTECT" = "yes"; then + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_LL_PROTECT 1 +EOF + +else + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_LL_PROTECT 0 +EOF + +fi + +if test "$DO_HARDENING_PATCH_INC_PROTECT" = "yes"; then + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_INC_PROTECT 1 +EOF + +else + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_INC_PROTECT 0 +EOF + +fi + +if test "$DO_HARDENING_PATCH_FMT_PROTECT" = "yes"; then + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_FMT_PROTECT 1 +EOF + +else + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_FMT_PROTECT 0 +EOF + +fi + +if test "$DO_HARDENING_PATCH_HASH_PROTECT" = "yes"; then + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_HASH_PROTECT 1 +EOF + +else + cat >> confdefs.h <<\EOF +#define HARDENING_PATCH_HASH_PROTECT 0 +EOF + +fi @@ -15733,6 +15896,62 @@ fi + echo $ac_n "checking whether realpath is broken""... $ac_c" 1>&6 +echo "configure:14928: checking whether realpath is broken" >&5 +if eval "test \"`echo '$''{'ac_cv_broken_realpath'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + if test "$cross_compiling" = yes; then + + ac_cv_broken_realpath=no + +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + + ac_cv_broken_realpath=no + +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + + ac_cv_broken_realpath=yes + +fi +rm -fr conftest* +fi + + +fi + +echo "$ac_t""$ac_cv_broken_realpath" 1>&6 + if test "$ac_cv_broken_realpath" = "yes"; then + cat >> confdefs.h <<\EOF +#define PHP_BROKEN_REALPATH 1 +EOF + + else + cat >> confdefs.h <<\EOF +#define PHP_BROKEN_REALPATH 0 +EOF + + fi + + echo $ac_n "checking for declared timezone""... $ac_c" 1>&6 echo "configure:15738: checking for declared timezone" >&5 if eval "test \"`echo '$''{'ac_cv_declared_timezone'+set}'`\" = set"; then @@ -83268,7 +83487,7 @@ if test "$ac_cv_crypt_blowfish" = "yes"; then ac_result=1 else - ac_result=0 + ac_result=1 fi cat >> confdefs.h <&6 +echo "configure:82041: checking whether to enable Hardening-Patch's variable filter" >&5 +# Check whether --enable-varfilter or --disable-varfilter was given. +if test "${enable_varfilter+set}" = set; then + enableval="$enable_varfilter" + PHP_VARFILTER=$enableval +else + + PHP_VARFILTER=yes + + if test "$PHP_ENABLE_ALL" && test "yes" = "yes"; then + PHP_VARFILTER=$PHP_ENABLE_ALL + fi + +fi + + + +ext_output="yes, shared" +ext_shared=yes +case $PHP_VARFILTER in +shared,*) + PHP_VARFILTER=`echo "$PHP_VARFILTER"|sed 's/^shared,//'` + ;; +shared) + PHP_VARFILTER=yes + ;; +no) + ext_output=no + ext_shared=no + ;; +*) + ext_output=yes + ext_shared=no + ;; +esac + + + +echo "$ac_t""$ext_output" 1>&6 + + + + +if test "$PHP_VARFILTER" != "no"; then + cat >> confdefs.h <<\EOF +#define HAVE_VARFILTER 1 +EOF + + + ext_builddir=ext/varfilter + ext_srcdir=$abs_srcdir/ext/varfilter + + ac_extra= + + if test "$ext_shared" != "shared" && test "$ext_shared" != "yes" && test "" != "cli"; then + + + + case ext/varfilter in + "") ac_srcdir="$abs_srcdir/"; unset ac_bdir; ac_inc="-I. -I$abs_srcdir" ;; + /*) ac_srcdir=`echo "ext/varfilter"|cut -c 2-`"/"; ac_bdir=$ac_srcdir; ac_inc="-I$ac_bdir -I$abs_srcdir/$ac_bdir" ;; + *) ac_srcdir="$abs_srcdir/ext/varfilter/"; ac_bdir="ext/varfilter/"; ac_inc="-I$ac_bdir -I$ac_srcdir" ;; + esac + + + + b_c_pre=$php_c_pre + b_cxx_pre=$php_cxx_pre + b_c_meta=$php_c_meta + b_cxx_meta=$php_cxx_meta + b_c_post=$php_c_post + b_cxx_post=$php_cxx_post + b_lo=$php_lo + + + old_IFS=$IFS + for ac_src in varfilter.c; do + + IFS=. + set $ac_src + ac_obj=$1 + IFS=$old_IFS + + PHP_GLOBAL_OBJS="$PHP_GLOBAL_OBJS $ac_bdir$ac_obj.lo" + + case $ac_src in + *.c) ac_comp="$b_c_pre $ac_extra $ac_inc $b_c_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_c_post" ;; + *.cpp) ac_comp="$b_cxx_pre $ac_extra $ac_inc $b_cxx_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_cxx_post" ;; + esac + + cat >>Makefile.objects<>Makefile.objects<>Makefile.objects<> confdefs.h <>Makefile.objects<>Makefile.objects<&6 @@ -99988,7 +100466,7 @@ php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ streams.c network.c php_open_temporary_file.c php_logos.c \ - output.c memory_streams.c user_streams.c; do + output.c memory_streams.c user_streams.c hardening_patch.c; do IFS=. set $ac_src @@ -100161,7 +100639,7 @@ zend_opcode.c zend_operators.c zend_ptr_stack.c zend_stack.c \ zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \ zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ - zend_ini.c zend_qsort.c zend_multibyte.c zend_strtod.c; do + zend_ini.c zend_qsort.c zend_multibyte.c zend_strtod.c zend_canary.c; do IFS=. set $ac_src diff -Nura php-4.4.0/configure.in hardening-patch-4.4.0-0.4.2/configure.in --- php-4.4.0/configure.in 2005-07-11 09:45:09.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/configure.in 2005-09-07 18:40:29.076949928 +0200 @@ -238,7 +238,7 @@ sinclude(Zend/acinclude.m4) sinclude(Zend/Zend.m4) sinclude(TSRM/tsrm.m4) - +sinclude(main/hardening_patch.m4) divert(2) @@ -612,6 +612,7 @@ AC_FUNC_ALLOCA dnl PHP_AC_BROKEN_SPRINTF dnl PHP_AC_BROKEN_SNPRINTF +PHP_AC_BROKEN_REALPATH PHP_DECLARED_TIMEZONE PHP_TIME_R_TYPE PHP_READDIR_R_TYPE @@ -1241,7 +1242,7 @@ php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ streams.c network.c php_open_temporary_file.c php_logos.c \ - output.c memory_streams.c user_streams.c) + output.c memory_streams.c user_streams.c hardening_patch.c) PHP_ADD_SOURCES(/main, internal_functions.c,, sapi) PHP_ADD_SOURCES(/main, internal_functions_cli.c,, cli) @@ -1254,7 +1255,7 @@ zend_opcode.c zend_operators.c zend_ptr_stack.c zend_stack.c \ zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \ zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ - zend_ini.c zend_qsort.c zend_multibyte.c zend_strtod.c) + zend_ini.c zend_qsort.c zend_multibyte.c zend_strtod.c zend_canary.c ) if test -r "$abs_srcdir/Zend/zend_objects.c"; then PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_mm.c) diff -Nura php-4.4.0/ext/fbsql/php_fbsql.c hardening-patch-4.4.0-0.4.2/ext/fbsql/php_fbsql.c --- php-4.4.0/ext/fbsql/php_fbsql.c 2005-02-09 20:33:32.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/fbsql/php_fbsql.c 2005-09-07 18:40:29.078949624 +0200 @@ -1797,8 +1797,24 @@ } else if (fbcmdErrorsFound(md)) { +#if HARDENING_PATCH + char* query_copy; + int i; +#endif FBCErrorMetaData* emd = fbcdcErrorMetaData(c, md); char* emg = fbcemdAllErrorMessages(emd); +#if HARDENING_PATCH + query_copy=estrdup(query_copy); + for (i=0; query_copy[i]; i++) if (query_copy[i]<32) query_copy[i]='.'; + php_security_log(S_SQL, "fbsql error: %s - query: %s", emg, query_copy); + efree(query_copy); + if (HG(hphp_sql_bailout_on_error)) { + free(emg); + fbcemdRelease(emd); + result = 0; + zend_bailout(); + } +#endif if (FB_SQL_G(generateWarnings)) { if (emg) diff -Nura php-4.4.0/ext/mbstring/mbstring.c hardening-patch-4.4.0-0.4.2/ext/mbstring/mbstring.c --- php-4.4.0/ext/mbstring/mbstring.c 2005-02-21 09:03:47.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/mbstring/mbstring.c 2005-09-07 18:40:29.080949320 +0200 @@ -1487,6 +1487,7 @@ char *strtok_buf = NULL, **val_list; zval *array_ptr = (zval *) arg; int n, num, val_len, *len_list; + unsigned int new_val_len; enum mbfl_no_encoding from_encoding; mbfl_string string, resvar, resval; mbfl_encoding_detector *identd = NULL; @@ -1609,8 +1610,14 @@ val_len = len_list[n]; } n++; - /* add variable to symbol table */ - php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); + /* we need val to be emalloc()ed */ + val = estrndup(val, val_len); + if (sapi_module.input_filter(info->data_type, var, &val, val_len, &new_val_len TSRMLS_CC)) { + /* add variable to symbol table */ + php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); + } + efree(val); + if (convd != NULL){ mbfl_string_clear(&resvar); mbfl_string_clear(&resval); diff -Nura php-4.4.0/ext/mysql/php_mysql.c hardening-patch-4.4.0-0.4.2/ext/mysql/php_mysql.c --- php-4.4.0/ext/mysql/php_mysql.c 2005-04-08 00:23:01.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/ext/mysql/php_mysql.c 2005-09-07 18:40:29.082949016 +0200 @@ -1218,6 +1218,8 @@ { php_mysql_conn *mysql; MYSQL_RES *mysql_result; + char *copy_query; + int i; ZEND_FETCH_RESOURCE2(mysql, php_mysql_conn *, mysql_link, link_id, "MySQL-Link", le_link, le_plink); @@ -1268,6 +1270,13 @@ php_error_docref("http://www.mysql.com/doc" TSRMLS_CC, E_WARNING, "%s", mysql_error(&mysql->conn)); } } + copy_query = estrdup(Z_STRVAL_PP(query)); + for (i=0; copy_query[i]; i++) if (copy_query[i] < 32) copy_query[i]='.'; + php_security_log(S_SQL, "MySQL error: %s - query: %s", mysql_error(&mysql->conn), copy_query); + efree(copy_query); + if (HG(hphp_sql_bailout_on_error)) { + zend_bailout(); + } RETURN_FALSE; } #else @@ -1275,12 +1284,20 @@ /* check possible error */ if (MySG(trace_mode)){ if (mysql_errno(&mysql->conn)){ - php_error_docref("http://www.mysql.com/doc" TSRMLS_CC, E_WARNING, mysql_error(&mysql->conn)); + php_error_docref("http://www.mysql.com/doc" TSRMLS_CC, E_WARNING, "%s", mysql_error(&mysql->conn)); } } + copy_query = estrdup(Z_STRVAL_PP(query)); + for (i=0; copy_query[i]; i++) if (copy_query[i] < 32) copy_query[i]='.'; + php_security_log(S_SQL, "MySQL error: %s - query: %s", mysql_error(&mysql->conn), copy_query); + efree(copy_query); + if (HG(hphp_sql_bailout_on_error)) { + zend_bailout(); + } RETURN_FALSE; } #endif + if(use_store == MYSQL_USE_RESULT) { mysql_result=mysql_use_result(&mysql->conn); } else { diff -Nura php-4.4.0/ext/pgsql/pgsql.c hardening-patch-4.4.0-0.4.2/ext/pgsql/pgsql.c --- php-4.4.0/ext/pgsql/pgsql.c 2005-07-05 14:50:03.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/ext/pgsql/pgsql.c 2005-09-07 18:40:29.084948712 +0200 @@ -1001,10 +1001,28 @@ case PGRES_EMPTY_QUERY: case PGRES_BAD_RESPONSE: case PGRES_NONFATAL_ERROR: - case PGRES_FATAL_ERROR: - PHP_PQ_ERROR("Query failed: %s", pgsql); - PQclear(pgsql_result); - RETURN_FALSE; + case PGRES_FATAL_ERROR: + { +#if HARDENING_PATCH + int i; + char *query_copy; +#endif + char *msgbuf = _php_pgsql_trim_message(PQerrorMessage(pgsql), NULL); + PQclear(pgsql_result); +#if HARDENING_PATCH + query_copy = estrdup(Z_STRVAL_PP(query)); + for (i=0; query_copy[i]; i++) if (query_copy[i]<32) query_copy[i]='.'; + php_security_log(S_SQL, "PgSQL error: %s - query: %s", msgbuf, query_copy); + efree(query_copy); + if (HG(hphp_sql_bailout_on_error)) { + efree(msgbuf); + zend_bailout(); + } +#endif + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Query failed: %s", msgbuf); + efree(msgbuf); + RETURN_FALSE; + } break; case PGRES_COMMAND_OK: /* successful command that did not return rows */ default: diff -Nura php-4.4.0/ext/standard/array.c hardening-patch-4.4.0-0.4.2/ext/standard/array.c --- php-4.4.0/ext/standard/array.c 2005-06-21 14:11:19.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/ext/standard/array.c 2005-09-07 18:40:29.086948408 +0200 @@ -1162,6 +1162,32 @@ } } } + + if (var_name[0] == 'H') { + if ((strcmp(var_name, "HTTP_GET_VARS")==0)|| + (strcmp(var_name, "HTTP_POST_VARS")==0)|| + (strcmp(var_name, "HTTP_POST_FILES")==0)|| + (strcmp(var_name, "HTTP_ENV_VARS")==0)|| + (strcmp(var_name, "HTTP_SERVER_VARS")==0)|| + (strcmp(var_name, "HTTP_SESSION_VARS")==0)|| + (strcmp(var_name, "HTTP_COOKIE_VARS")==0)|| + (strcmp(var_name, "HTTP_RAW_POST_DATA")==0)) { + return 0; + } + } else if (var_name[0] == '_') { + if ((strcmp(var_name, "_COOKIE")==0)|| + (strcmp(var_name, "_ENV")==0)|| + (strcmp(var_name, "_FILES")==0)|| + (strcmp(var_name, "_GET")==0)|| + (strcmp(var_name, "_POST")==0)|| + (strcmp(var_name, "_REQUEST")==0)|| + (strcmp(var_name, "_SESSION")==0)|| + (strcmp(var_name, "_SERVER")==0)) { + return 0; + } + } else if (strcmp(var_name, "GLOBALS")==0) { + return 0; + } return 1; } diff -Nura php-4.4.0/ext/standard/basic_functions.c hardening-patch-4.4.0-0.4.2/ext/standard/basic_functions.c --- php-4.4.0/ext/standard/basic_functions.c 2005-05-16 10:55:31.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/ext/standard/basic_functions.c 2005-09-07 18:58:15.014902728 +0200 @@ -118,12 +118,14 @@ typedef struct _php_shutdown_function_entry { zval **arguments; int arg_count; + zend_bool created_by_eval; } php_shutdown_function_entry; typedef struct _user_tick_function_entry { zval **arguments; int arg_count; int calling; + zend_bool created_by_eval; } user_tick_function_entry; /* some prototypes for local functions */ @@ -306,6 +308,8 @@ PHP_FE(get_html_translation_table, NULL) PHP_FE(sha1, NULL) PHP_FE(sha1_file, NULL) + PHP_FE(sha256, NULL) + PHP_FE(sha256_file, NULL) PHP_NAMED_FE(md5,php_if_md5, NULL) PHP_NAMED_FE(md5_file,php_if_md5_file, NULL) PHP_NAMED_FE(crc32,php_if_crc32, NULL) @@ -687,7 +691,7 @@ PHP_FALIAS(socket_get_status, stream_get_meta_data, NULL) #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS) - PHP_FE(realpath, NULL) + PHP_STATIC_FE("realpath", zif_real_path, NULL) #endif #ifdef HAVE_FNMATCH @@ -2104,6 +2108,13 @@ { zval retval; char *function_name = NULL; +#if HARDENING_PATCH + zend_uint orig_code_type = EG(in_code_type); + + if (shutdown_function_entry->created_by_eval) { + EG(in_code_type) = ZEND_EVAL_CODE; + } +#endif if (!zend_is_callable(shutdown_function_entry->arguments[0], 0, &function_name)) { php_error(E_WARNING, "(Registered shutdown functions) Unable to call %s() - function does not exist", function_name); @@ -2119,6 +2130,9 @@ if (function_name) { efree(function_name); } +#if HARDENING_PATCH + EG(in_code_type) = orig_code_type; +#endif return 0; } @@ -2126,6 +2140,13 @@ { zval retval; zval *function = tick_fe->arguments[0]; +#if HARDENING_PATCH + zend_uint orig_code_type = EG(in_code_type); + + if (tick_fe->created_by_eval) { + EG(in_code_type) = ZEND_EVAL_CODE; + } +#endif /* Prevent reentrant calls to the same user ticks function */ if (! tick_fe->calling) { @@ -2157,6 +2178,9 @@ tick_fe->calling = 0; } +#if HARDENING_PATCH + EG(in_code_type) = orig_code_type; +#endif } static void run_user_tick_functions(int tick_count) @@ -2224,6 +2248,13 @@ if (zend_get_parameters_array(ht, shutdown_function_entry.arg_count, shutdown_function_entry.arguments) == FAILURE) { RETURN_FALSE; } +#if HARDENING_PATCH + if (EG(in_code_type)==ZEND_EVAL_CODE) { + shutdown_function_entry.created_by_eval = 1; + } else { + shutdown_function_entry.created_by_eval = 0; + } +#endif /* Prevent entering of anything but valid callback (syntax check only!) */ if (!zend_is_callable(shutdown_function_entry.arguments[0], 1, &function_name)) { @@ -2761,6 +2792,13 @@ } tick_fe.arguments = (zval **) safe_emalloc(sizeof(zval *), tick_fe.arg_count, 0); +#if HARDENING_PATCH + if (EG(in_code_type)==ZEND_EVAL_CODE) { + tick_fe.created_by_eval = 1; + } else { + tick_fe.created_by_eval = 0; + } +#endif if (zend_get_parameters_array(ht, tick_fe.arg_count, tick_fe.arguments) == FAILURE) { RETURN_FALSE; @@ -3044,6 +3082,35 @@ memcpy(new_key, prefix, prefix_len); memcpy(new_key+prefix_len, hash_key->arKey, hash_key->nKeyLength); + if (new_key[0] == 'H') { + if ((strcmp(new_key, "HTTP_GET_VARS")==0)|| + (strcmp(new_key, "HTTP_POST_VARS")==0)|| + (strcmp(new_key, "HTTP_POST_FILES")==0)|| + (strcmp(new_key, "HTTP_ENV_VARS")==0)|| + (strcmp(new_key, "HTTP_SERVER_VARS")==0)|| + (strcmp(new_key, "HTTP_SESSION_VARS")==0)|| + (strcmp(new_key, "HTTP_COOKIE_VARS")==0)|| + (strcmp(new_key, "HTTP_RAW_POST_DATA")==0)) { + efree(new_key); + return 0; + } + } else if (new_key[0] == '_') { + if ((strcmp(new_key, "_COOKIE")==0)|| + (strcmp(new_key, "_ENV")==0)|| + (strcmp(new_key, "_FILES")==0)|| + (strcmp(new_key, "_GET")==0)|| + (strcmp(new_key, "_POST")==0)|| + (strcmp(new_key, "_REQUEST")==0)|| + (strcmp(new_key, "_SESSION")==0)|| + (strcmp(new_key, "_SERVER")==0)) { + efree(new_key); + return 0; + } + } else if (strcmp(new_key, "GLOBALS")==0) { + efree(new_key); + return 0; + } + zend_hash_del(&EG(symbol_table), new_key, new_key_len); ZEND_SET_SYMBOL_WITH_LENGTH(&EG(symbol_table), new_key, new_key_len, *var, (*var)->refcount+1, 0); diff -Nura php-4.4.0/ext/standard/config.m4 hardening-patch-4.4.0-0.4.2/ext/standard/config.m4 --- php-4.4.0/ext/standard/config.m4 2004-12-30 08:02:18.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/standard/config.m4 2005-09-07 18:57:05.150523728 +0200 @@ -203,7 +203,7 @@ if test "$ac_cv_crypt_blowfish" = "yes"; then ac_result=1 else - ac_result=0 + ac_result=1 fi AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, $ac_result, [Whether the system supports BlowFish salt]) ]) @@ -419,6 +419,6 @@ url_scanner.c var.c versioning.c assert.c strnatcmp.c levenshtein.c \ incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \ http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \ - var_unserializer.c ftok.c aggregation.c sha1.c ) + var_unserializer.c ftok.c aggregation.c sha1.c sha256.c crypt_blowfish.c ) PHP_ADD_MAKEFILE_FRAGMENT diff -Nura php-4.4.0/ext/standard/crypt_blowfish.c hardening-patch-4.4.0-0.4.2/ext/standard/crypt_blowfish.c --- php-4.4.0/ext/standard/crypt_blowfish.c 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/standard/crypt_blowfish.c 2005-09-07 14:19:05.000000000 +0200 @@ -0,0 +1,748 @@ +/* + * This code comes from John the Ripper password cracker, with reentrant + * and crypt(3) interfaces added, but optimizations specific to password + * cracking removed. + * + * Written by Solar Designer in 1998-2002 and + * placed in the public domain. + * + * There's absolutely no warranty. + * + * It is my intent that you should be able to use this on your system, + * as a part of a software package, or anywhere else to improve security, + * ensure compatibility, or for any other purpose. I would appreciate + * it if you give credit where it is due and keep your modifications in + * the public domain as well, but I don't require that in order to let + * you place this code and any modifications you make under a license + * of your choice. + * + * This implementation is compatible with OpenBSD bcrypt.c (version 2a) + * by Niels Provos , and uses some of his + * ideas. The password hashing algorithm was designed by David Mazieres + * . + * + * There's a paper on the algorithm that explains its design decisions: + * + * http://www.usenix.org/events/usenix99/provos.html + * + * Some of the tricks in BF_ROUND might be inspired by Eric Young's + * Blowfish library (I can't be sure if I would think of something if I + * hadn't seen his code). + */ + +#include + +#include +#ifndef __set_errno +#define __set_errno(val) errno = (val) +#endif + +#undef __CONST +#ifdef __GNUC__ +#define __CONST __const +#else +#define __CONST +#endif + +#ifdef __i386__ +#define BF_ASM 0 +#define BF_SCALE 1 +#elif defined(__alpha__) || defined(__hppa__) +#define BF_ASM 0 +#define BF_SCALE 1 +#else +#define BF_ASM 0 +#define BF_SCALE 0 +#endif + +typedef unsigned int BF_word; + +/* Number of Blowfish rounds, this is also hardcoded into a few places */ +#define BF_N 16 + +typedef BF_word BF_key[BF_N + 2]; + +typedef struct { + BF_word S[4][0x100]; + BF_key P; +} BF_ctx; + +/* + * Magic IV for 64 Blowfish encryptions that we do at the end. + * The string is "OrpheanBeholderScryDoubt" on big-endian. + */ +static BF_word BF_magic_w[6] = { + 0x4F727068, 0x65616E42, 0x65686F6C, + 0x64657253, 0x63727944, 0x6F756274 +}; + +/* + * P-box and S-box tables initialized with digits of Pi. + */ +static BF_ctx BF_init_state = { + { + { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a + }, { + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 + }, { + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 + }, { + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + } + }, { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b + } +}; + +static unsigned char BF_itoa64[64 + 1] = + "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; + +static unsigned char BF_atoi64[0x60] = { + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 0, 1, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 64, 64, 64, 64, 64, + 64, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 64, 64, 64, 64, 64, + 64, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, + 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 64, 64, 64, 64, 64 +}; + +/* + * This may be optimized out if built with function inlining and no BF_ASM. + */ +static void clean(void *data, int size) +{ +#if BF_ASM + extern void _BF_clean(void *data); +#endif + memset(data, 0, size); +#if BF_ASM + _BF_clean(data); +#endif +} + +#define BF_safe_atoi64(dst, src) \ +{ \ + tmp = (unsigned char)(src); \ + if (tmp == '$') break; \ + if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \ + tmp = BF_atoi64[tmp]; \ + if (tmp > 63) return -1; \ + (dst) = tmp; \ +} + +static int BF_decode(BF_word *dst, __CONST char *src, int size) +{ + unsigned char *dptr = (unsigned char *)dst; + unsigned char *end = dptr + size; + unsigned char *sptr = (unsigned char *)src; + unsigned int tmp, c1, c2, c3, c4; + + do { + BF_safe_atoi64(c1, *sptr++); + BF_safe_atoi64(c2, *sptr++); + *dptr++ = (c1 << 2) | ((c2 & 0x30) >> 4); + if (dptr >= end) break; + + BF_safe_atoi64(c3, *sptr++); + *dptr++ = ((c2 & 0x0F) << 4) | ((c3 & 0x3C) >> 2); + if (dptr >= end) break; + + BF_safe_atoi64(c4, *sptr++); + *dptr++ = ((c3 & 0x03) << 6) | c4; + } while (dptr < end); + + while (dptr < end) + *dptr++ = 0; + + return 0; +} + +static void BF_encode(char *dst, __CONST BF_word *src, int size) +{ + unsigned char *sptr = (unsigned char *)src; + unsigned char *end = sptr + size; + unsigned char *dptr = (unsigned char *)dst; + unsigned int c1, c2; + + do { + c1 = *sptr++; + *dptr++ = BF_itoa64[c1 >> 2]; + c1 = (c1 & 0x03) << 4; + if (sptr >= end) { + *dptr++ = BF_itoa64[c1]; + break; + } + + c2 = *sptr++; + c1 |= c2 >> 4; + *dptr++ = BF_itoa64[c1]; + c1 = (c2 & 0x0f) << 2; + if (sptr >= end) { + *dptr++ = BF_itoa64[c1]; + break; + } + + c2 = *sptr++; + c1 |= c2 >> 6; + *dptr++ = BF_itoa64[c1]; + *dptr++ = BF_itoa64[c2 & 0x3f]; + } while (sptr < end); +} + +static void BF_swap(BF_word *x, int count) +{ + static int endianness_check = 1; + char *is_little_endian = (char *)&endianness_check; + BF_word tmp; + + if (*is_little_endian) + do { + tmp = *x; + tmp = (tmp << 16) | (tmp >> 16); + *x++ = ((tmp & 0x00FF00FF) << 8) | ((tmp >> 8) & 0x00FF00FF); + } while (--count); +} + +#if BF_SCALE +/* Architectures which can shift addresses left by 2 bits with no extra cost */ +#define BF_ROUND(L, R, N) \ + tmp1 = L & 0xFF; \ + tmp2 = L >> 8; \ + tmp2 &= 0xFF; \ + tmp3 = L >> 16; \ + tmp3 &= 0xFF; \ + tmp4 = L >> 24; \ + tmp1 = data.ctx.S[3][tmp1]; \ + tmp2 = data.ctx.S[2][tmp2]; \ + tmp3 = data.ctx.S[1][tmp3]; \ + tmp3 += data.ctx.S[0][tmp4]; \ + tmp3 ^= tmp2; \ + R ^= data.ctx.P[N + 1]; \ + tmp3 += tmp1; \ + R ^= tmp3; +#else +/* Architectures with no complicated addressing modes supported */ +#define BF_INDEX(S, i) \ + (*((BF_word *)(((unsigned char *)S) + (i)))) +#define BF_ROUND(L, R, N) \ + tmp1 = L & 0xFF; \ + tmp1 <<= 2; \ + tmp2 = L >> 6; \ + tmp2 &= 0x3FC; \ + tmp3 = L >> 14; \ + tmp3 &= 0x3FC; \ + tmp4 = L >> 22; \ + tmp4 &= 0x3FC; \ + tmp1 = BF_INDEX(data.ctx.S[3], tmp1); \ + tmp2 = BF_INDEX(data.ctx.S[2], tmp2); \ + tmp3 = BF_INDEX(data.ctx.S[1], tmp3); \ + tmp3 += BF_INDEX(data.ctx.S[0], tmp4); \ + tmp3 ^= tmp2; \ + R ^= data.ctx.P[N + 1]; \ + tmp3 += tmp1; \ + R ^= tmp3; +#endif + +/* + * Encrypt one block, BF_N is hardcoded here. + */ +#define BF_ENCRYPT \ + L ^= data.ctx.P[0]; \ + BF_ROUND(L, R, 0); \ + BF_ROUND(R, L, 1); \ + BF_ROUND(L, R, 2); \ + BF_ROUND(R, L, 3); \ + BF_ROUND(L, R, 4); \ + BF_ROUND(R, L, 5); \ + BF_ROUND(L, R, 6); \ + BF_ROUND(R, L, 7); \ + BF_ROUND(L, R, 8); \ + BF_ROUND(R, L, 9); \ + BF_ROUND(L, R, 10); \ + BF_ROUND(R, L, 11); \ + BF_ROUND(L, R, 12); \ + BF_ROUND(R, L, 13); \ + BF_ROUND(L, R, 14); \ + BF_ROUND(R, L, 15); \ + tmp4 = R; \ + R = L; \ + L = tmp4 ^ data.ctx.P[BF_N + 1]; + +#if BF_ASM +#define BF_body() \ + _BF_body_r(&data.ctx); +#else +#define BF_body() \ + L = R = 0; \ + ptr = data.ctx.P; \ + do { \ + ptr += 2; \ + BF_ENCRYPT; \ + *(ptr - 2) = L; \ + *(ptr - 1) = R; \ + } while (ptr < &data.ctx.P[BF_N + 2]); \ +\ + ptr = data.ctx.S[0]; \ + do { \ + ptr += 2; \ + BF_ENCRYPT; \ + *(ptr - 2) = L; \ + *(ptr - 1) = R; \ + } while (ptr < &data.ctx.S[3][0xFF]); +#endif + +static void BF_set_key(__CONST char *key, BF_key expanded, BF_key initial) +{ + __CONST char *ptr = key; + int i, j; + BF_word tmp; + + for (i = 0; i < BF_N + 2; i++) { + tmp = 0; + for (j = 0; j < 4; j++) { + tmp <<= 8; + tmp |= *ptr; + + if (!*ptr) ptr = key; else ptr++; + } + + expanded[i] = tmp; + initial[i] = BF_init_state.P[i] ^ tmp; + } +} + +char *_crypt_blowfish_rn(__CONST char *key, __CONST char *setting, + char *output, int size) +{ +#if BF_ASM + extern void _BF_body_r(BF_ctx *ctx); +#endif + struct { + BF_ctx ctx; + BF_key expanded_key; + union { + BF_word salt[4]; + BF_word output[6]; + } binary; + } data; + BF_word L, R; + BF_word tmp1, tmp2, tmp3, tmp4; + BF_word *ptr; + BF_word count; + int i; + + if (size < 7 + 22 + 31 + 1) { + __set_errno(ERANGE); + return NULL; + } + + if (setting[0] != '$' || + setting[1] != '2' || + setting[2] != 'a' || + setting[3] != '$' || + setting[4] < '0' || setting[4] > '3' || + setting[5] < '0' || setting[5] > '9' || + setting[6] != '$') { + __set_errno(EINVAL); + return NULL; + } + + count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); + if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16)) { + clean(data.binary.salt, sizeof(data.binary.salt)); + __set_errno(EINVAL); + return NULL; + } + + BF_swap(data.binary.salt, 4); + + BF_set_key(key, data.expanded_key, data.ctx.P); + + memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S)); + + L = R = 0; + for (i = 0; i < BF_N + 2; i += 2) { + L ^= data.binary.salt[i & 2]; + R ^= data.binary.salt[(i & 2) + 1]; + BF_ENCRYPT; + data.ctx.P[i] = L; + data.ctx.P[i + 1] = R; + } + + ptr = data.ctx.S[0]; + do { + ptr += 4; + L ^= data.binary.salt[(BF_N + 2) & 3]; + R ^= data.binary.salt[(BF_N + 3) & 3]; + BF_ENCRYPT; + *(ptr - 4) = L; + *(ptr - 3) = R; + + L ^= data.binary.salt[(BF_N + 4) & 3]; + R ^= data.binary.salt[(BF_N + 5) & 3]; + BF_ENCRYPT; + *(ptr - 2) = L; + *(ptr - 1) = R; + } while (ptr < &data.ctx.S[3][0xFF]); + + do { + data.ctx.P[0] ^= data.expanded_key[0]; + data.ctx.P[1] ^= data.expanded_key[1]; + data.ctx.P[2] ^= data.expanded_key[2]; + data.ctx.P[3] ^= data.expanded_key[3]; + data.ctx.P[4] ^= data.expanded_key[4]; + data.ctx.P[5] ^= data.expanded_key[5]; + data.ctx.P[6] ^= data.expanded_key[6]; + data.ctx.P[7] ^= data.expanded_key[7]; + data.ctx.P[8] ^= data.expanded_key[8]; + data.ctx.P[9] ^= data.expanded_key[9]; + data.ctx.P[10] ^= data.expanded_key[10]; + data.ctx.P[11] ^= data.expanded_key[11]; + data.ctx.P[12] ^= data.expanded_key[12]; + data.ctx.P[13] ^= data.expanded_key[13]; + data.ctx.P[14] ^= data.expanded_key[14]; + data.ctx.P[15] ^= data.expanded_key[15]; + data.ctx.P[16] ^= data.expanded_key[16]; + data.ctx.P[17] ^= data.expanded_key[17]; + + BF_body(); + + tmp1 = data.binary.salt[0]; + tmp2 = data.binary.salt[1]; + tmp3 = data.binary.salt[2]; + tmp4 = data.binary.salt[3]; + data.ctx.P[0] ^= tmp1; + data.ctx.P[1] ^= tmp2; + data.ctx.P[2] ^= tmp3; + data.ctx.P[3] ^= tmp4; + data.ctx.P[4] ^= tmp1; + data.ctx.P[5] ^= tmp2; + data.ctx.P[6] ^= tmp3; + data.ctx.P[7] ^= tmp4; + data.ctx.P[8] ^= tmp1; + data.ctx.P[9] ^= tmp2; + data.ctx.P[10] ^= tmp3; + data.ctx.P[11] ^= tmp4; + data.ctx.P[12] ^= tmp1; + data.ctx.P[13] ^= tmp2; + data.ctx.P[14] ^= tmp3; + data.ctx.P[15] ^= tmp4; + data.ctx.P[16] ^= tmp1; + data.ctx.P[17] ^= tmp2; + + BF_body(); + } while (--count); + + for (i = 0; i < 6; i += 2) { + L = BF_magic_w[i]; + R = BF_magic_w[i + 1]; + + count = 64; + do { + BF_ENCRYPT; + } while (--count); + + data.binary.output[i] = L; + data.binary.output[i + 1] = R; + } + + memcpy(output, setting, 7 + 22 - 1); + output[7 + 22 - 1] = BF_itoa64[(int) + BF_atoi64[(int)setting[7 + 22 - 1] - 0x20] & 0x30]; + +/* This has to be bug-compatible with the original implementation, so + * only encode 23 of the 24 bytes. :-) */ + BF_swap(data.binary.output, 6); + BF_encode(&output[7 + 22], data.binary.output, 23); + output[7 + 22 + 31] = '\0'; + +/* Overwrite the most obvious sensitive data we have on the stack. Note + * that this does not guarantee there's no sensitive data left on the + * stack and/or in registers; I'm not aware of portable code that does. */ + clean(&data, sizeof(data)); + + return output; +} + +char *_crypt_gensalt_blowfish_rn(unsigned long count, + __CONST char *input, int size, char *output, int output_size) +{ + if (size < 16 || output_size < 7 + 22 + 1 || + (count && (count < 4 || count > 31))) { + if (output_size > 0) output[0] = '\0'; + __set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL); + return NULL; + } + + if (!count) count = 5; + + output[0] = '$'; + output[1] = '2'; + output[2] = 'a'; + output[3] = '$'; + output[4] = '0' + count / 10; + output[5] = '0' + count % 10; + output[6] = '$'; + + BF_encode(&output[7], (BF_word *)input, 16); + output[7 + 22] = '\0'; + + return output; +} diff -Nura php-4.4.0/ext/standard/crypt.c hardening-patch-4.4.0-0.4.2/ext/standard/crypt.c --- php-4.4.0/ext/standard/crypt.c 2004-01-19 04:16:04.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/standard/crypt.c 2005-09-07 18:57:43.585680696 +0200 @@ -100,6 +100,8 @@ return SUCCESS; } +char *_crypt_blowfish_rn(char *key, char *setting, char *output, int size); +char *_crypt_gensalt_blowfish_rn(unsigned long count, char *input, int size, char *output, int output_size); static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; @@ -135,7 +137,14 @@ /* The automatic salt generation only covers standard DES and md5-crypt */ if(!*salt) { -#if PHP_MD5_CRYPT +#if PHP_BLOWFISH_CRYPT + char randat[16]; + int i; + + for (i=0; i<16; i++) randat[i] = PHP_CRYPT_RAND; + + _crypt_gensalt_blowfish_rn(5, randat, sizeof(randat), salt, sizeof(salt)); +#elif PHP_MD5_CRYPT strcpy(salt, "$1$"); php_to64(&salt[3], PHP_CRYPT_RAND, 4); php_to64(&salt[7], PHP_CRYPT_RAND, 4); @@ -145,8 +154,24 @@ salt[2] = '\0'; #endif } - - RETVAL_STRING(crypt(str, salt), 1); + + if (salt[0] == '$' && + salt[1] == '2' && + salt[2] == 'a' && + salt[3] == '$' && + salt[4] >= '0' && salt[4] <= '3' && + salt[5] >= '0' && salt[5] <= '9' && + salt[6] == '$') { + + char output[PHP_MAX_SALT_LEN+1]; + + output[0] = 0; + _crypt_blowfish_rn(str, salt, output, sizeof(output)); + RETVAL_STRING(output, 1); + + } else { + RETVAL_STRING(crypt(str, salt), 1); + } } /* }}} */ #endif diff -Nura php-4.4.0/ext/standard/dl.c hardening-patch-4.4.0-0.4.2/ext/standard/dl.c --- php-4.4.0/ext/standard/dl.c 2003-01-29 16:40:24.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/standard/dl.c 2005-09-07 18:40:29.088948104 +0200 @@ -182,8 +182,35 @@ RETURN_FALSE; } module_entry = get_module(); + + /* check if Hardening-Patch is installed */ + if (module_entry->zend_api < 1000000000) { + php_error_docref(NULL TSRMLS_CC, error_type, + "%s: Unable to initialize module\n" + "Module compiled without Hardening-Patch, module API=%d, debug=%d, thread-safety=%d\n" + "PHP compiled with Hardening-Patch=%d, module API=%d, debug=%d, thread-safety=%d\n" + "These options need to match\n", + module_entry->name, module_entry->zend_api, module_entry->zend_debug, module_entry->zts, + HARDENING_PATCH_ZEND_MODULE_API_NO, ZEND_MODULE_API_NO, ZEND_DEBUG, USING_ZTS); + DL_UNLOAD(handle); + RETURN_FALSE; + } + + /* check if correct Hardening-Patch is installed */ + if (module_entry->zend_api != HARDENING_PATCH_ZEND_MODULE_API_NO) { + php_error_docref(NULL TSRMLS_CC, error_type, + "%s: Unable to initialize module\n" + "Module compiled with Hardening-Patch=%d, module API=%d, debug=%d, thread-safety=%d\n" + "PHP compiled with Hardening-Patch=%d, module API=%d, debug=%d, thread-safety=%d\n" + "These options need to match\n", + module_entry->name, module_entry->zend_api, module_entry->real_zend_api, module_entry->zend_debug, module_entry->zts, + HARDENING_PATCH_ZEND_MODULE_API_NO, ZEND_MODULE_API_NO, ZEND_DEBUG, USING_ZTS); + DL_UNLOAD(handle); + RETURN_FALSE; + } + if ((module_entry->zend_debug != ZEND_DEBUG) || (module_entry->zts != USING_ZTS) - || (module_entry->zend_api != ZEND_MODULE_API_NO)) { + || (module_entry->real_zend_api != ZEND_MODULE_API_NO)) { /* Check for pre-4.1.0 module which has a slightly different module_entry structure :( */ struct pre_4_1_0_module_entry { char *name; @@ -217,7 +244,7 @@ zts = ((struct pre_4_1_0_module_entry *)module_entry)->zts; } else { name = module_entry->name; - zend_api = module_entry->zend_api; + zend_api = module_entry->real_zend_api; zend_debug = module_entry->zend_debug; zts = module_entry->zts; } diff -Nura php-4.4.0/ext/standard/file.c hardening-patch-4.4.0-0.4.2/ext/standard/file.c --- php-4.4.0/ext/standard/file.c 2005-03-27 17:53:59.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/ext/standard/file.c 2005-09-07 18:40:29.089947952 +0200 @@ -2469,7 +2469,7 @@ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS) /* {{{ proto string realpath(string path) Return the resolved path */ -PHP_FUNCTION(realpath) +PHP_FUNCTION(real_path) { zval **path; char resolved_path_buff[MAXPATHLEN]; diff -Nura php-4.4.0/ext/standard/file.h hardening-patch-4.4.0-0.4.2/ext/standard/file.h --- php-4.4.0/ext/standard/file.h 2004-06-21 21:33:47.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/ext/standard/file.h 2005-09-07 18:40:29.090947800 +0200 @@ -64,7 +64,7 @@ PHP_FUNCTION(fd_set); PHP_FUNCTION(fd_isset); #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS) -PHP_FUNCTION(realpath); +PHP_FUNCTION(real_path); #endif #ifdef HAVE_FNMATCH PHP_FUNCTION(fnmatch); diff -Nura php-4.4.0/ext/standard/head.c hardening-patch-4.4.0-0.4.2/ext/standard/head.c --- php-4.4.0/ext/standard/head.c 2005-01-07 22:14:23.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/standard/head.c 2005-09-07 18:40:29.090947800 +0200 @@ -45,10 +45,31 @@ { zend_bool rep = 1; sapi_header_line ctr = {0}; +#if HARDENING_PATCH + int i; +#endif if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|bl", &ctr.line, &ctr.line_len, &rep, &ctr.response_code) == FAILURE) return; + +#if HARDENING_PATCH + if (!HG(hphp_multiheader)) { + for (i=0; i0 && (iPHP Version %s with Hardening-Patch %s\n", PHP_VERSION, HARDENING_PATCH_VERSION); + } else { + char temp_ver[40]; + + snprintf(temp_ver, sizeof(temp_ver), "%s/%s", PHP_VERSION, HARDENING_PATCH_VERSION); + php_info_print_table_row(2, "PHP/Hardening-Patch Version", temp_ver); + } +#else if (!sapi_module.phpinfo_as_text) { php_printf("

PHP Version %s

\n", PHP_VERSION); } else { php_info_print_table_row(2, "PHP Version", PHP_VERSION); } +#endif php_info_print_box_end(); php_info_print_table_start(); php_info_print_table_row(2, "System", php_uname ); diff -Nura php-4.4.0/ext/standard/php_standard.h hardening-patch-4.4.0-0.4.2/ext/standard/php_standard.h --- php-4.4.0/ext/standard/php_standard.h 2002-12-31 17:35:33.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/standard/php_standard.h 2005-09-07 18:52:04.985155800 +0200 @@ -28,6 +28,7 @@ #include "php_mail.h" #include "md5.h" #include "sha1.h" +#include "sha256.h" #include "html.h" #include "exec.h" #include "file.h" diff -Nura php-4.4.0/ext/standard/sha256.c hardening-patch-4.4.0-0.4.2/ext/standard/sha256.c --- php-4.4.0/ext/standard/sha256.c 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/standard/sha256.c 2005-09-07 14:19:05.000000000 +0200 @@ -0,0 +1,398 @@ +/* + +----------------------------------------------------------------------+ + | PHP Version 5 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2004 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.0 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_0.txt. | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Stefan Esser | + +----------------------------------------------------------------------+ +*/ + +/* $Id: sha256.c,v 1.9 2004/01/08 08:17:34 andi Exp $ */ + +#include +#include "php.h" + +/* This code is heavily based on the PHP md5/sha1 implementations */ + +#include "sha256.h" + +PHPAPI void make_sha256_digest(char *sha256str, unsigned char *digest) +{ + int i; + + for (i = 0; i < 32; i++) { + sprintf(sha256str, "%02x", digest[i]); + sha256str += 2; + } + + *sha256str = '\0'; +} + +/* {{{ proto string sha256(string str [, bool raw_output]) + Calculate the sha256 hash of a string */ +PHP_FUNCTION(sha256) +{ + char *arg; + int arg_len; + zend_bool raw_output = 0; + char sha256str[65]; + PHP_SHA256_CTX context; + unsigned char digest[32]; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &arg, &arg_len, &raw_output) == FAILURE) { + return; + } + + sha256str[0] = '\0'; + PHP_SHA256Init(&context); + PHP_SHA256Update(&context, arg, arg_len); + PHP_SHA256Final(digest, &context); + if (raw_output) { + RETURN_STRINGL(digest, 32, 1); + } else { + make_sha256_digest(sha256str, digest); + RETVAL_STRING(sha256str, 1); + } + +} + +/* }}} */ + +/* {{{ proto string sha256_file(string filename [, bool raw_output]) + Calculate the sha256 hash of given filename */ +PHP_FUNCTION(sha256_file) +{ + char *arg; + int arg_len; + zend_bool raw_output = 0; + char sha256str[65]; + unsigned char buf[1024]; + unsigned char digest[32]; + PHP_SHA256_CTX context; + int n; + FILE *fp; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &arg, &arg_len, &raw_output) == FAILURE) { + return; + } + + if (PG(safe_mode) && (!php_checkuid(arg, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } + + if (php_check_open_basedir(arg TSRMLS_CC)) { + RETURN_FALSE; + } + + if ((fp = VCWD_FOPEN(arg, "rb")) == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open file"); + RETURN_FALSE; + } + + PHP_SHA256Init(&context); + + while ((n = fread(buf, 1, sizeof(buf), fp)) > 0) { + PHP_SHA256Update(&context, buf, n); + } + + PHP_SHA256Final(digest, &context); + + if (ferror(fp)) { + fclose(fp); + RETURN_FALSE; + } + + fclose(fp); + + if (raw_output) { + RETURN_STRINGL(digest, 32, 1); + } else { + make_sha256_digest(sha256str, digest); + RETVAL_STRING(sha256str, 1); + } +} +/* }}} */ + + +static void SHA256Transform(php_uint32[8], const unsigned char[64]); +static void SHA256Encode(unsigned char *, php_uint32 *, unsigned int); +static void SHA256Decode(php_uint32 *, const unsigned char *, unsigned int); + +static unsigned char PADDING[64] = +{ + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* F, G, H and I are basic SHA256 functions. + */ +#define F(x) (ROTATE_RIGHT(x,2) ^ ROTATE_RIGHT(x,13) ^ ROTATE_RIGHT(x,22)) +#define G(x, y, z) (((x) & (y)) | ((z) & ((y) | (x)))) +#define H(x) (ROTATE_RIGHT(x,6) ^ ROTATE_RIGHT(x,11) ^ ROTATE_RIGHT(x,25)) +#define I(x, y, z) (((x) & (y)) | ((~x) & z)) + +/* ROTATE_RIGHT rotates x right n bits. + */ +#define ROTATE_RIGHT(x, n) (((x) >> (n)) | ((x) << (32-(n)))) + +/* W[i] + */ +#define W(i) ( tmp1=ROTATE_RIGHT(x[(i-15)&15],7)^ROTATE_RIGHT(x[(i-15)&15],18)^(x[(i-15)&15] >> 3), \ + tmp2=ROTATE_RIGHT(x[(i-2)&15],17)^ROTATE_RIGHT(x[(i-2)&15],19)^(x[(i-2)&15] >> 10), \ + (x[i&15]=x[i&15] + tmp1 + x[(i-7)&15] + tmp2) ) + +/* ROUND function of sha256 + */ + +#define ROUND(a,b,c,d,e,f,g,h,w,k) { \ + t1 = (h) + H((e)) + I((e), (f), (g)) + (k) + (php_uint32)(w); \ + (h) = F((a)) + G((a), (b), (c)) + t1; \ + (d) += t1; \ + } + + +/* {{{ PHP_SHA256Init + * SHA256 initialization. Begins an SHA256 operation, writing a new context. + */ +PHPAPI void PHP_SHA256Init(PHP_SHA256_CTX * context) +{ + context->count[0] = context->count[1] = 0; + /* Load magic initialization constants. + */ + context->state[0] = 0x6a09e667; + context->state[1] = 0xbb67ae85; + context->state[2] = 0x3c6ef372; + context->state[3] = 0xa54ff53a; + context->state[4] = 0x510e527f; + context->state[5] = 0x9b05688c; + context->state[6] = 0x1f83d9ab; + context->state[7] = 0x5be0cd19; +} +/* }}} */ + +/* {{{ PHP_SHA256Update + SHA256 block update operation. Continues an SHA256 message-digest + operation, processing another message block, and updating the + context. + */ +PHPAPI void PHP_SHA256Update(PHP_SHA256_CTX * context, const unsigned char *input, + unsigned int inputLen) +{ + unsigned int i, index, partLen; + + /* Compute number of bytes mod 64 */ + index = (unsigned int) ((context->count[0] >> 3) & 0x3F); + + /* Update number of bits */ + if ((context->count[0] += ((php_uint32) inputLen << 3)) + < ((php_uint32) inputLen << 3)) + context->count[1]++; + context->count[1] += ((php_uint32) inputLen >> 29); + + partLen = 64 - index; + + /* Transform as many times as possible. + */ + if (inputLen >= partLen) { + memcpy + ((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen); + SHA256Transform(context->state, context->buffer); + + for (i = partLen; i + 63 < inputLen; i += 64) + SHA256Transform(context->state, &input[i]); + + index = 0; + } else + i = 0; + + /* Buffer remaining input */ + memcpy + ((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], + inputLen - i); +} +/* }}} */ + +/* {{{ PHP_SHA256Final + SHA256 finalization. Ends an SHA256 message-digest operation, writing the + the message digest and zeroizing the context. + */ +PHPAPI void PHP_SHA256Final(unsigned char digest[32], PHP_SHA256_CTX * context) +{ + unsigned char bits[8]; + unsigned int index, padLen; + + /* Save number of bits */ + bits[7] = context->count[0] & 0xFF; + bits[6] = (context->count[0] >> 8) & 0xFF; + bits[5] = (context->count[0] >> 16) & 0xFF; + bits[4] = (context->count[0] >> 24) & 0xFF; + bits[3] = context->count[1] & 0xFF; + bits[2] = (context->count[1] >> 8) & 0xFF; + bits[1] = (context->count[1] >> 16) & 0xFF; + bits[0] = (context->count[1] >> 24) & 0xFF; + + /* Pad out to 56 mod 64. + */ + index = (unsigned int) ((context->count[0] >> 3) & 0x3f); + padLen = (index < 56) ? (56 - index) : (120 - index); + PHP_SHA256Update(context, PADDING, padLen); + + /* Append length (before padding) */ + PHP_SHA256Update(context, bits, 8); + + /* Store state in digest */ + SHA256Encode(digest, context->state, 32); + + /* Zeroize sensitive information. + */ + memset((unsigned char*) context, 0, sizeof(*context)); +} +/* }}} */ + +/* {{{ SHA256Transform + * SHA256 basic transformation. Transforms state based on block. + */ +static void SHA256Transform(state, block) +php_uint32 state[8]; +const unsigned char block[64]; +{ + php_uint32 a = state[0], b = state[1], c = state[2]; + php_uint32 d = state[3], e = state[4], f = state[5]; + php_uint32 g = state[6], h = state[7], x[16], tmp1, tmp2, t1; + + SHA256Decode(x, block, 64); + + ROUND(a, b, c, d, e, f, g, h, x[0], 0x428a2f98) + ROUND(h, a, b, c, d, e, f, g, x[1], 0x71374491) + ROUND(g, h, a, b, c, d, e, f, x[2], 0xb5c0fbcf) + ROUND(f, g, h, a, b, c, d, e, x[3], 0xe9b5dba5) + ROUND(e, f, g, h, a, b, c, d, x[4], 0x3956c25b) + ROUND(d, e, f, g, h, a, b, c, x[5], 0x59f111f1) + ROUND(c, d, e, f, g, h, a, b, x[6], 0x923f82a4) + ROUND(b, c, d, e, f, g, h, a, x[7], 0xab1c5ed5) + ROUND(a, b, c, d, e, f, g, h, x[8], 0xd807aa98) + ROUND(h, a, b, c, d, e, f, g, x[9], 0x12835b01) + ROUND(g, h, a, b, c, d, e, f, x[10], 0x243185be) + ROUND(f, g, h, a, b, c, d, e, x[11], 0x550c7dc3) + ROUND(e, f, g, h, a, b, c, d, x[12], 0x72be5d74) + ROUND(d, e, f, g, h, a, b, c, x[13], 0x80deb1fe) + ROUND(c, d, e, f, g, h, a, b, x[14], 0x9bdc06a7) + ROUND(b, c, d, e, f, g, h, a, x[15], 0xc19bf174) + ROUND(a, b, c, d, e, f, g, h, W(16), 0xe49b69c1) + ROUND(h, a, b, c, d, e, f, g, W(17), 0xefbe4786) + ROUND(g, h, a, b, c, d, e, f, W(18), 0x0fc19dc6) + ROUND(f, g, h, a, b, c, d, e, W(19), 0x240ca1cc) + ROUND(e, f, g, h, a, b, c, d, W(20), 0x2de92c6f) + ROUND(d, e, f, g, h, a, b, c, W(21), 0x4a7484aa) + ROUND(c, d, e, f, g, h, a, b, W(22), 0x5cb0a9dc) + ROUND(b, c, d, e, f, g, h, a, W(23), 0x76f988da) + ROUND(a, b, c, d, e, f, g, h, W(24), 0x983e5152) + ROUND(h, a, b, c, d, e, f, g, W(25), 0xa831c66d) + ROUND(g, h, a, b, c, d, e, f, W(26), 0xb00327c8) + ROUND(f, g, h, a, b, c, d, e, W(27), 0xbf597fc7) + ROUND(e, f, g, h, a, b, c, d, W(28), 0xc6e00bf3) + ROUND(d, e, f, g, h, a, b, c, W(29), 0xd5a79147) + ROUND(c, d, e, f, g, h, a, b, W(30), 0x06ca6351) + ROUND(b, c, d, e, f, g, h, a, W(31), 0x14292967) + ROUND(a, b, c, d, e, f, g, h, W(32), 0x27b70a85) + ROUND(h, a, b, c, d, e, f, g, W(33), 0x2e1b2138) + ROUND(g, h, a, b, c, d, e, f, W(34), 0x4d2c6dfc) + ROUND(f, g, h, a, b, c, d, e, W(35), 0x53380d13) + ROUND(e, f, g, h, a, b, c, d, W(36), 0x650a7354) + ROUND(d, e, f, g, h, a, b, c, W(37), 0x766a0abb) + ROUND(c, d, e, f, g, h, a, b, W(38), 0x81c2c92e) + ROUND(b, c, d, e, f, g, h, a, W(39), 0x92722c85) + ROUND(a, b, c, d, e, f, g, h, W(40), 0xa2bfe8a1) + ROUND(h, a, b, c, d, e, f, g, W(41), 0xa81a664b) + ROUND(g, h, a, b, c, d, e, f, W(42), 0xc24b8b70) + ROUND(f, g, h, a, b, c, d, e, W(43), 0xc76c51a3) + ROUND(e, f, g, h, a, b, c, d, W(44), 0xd192e819) + ROUND(d, e, f, g, h, a, b, c, W(45), 0xd6990624) + ROUND(c, d, e, f, g, h, a, b, W(46), 0xf40e3585) + ROUND(b, c, d, e, f, g, h, a, W(47), 0x106aa070) + ROUND(a, b, c, d, e, f, g, h, W(48), 0x19a4c116) + ROUND(h, a, b, c, d, e, f, g, W(49), 0x1e376c08) + ROUND(g, h, a, b, c, d, e, f, W(50), 0x2748774c) + ROUND(f, g, h, a, b, c, d, e, W(51), 0x34b0bcb5) + ROUND(e, f, g, h, a, b, c, d, W(52), 0x391c0cb3) + ROUND(d, e, f, g, h, a, b, c, W(53), 0x4ed8aa4a) + ROUND(c, d, e, f, g, h, a, b, W(54), 0x5b9cca4f) + ROUND(b, c, d, e, f, g, h, a, W(55), 0x682e6ff3) + ROUND(a, b, c, d, e, f, g, h, W(56), 0x748f82ee) + ROUND(h, a, b, c, d, e, f, g, W(57), 0x78a5636f) + ROUND(g, h, a, b, c, d, e, f, W(58), 0x84c87814) + ROUND(f, g, h, a, b, c, d, e, W(59), 0x8cc70208) + ROUND(e, f, g, h, a, b, c, d, W(60), 0x90befffa) + ROUND(d, e, f, g, h, a, b, c, W(61), 0xa4506ceb) + ROUND(c, d, e, f, g, h, a, b, W(62), 0xbef9a3f7) + ROUND(b, c, d, e, f, g, h, a, W(63), 0xc67178f2) + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Zeroize sensitive information. */ + memset((unsigned char*) x, 0, sizeof(x)); +} +/* }}} */ + +/* {{{ SHA256Encode + Encodes input (php_uint32) into output (unsigned char). Assumes len is + a multiple of 4. + */ +static void SHA256Encode(output, input, len) +unsigned char *output; +php_uint32 *input; +unsigned int len; +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) { + output[j] = (unsigned char) ((input[i] >> 24) & 0xff); + output[j + 1] = (unsigned char) ((input[i] >> 16) & 0xff); + output[j + 2] = (unsigned char) ((input[i] >> 8) & 0xff); + output[j + 3] = (unsigned char) (input[i] & 0xff); + } +} +/* }}} */ + +/* {{{ SHA256Decode + Decodes input (unsigned char) into output (php_uint32). Assumes len is + a multiple of 4. + */ +static void SHA256Decode(output, input, len) +php_uint32 *output; +const unsigned char *input; +unsigned int len; +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) + output[i] = ((php_uint32) input[j + 3]) | (((php_uint32) input[j + 2]) << 8) | + (((php_uint32) input[j + 1]) << 16) | (((php_uint32) input[j]) << 24); +} +/* }}} */ + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + * vim600: sw=4 ts=4 fdm=marker + * vim<600: sw=4 ts=4 + */ diff -Nura php-4.4.0/ext/standard/sha256.h hardening-patch-4.4.0-0.4.2/ext/standard/sha256.h --- php-4.4.0/ext/standard/sha256.h 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/standard/sha256.h 2005-09-07 14:19:05.000000000 +0200 @@ -0,0 +1,40 @@ +/* + +----------------------------------------------------------------------+ + | PHP Version 5 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2004 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.0 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_0.txt. | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Stefan Esser | + +----------------------------------------------------------------------+ +*/ + +/* $Id: sha256.h,v 1.4 2004/01/08 17:32:52 sniper Exp $ */ + +#ifndef SHA256_H +#define SHA256_H + +#include "ext/standard/basic_functions.h" + +/* SHA1 context. */ +typedef struct { + php_uint32 state[8]; /* state (ABCD) */ + php_uint32 count[2]; /* number of bits, modulo 2^64 (lsb first) */ + unsigned char buffer[64]; /* input buffer */ +} PHP_SHA256_CTX; + +PHPAPI void PHP_SHA256Init(PHP_SHA256_CTX *); +PHPAPI void PHP_SHA256Update(PHP_SHA256_CTX *, const unsigned char *, unsigned int); +PHPAPI void PHP_SHA256Final(unsigned char[32], PHP_SHA256_CTX *); + +PHP_FUNCTION(sha256); +PHP_FUNCTION(sha256_file); + +#endif diff -Nura php-4.4.0/ext/standard/syslog.c hardening-patch-4.4.0-0.4.2/ext/standard/syslog.c --- php-4.4.0/ext/standard/syslog.c 2004-07-30 16:38:29.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/ext/standard/syslog.c 2005-09-07 18:40:29.091947648 +0200 @@ -42,6 +42,8 @@ */ PHP_MINIT_FUNCTION(syslog) { + +#if !HARDENING_PATCH /* error levels */ REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ @@ -97,7 +99,7 @@ /* AIX doesn't have LOG_PERROR */ REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ #endif - +#endif return SUCCESS; } /* }}} */ diff -Nura php-4.4.0/ext/varfilter/config.m4 hardening-patch-4.4.0-0.4.2/ext/varfilter/config.m4 --- php-4.4.0/ext/varfilter/config.m4 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/varfilter/config.m4 2005-09-07 18:40:29.092947496 +0200 @@ -0,0 +1,11 @@ +dnl +dnl $Id: config.m4,v 1.1 2004/11/14 13:27:16 ionic Exp $ +dnl + +PHP_ARG_ENABLE(varfilter, whether to enable Hardening-Patch's variable filter, +[ --disable-varfilter Disable Hardening-Patch's variable filter], yes) + +if test "$PHP_VARFILTER" != "no"; then + AC_DEFINE(HAVE_VARFILTER, 1, [ ]) + PHP_NEW_EXTENSION(varfilter, varfilter.c, $ext_shared) +fi diff -Nura php-4.4.0/ext/varfilter/CREDITS hardening-patch-4.4.0-0.4.2/ext/varfilter/CREDITS --- php-4.4.0/ext/varfilter/CREDITS 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/varfilter/CREDITS 2005-09-07 18:40:29.092947496 +0200 @@ -0,0 +1,2 @@ +varfilter +Stefan Esser \ Kein Zeilenumbruch am Dateiende. diff -Nura php-4.4.0/ext/varfilter/php_varfilter.h hardening-patch-4.4.0-0.4.2/ext/varfilter/php_varfilter.h --- php-4.4.0/ext/varfilter/php_varfilter.h 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/varfilter/php_varfilter.h 2005-09-07 18:40:29.092947496 +0200 @@ -0,0 +1,111 @@ +/* + +----------------------------------------------------------------------+ + | Hardened-PHP Project's varfilter extension | + +----------------------------------------------------------------------+ + | Copyright (c) 2004-2005 Stefan Esser | + +----------------------------------------------------------------------+ + | This source file is subject to version 2.02 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available at through the world-wide-web at | + | http://www.php.net/license/2_02.txt. | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Stefan Esser | + +----------------------------------------------------------------------+ + + $Id: php_varfilter.h,v 1.1 2004/11/14 13:27:16 ionic Exp $ +*/ + +#ifndef PHP_VARFILTER_H +#define PHP_VARFILTER_H + +extern zend_module_entry varfilter_module_entry; +#define phpext_varfilter_ptr &varfilter_module_entry + +#ifdef PHP_WIN32 +#define PHP_VARFILTER_API __declspec(dllexport) +#else +#define PHP_VARFILTER_API +#endif + +#ifdef ZTS +#include "TSRM.h" +#endif + +#include "SAPI.h" + +#include "php_variables.h" + + +PHP_MINIT_FUNCTION(varfilter); +PHP_MSHUTDOWN_FUNCTION(varfilter); +PHP_RINIT_FUNCTION(varfilter); +PHP_RSHUTDOWN_FUNCTION(varfilter); +PHP_MINFO_FUNCTION(varfilter); + + +ZEND_BEGIN_MODULE_GLOBALS(varfilter) +/* request variables */ + long max_request_variables; + long cur_request_variables; + long max_varname_length; + long max_totalname_length; + long max_value_length; + long max_array_depth; + long max_array_index_length; +/* cookie variables */ + long max_cookie_vars; + long cur_cookie_vars; + long max_cookie_name_length; + long max_cookie_totalname_length; + long max_cookie_value_length; + long max_cookie_array_depth; + long max_cookie_array_index_length; +/* get variables */ + long max_get_vars; + long cur_get_vars; + long max_get_name_length; + long max_get_totalname_length; + long max_get_value_length; + long max_get_array_depth; + long max_get_array_index_length; +/* post variables */ + long max_post_vars; + long cur_post_vars; + long max_post_name_length; + long max_post_totalname_length; + long max_post_value_length; + long max_post_array_depth; + long max_post_array_index_length; +/* fileupload */ + long max_uploads; + long cur_uploads; + zend_bool disallow_elf_files; + char *verification_script; + +ZEND_END_MODULE_GLOBALS(varfilter) + + +#ifdef ZTS +#define VARFILTER_G(v) TSRMG(varfilter_globals_id, zend_varfilter_globals *, v) +#else +#define VARFILTER_G(v) (varfilter_globals.v) +#endif + +SAPI_INPUT_FILTER_FUNC(varfilter_input_filter); +SAPI_PRE_UPLOAD_FILTER_FUNC(varfilter_pre_upload_filter); +SAPI_UPLOAD_CONTENT_FILTER_FUNC(varfilter_upload_content_filter); +SAPI_POST_UPLOAD_FILTER_FUNC(varfilter_post_upload_filter); + +#endif /* PHP_VARFILTER_H */ + + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * indent-tabs-mode: t + * End: + */ diff -Nura php-4.4.0/ext/varfilter/varfilter.c hardening-patch-4.4.0-0.4.2/ext/varfilter/varfilter.c --- php-4.4.0/ext/varfilter/varfilter.c 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/ext/varfilter/varfilter.c 2005-09-07 18:47:32.454586744 +0200 @@ -0,0 +1,602 @@ +/* + +----------------------------------------------------------------------+ + | Hardened-PHP Project's varfilter extension | + +----------------------------------------------------------------------+ + | Copyright (c) 2004-2005 Stefan Esser | + +----------------------------------------------------------------------+ + | This source file is subject to version 2.02 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available at through the world-wide-web at | + | http://www.php.net/license/2_02.txt. | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Stefan Esser | + +----------------------------------------------------------------------+ + + $Id: varfilter.c,v 1.1 2004/11/14 13:27:16 ionic Exp $ +*/ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "php.h" +#include "php_ini.h" +#include "ext/standard/info.h" +#include "php_varfilter.h" +#include "hardening_patch.h" + +ZEND_DECLARE_MODULE_GLOBALS(varfilter) + +/* True global resources - no need for thread safety here */ +static int le_varfilter; + +/* {{{ varfilter_module_entry + */ +zend_module_entry varfilter_module_entry = { +#if ZEND_MODULE_API_NO >= 20010901 + STANDARD_MODULE_HEADER, +#endif + "varfilter", + NULL, + PHP_MINIT(varfilter), + PHP_MSHUTDOWN(varfilter), + PHP_RINIT(varfilter), /* Replace with NULL if there's nothing to do at request start */ + PHP_RSHUTDOWN(varfilter), /* Replace with NULL if there's nothing to do at request end */ + PHP_MINFO(varfilter), +#if ZEND_MODULE_API_NO >= 20010901 + "0.3.2", /* Replace with version number for your extension */ +#endif + STANDARD_MODULE_PROPERTIES +}; +/* }}} */ + +#ifdef COMPILE_DL_VARFILTER +ZEND_GET_MODULE(varfilter) +#endif + +/* {{{ PHP_INI + */ +PHP_INI_BEGIN() + /* for backward compatibility */ + STD_PHP_INI_ENTRY("varfilter.max_request_variables", "200", PHP_INI_PERDIR, OnUpdateLong, max_request_variables, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("varfilter.max_varname_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_varname_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("varfilter.max_value_length", "65000", PHP_INI_PERDIR, OnUpdateLong, max_value_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("varfilter.max_array_depth", "100", PHP_INI_PERDIR, OnUpdateLong, max_array_depth, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("varfilter.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_totalname_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("varfilter.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_array_index_length, zend_varfilter_globals, varfilter_globals) + + STD_PHP_INI_ENTRY("hphp.request.max_vars", "200", PHP_INI_PERDIR, OnUpdateLong, max_request_variables, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.request.max_varname_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_varname_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.request.max_value_length", "65000", PHP_INI_PERDIR, OnUpdateLong, max_value_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.request.max_array_depth", "100", PHP_INI_PERDIR, OnUpdateLong, max_array_depth, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.request.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_totalname_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.request.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_array_index_length, zend_varfilter_globals, varfilter_globals) + + STD_PHP_INI_ENTRY("hphp.cookie.max_vars", "100", PHP_INI_PERDIR, OnUpdateLong, max_cookie_vars, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.cookie.max_name_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_cookie_name_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.cookie.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_cookie_totalname_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.cookie.max_value_length", "10000", PHP_INI_PERDIR, OnUpdateLong, max_cookie_value_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.cookie.max_array_depth", "100", PHP_INI_PERDIR, OnUpdateLong, max_cookie_array_depth, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.cookie.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_cookie_array_index_length, zend_varfilter_globals, varfilter_globals) + + STD_PHP_INI_ENTRY("hphp.get.max_vars", "100", PHP_INI_PERDIR, OnUpdateLong, max_get_vars, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.get.max_name_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_get_name_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.get.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_get_totalname_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.get.max_value_length", "512", PHP_INI_PERDIR, OnUpdateLong, max_get_value_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.get.max_array_depth", "50", PHP_INI_PERDIR, OnUpdateLong, max_get_array_depth, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.get.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_get_array_index_length, zend_varfilter_globals, varfilter_globals) + + STD_PHP_INI_ENTRY("hphp.post.max_vars", "200", PHP_INI_PERDIR, OnUpdateLong, max_post_vars, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.post.max_name_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_post_name_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.post.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_post_totalname_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.post.max_value_length", "65000", PHP_INI_PERDIR, OnUpdateLong, max_post_value_length, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.post.max_array_depth", "100", PHP_INI_PERDIR, OnUpdateLong, max_post_array_depth, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.post.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_post_array_index_length, zend_varfilter_globals, varfilter_globals) + + STD_PHP_INI_ENTRY("hphp.upload.max_uploads", "25", PHP_INI_PERDIR, OnUpdateLong, max_uploads, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.upload.disallow_elf_files", "1", PHP_INI_SYSTEM, OnUpdateBool, disallow_elf_files, zend_varfilter_globals, varfilter_globals) + STD_PHP_INI_ENTRY("hphp.upload.verification_script", NULL, PHP_INI_SYSTEM, OnUpdateString, verification_script, zend_varfilter_globals, varfilter_globals) + + +PHP_INI_END() +/* }}} */ + +/* {{{ php_varfilter_init_globals + */ +static void php_varfilter_init_globals(zend_varfilter_globals *varfilter_globals) +{ + varfilter_globals->max_request_variables = 200; + varfilter_globals->max_varname_length = 64; + varfilter_globals->max_value_length = 10000; + varfilter_globals->max_array_depth = 100; + varfilter_globals->max_totalname_length = 256; + varfilter_globals->max_array_index_length = 64; + + varfilter_globals->max_cookie_vars = 100; + varfilter_globals->max_cookie_name_length = 64; + varfilter_globals->max_cookie_totalname_length = 256; + varfilter_globals->max_cookie_value_length = 10000; + varfilter_globals->max_cookie_array_depth = 100; + varfilter_globals->max_cookie_array_index_length = 64; + + varfilter_globals->max_get_vars = 100; + varfilter_globals->max_get_name_length = 64; + varfilter_globals->max_get_totalname_length = 256; + varfilter_globals->max_get_value_length = 512; + varfilter_globals->max_get_array_depth = 50; + varfilter_globals->max_get_array_index_length = 64; + + varfilter_globals->max_post_vars = 200; + varfilter_globals->max_post_name_length = 64; + varfilter_globals->max_post_totalname_length = 256; + varfilter_globals->max_post_value_length = 65000; + varfilter_globals->max_post_array_depth = 100; + varfilter_globals->max_post_array_index_length = 64; + + varfilter_globals->max_uploads = 25; + varfilter_globals->disallow_elf_files = 1; + varfilter_globals->verification_script = NULL; +} +/* }}} */ + +/* {{{ PHP_MINIT_FUNCTION + */ +PHP_MINIT_FUNCTION(varfilter) +{ + ZEND_INIT_MODULE_GLOBALS(varfilter, php_varfilter_init_globals, NULL); + REGISTER_INI_ENTRIES(); + + sapi_register_input_filter(varfilter_input_filter); + sapi_register_pre_upload_filter(varfilter_pre_upload_filter); + sapi_register_upload_content_filter(varfilter_upload_content_filter); + sapi_register_post_upload_filter(varfilter_post_upload_filter); + + return SUCCESS; +} +/* }}} */ + +/* {{{ PHP_MSHUTDOWN_FUNCTION + */ +PHP_MSHUTDOWN_FUNCTION(varfilter) +{ + UNREGISTER_INI_ENTRIES(); + + return SUCCESS; +} +/* }}} */ + +/* Remove if there's nothing to do at request start */ +/* {{{ PHP_RINIT_FUNCTION + */ +PHP_RINIT_FUNCTION(varfilter) +{ + VARFILTER_G(cur_request_variables) = 0; + VARFILTER_G(cur_get_vars) = 0; + VARFILTER_G(cur_post_vars) = 0; + VARFILTER_G(cur_cookie_vars) = 0; + + VARFILTER_G(cur_uploads) = 0; + + return SUCCESS; +} +/* }}} */ + +/* Remove if there's nothing to do at request end */ +/* {{{ PHP_RSHUTDOWN_FUNCTION + */ +PHP_RSHUTDOWN_FUNCTION(varfilter) +{ + return SUCCESS; +} +/* }}} */ + +/* {{{ PHP_MINFO_FUNCTION + */ +PHP_MINFO_FUNCTION(varfilter) +{ + php_info_print_table_start(); + php_info_print_table_header(2, "Hardening-Patch's variable filter support", "enabled"); + php_info_print_table_end(); + + DISPLAY_INI_ENTRIES(); +} +/* }}} */ + +/* {{{ normalize_varname + */ +static void normalize_varname(char *varname) +{ + char *s=varname, *index=NULL, *indexend=NULL, *p; + + /* overjump leading space */ + while (*s == ' ') { + s++; + } + + /* and remove it */ + if (s != varname) { + memmove(varname, s, strlen(s)+1); + } + + for (p=varname; *p && *p != '['; p++) { + switch(*p) { + case ' ': + case '.': + *p='_'; + break; + } + } + + /* find index */ + index = strchr(varname, '['); + if (index) { + index++; + s=index; + } else { + return; + } + + /* done? */ + while (index) { + + while (*index == ' ' || *index == '\r' || *index == '\n' || *index=='\t') { + index++; + } + indexend = strchr(index, ']'); + indexend = indexend ? indexend + 1 : index + strlen(index); + + if (s != index) { + memmove(s, index, strlen(index)+1); + s += indexend-index; + } else { + s = indexend; + } + + if (*s == '[') { + s++; + index = s; + } else { + index = NULL; + } + } + *s++='\0'; +} +/* }}} */ + +/* {{{ SAPI_PRE_UPLOAD_FILTER_FUNC + */ +SAPI_PRE_UPLOAD_FILTER_FUNC(varfilter_pre_upload_filter) +{ + /* Drop this fileupload if the limit is reached */ + if (VARFILTER_G(max_uploads) && VARFILTER_G(max_uploads) <= VARFILTER_G(cur_uploads)) { + php_security_log(S_FILES, "configured fileupload limit exceeded - file dropped"); + return FAILURE; + } + + return SUCCESS; +} +/* }}} */ + +/* {{{ SAPI_UPLOAD_CONTENT_FILTER_FUNC + */ +SAPI_UPLOAD_CONTENT_FILTER_FUNC(varfilter_upload_content_filter) +{ + + if (VARFILTER_G(disallow_elf_files)) { + + if (offset == 0 && buffer_len > 10) { + + if (buffer[0] == 0x7F && buffer[1] == 'E' && buffer[2] == 'L' && buffer[3] == 'F') { + php_security_log(S_FILES, "uploaded file is an ELF executable - file dropped"); + return FAILURE; + } + } + + } + + return SUCCESS; +} +/* }}} */ + +/* {{{ SAPI_POST_UPLOAD_FILTER_FUNC + */ +SAPI_POST_UPLOAD_FILTER_FUNC(varfilter_post_upload_filter) +{ + int retval = SUCCESS; + + if (VARFILTER_G(verification_script)) { + char cmd[8192]; + FILE *in; + int first=1; + + ap_php_snprintf(cmd, sizeof(cmd), "%s %s", VARFILTER_G(verification_script), tmpfilename); + + if ((in=VCWD_POPEN(cmd, "r"))==NULL) { + php_security_log(S_FILES, "unable to execute fileupload verification script %s - file dropped", VARFILTER_G(verification_script)); + return FAILURE; + } + + retval = FAILURE; + + /* read and forget the result */ + while (1) { + int readbytes = fread(cmd, 1, sizeof(cmd), in); + if (readbytes<=0) { + break; + } + if (first) { + retval = atoi(cmd) == 1 ? SUCCESS : FAILURE; + first = 0; + } + } + pclose(in); + } + + if (retval != SUCCESS) { + php_security_log(S_FILES, "fileupload verification script disallows file - file dropped"); + return FAILURE; + } + + VARFILTER_G(cur_uploads)++; + return SUCCESS; +} +/* }}} */ + +/* {{{ SAPI_INPUT_FILTER_FUNC + */ +SAPI_INPUT_FILTER_FUNC(varfilter_input_filter) +{ + char *index, *prev_index = NULL, *copy_var; + unsigned int var_len, total_len, depth = 0, rv; + + /* Drop this variable if the limit is reached */ + if (VARFILTER_G(max_request_variables) && VARFILTER_G(max_request_variables) <= VARFILTER_G(cur_request_variables)) { + php_security_log(S_VARS, "configured request variable limit exceeded - dropped %s", var); + return 0; + } + switch (arg) { + case PARSE_GET: + if (VARFILTER_G(max_get_vars) && VARFILTER_G(max_get_vars) <= VARFILTER_G(cur_get_vars)) { + php_security_log(S_VARS, "configured GET variable limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_COOKIE: + if (VARFILTER_G(max_cookie_vars) && VARFILTER_G(max_cookie_vars) <= VARFILTER_G(cur_cookie_vars)) { + php_security_log(S_VARS, "configured COOKIE variable limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_POST: + if (VARFILTER_G(max_post_vars) && VARFILTER_G(max_post_vars) <= VARFILTER_G(cur_post_vars)) { + php_security_log(S_VARS, "configured POST variable limit exceeded - dropped %s", var); + return 0; + } + break; + } + + + /* Drop this variable if it exceeds the value length limit */ + if (VARFILTER_G(max_value_length) && VARFILTER_G(max_value_length) < val_len) { + php_security_log(S_VARS, "configured request variable value length limit exceeded - dropped %s", var); + return 0; + } + switch (arg) { + case PARSE_GET: + if (VARFILTER_G(max_get_value_length) && VARFILTER_G(max_get_value_length) < val_len) { + php_security_log(S_VARS, "configured GET variable value length limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_COOKIE: + if (VARFILTER_G(max_cookie_value_length) && VARFILTER_G(max_cookie_value_length) < val_len) { + php_security_log(S_VARS, "configured COOKIE variable value length limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_POST: + if (VARFILTER_G(max_post_value_length) && VARFILTER_G(max_post_value_length) < val_len) { + php_security_log(S_VARS, "configured POST variable value length limit exceeded - dropped %s", var); + return 0; + } + break; + } + + /* Normalize the variable name */ + normalize_varname(var); + + /* Find length of variable name */ + index = strchr(var, '['); + total_len = strlen(var); + var_len = index ? index-var : total_len; + + /* Drop this variable if it exceeds the varname/total length limit */ + if (VARFILTER_G(max_varname_length) && VARFILTER_G(max_varname_length) < var_len) { + php_security_log(S_VARS, "configured request variable name length limit exceeded - dropped %s", var); + return 0; + } + if (VARFILTER_G(max_totalname_length) && VARFILTER_G(max_totalname_length) < total_len) { + php_security_log(S_VARS, "configured request variable total name length limit exceeded - dropped %s", var); + return 0; + } + switch (arg) { + case PARSE_GET: + if (VARFILTER_G(max_get_name_length) && VARFILTER_G(max_get_name_length) < var_len) { + php_security_log(S_VARS, "configured GET variable name length limit exceeded - dropped %s", var); + return 0; + } + if (VARFILTER_G(max_get_totalname_length) && VARFILTER_G(max_get_totalname_length) < var_len) { + php_security_log(S_VARS, "configured GET variable total name length limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_COOKIE: + if (VARFILTER_G(max_cookie_name_length) && VARFILTER_G(max_cookie_name_length) < var_len) { + php_security_log(S_VARS, "configured COOKIE variable name length limit exceeded - dropped %s", var); + return 0; + } + if (VARFILTER_G(max_cookie_totalname_length) && VARFILTER_G(max_cookie_totalname_length) < var_len) { + php_security_log(S_VARS, "configured COOKIE variable total name length limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_POST: + if (VARFILTER_G(max_post_name_length) && VARFILTER_G(max_post_name_length) < var_len) { + php_security_log(S_VARS, "configured POST variable name length limit exceeded - dropped %s", var); + return 0; + } + if (VARFILTER_G(max_post_totalname_length) && VARFILTER_G(max_post_totalname_length) < var_len) { + php_security_log(S_VARS, "configured POST variable total name length limit exceeded - dropped %s", var); + return 0; + } + break; + } + + /* Find out array depth */ + while (index) { + unsigned int index_length; + + depth++; + index = strchr(index+1, '['); + + if (prev_index) { + index_length = index ? index - 1 - prev_index - 1: strlen(prev_index); + + if (VARFILTER_G(max_array_index_length) && VARFILTER_G(max_array_index_length) < index_length) { + php_security_log(S_VARS, "configured request variable array index length limit exceeded - dropped %s", var); + return 0; + } + switch (arg) { + case PARSE_GET: + if (VARFILTER_G(max_get_array_index_length) && VARFILTER_G(max_get_array_index_length) < index_length) { + php_security_log(S_VARS, "configured GET variable array index length limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_COOKIE: + if (VARFILTER_G(max_cookie_array_index_length) && VARFILTER_G(max_cookie_array_index_length) < index_length) { + php_security_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_POST: + if (VARFILTER_G(max_post_array_index_length) && VARFILTER_G(max_post_array_index_length) < index_length) { + php_security_log(S_VARS, "configured POST variable array index length limit exceeded - dropped %s", var); + return 0; + } + break; + } + prev_index = index; + } + + } + + /* Drop this variable if it exceeds the array depth limit */ + if (VARFILTER_G(max_array_depth) && VARFILTER_G(max_array_depth) < depth) { + php_security_log(S_VARS, "configured request variable array depth limit exceeded - dropped %s", var); + return 0; + } + switch (arg) { + case PARSE_GET: + if (VARFILTER_G(max_get_array_depth) && VARFILTER_G(max_get_array_depth) < depth) { + php_security_log(S_VARS, "configured GET variable array depth limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_COOKIE: + if (VARFILTER_G(max_cookie_array_depth) && VARFILTER_G(max_cookie_array_depth) < depth) { + php_security_log(S_VARS, "configured COOKIE variable array depth limit exceeded - dropped %s", var); + return 0; + } + break; + case PARSE_POST: + if (VARFILTER_G(max_post_array_depth) && VARFILTER_G(max_post_array_depth) < depth) { + php_security_log(S_VARS, "configured POST variable array depth limit exceeded - dropped %s", var); + return 0; + } + break; + } + + /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */ + /* This is to protect several silly scripts that do globalizing themself */ + + switch (var_len) { + case 18: + if (memcmp(var, "HTTP_RAW_POST_DATA", 18)==0) goto protected_varname; + break; + case 17: + if (memcmp(var, "HTTP_SESSION_VARS", 17)==0) goto protected_varname; + break; + case 16: + if (memcmp(var, "HTTP_SERVER_VARS", 16)==0) goto protected_varname; + if (memcmp(var, "HTTP_COOKIE_VARS", 16)==0) goto protected_varname; + break; + case 15: + if (memcmp(var, "HTTP_POST_FILES", 15)==0) goto protected_varname; + break; + case 14: + if (memcmp(var, "HTTP_POST_VARS", 14)==0) goto protected_varname; + break; + case 13: + if (memcmp(var, "HTTP_GET_VARS", 13)==0) goto protected_varname; + if (memcmp(var, "HTTP_ENV_VARS", 13)==0) goto protected_varname; + break; + case 8: + if (memcmp(var, "_SESSION", 8)==0) goto protected_varname; + if (memcmp(var, "_REQUEST", 8)==0) goto protected_varname; + break; + case 7: + if (memcmp(var, "GLOBALS", 7)==0) goto protected_varname; + if (memcmp(var, "_COOKIE", 7)==0) goto protected_varname; + if (memcmp(var, "_SERVER", 7)==0) goto protected_varname; + break; + case 6: + if (memcmp(var, "_FILES", 6)==0) goto protected_varname; + break; + case 5: + if (memcmp(var, "_POST", 5)==0) goto protected_varname; + break; + case 4: + if (memcmp(var, "_ENV", 4)==0) goto protected_varname; + if (memcmp(var, "_GET", 4)==0) goto protected_varname; + break; + } + + /* Okay let PHP register this variable */ + VARFILTER_G(cur_request_variables)++; + switch (arg) { + case PARSE_GET: + VARFILTER_G(cur_get_vars)++; + break; + case PARSE_COOKIE: + VARFILTER_G(cur_cookie_vars)++; + break; + case PARSE_POST: + VARFILTER_G(cur_post_vars)++; + break; + } + + if (new_val_len) { + *new_val_len = val_len; + } + + return 1; +protected_varname: + php_security_log(S_VARS, "tried to register forbidden variable '%s' through %s variables", var, arg == PARSE_GET ? "GET" : arg == PARSE_POST ? "POST" : "COOKIE"); + return 0; +} +/* }}} */ + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + * vim600: noet sw=4 ts=4 fdm=marker + * vim<600: noet sw=4 ts=4 + */ + + diff -Nura php-4.4.0/main/fopen_wrappers.c hardening-patch-4.4.0-0.4.2/main/fopen_wrappers.c --- php-4.4.0/main/fopen_wrappers.c 2005-02-03 00:44:07.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/main/fopen_wrappers.c 2005-09-07 18:40:29.094947192 +0200 @@ -166,6 +166,21 @@ char *pathbuf; char *ptr; char *end; + char path_copy[MAXPATHLEN]; + int path_len; + + /* Special case path ends with a trailing slash */ + path_len = strlen(path); + if (path_len >= MAXPATHLEN) { + errno = EPERM; /* we deny permission to open it */ + return -1; + } + if (path_len > 0 && path[path_len-1] == PHP_DIR_SEPARATOR) { + memcpy(path_copy, path, path_len+1); + while (path_len > 0 && path_copy[path_len-1] == PHP_DIR_SEPARATOR) path_len--; + path_copy[path_len] = '\0'; + path = (const char *)&path_copy; + } pathbuf = estrdup(PG(open_basedir)); diff -Nura php-4.4.0/main/hardened_globals.h hardening-patch-4.4.0-0.4.2/main/hardened_globals.h --- php-4.4.0/main/hardened_globals.h 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/main/hardened_globals.h 2005-09-07 18:40:29.094947192 +0200 @@ -0,0 +1,60 @@ +/* + +----------------------------------------------------------------------+ + | Hardening-Patch for PHP | + +----------------------------------------------------------------------+ + | Copyright (c) 2004-2005 Stefan Esser | + +----------------------------------------------------------------------+ + | This source file is subject to version 2.02 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available at through the world-wide-web at | + | http://www.php.net/license/2_02.txt. | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Stefan Esser | + +----------------------------------------------------------------------+ + */ + +#ifndef HARDENED_GLOBALS_H +#define HARDENED_GLOBALS_H + +typedef struct _hardened_globals hardened_globals_struct; + +#ifdef ZTS +# define HG(v) TSRMG(hardened_globals_id, hardened_globals_struct *, v) +extern int hardened_globals_id; +#else +# define HG(v) (hardened_globals.v) +extern struct _hardened_globals hardened_globals; +#endif + + +struct _hardened_globals { +#if HARDENING_PATCH_MM_PROTECT + unsigned int canary_1; + unsigned int canary_2; +#endif +#if HARDENING_PATCH_LL_PROTECT + unsigned int canary_3; + unsigned int canary_4; + unsigned int ll_canary_inited; +#endif + zend_bool hphp_sql_bailout_on_error; + zend_bool hphp_multiheader; + HashTable *eval_whitelist; + HashTable *eval_blacklist; + HashTable *func_whitelist; + HashTable *func_blacklist; + unsigned int dummy; +}; + + +#endif /* HARDENED_GLOBALS_H */ + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + */ diff -Nura php-4.4.0/main/hardening_patch.c hardening-patch-4.4.0-0.4.2/main/hardening_patch.c --- php-4.4.0/main/hardening_patch.c 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/main/hardening_patch.c 2005-09-07 18:43:50.698298824 +0200 @@ -0,0 +1,323 @@ +/* + +----------------------------------------------------------------------+ + | Hardening Patch for PHP | + +----------------------------------------------------------------------+ + | Copyright (c) 2004-2005 Stefan Esser | + +----------------------------------------------------------------------+ + | This source file is subject to version 2.02 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available at through the world-wide-web at | + | http://www.php.net/license/2_02.txt. | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Stefan Esser | + +----------------------------------------------------------------------+ + */ +/* $Id: hardening_patch.c,v 1.2 2004/11/21 09:38:52 ionic Exp $ */ + +#include "php.h" + +#include +#include + +#if HAVE_UNISTD_H +#include +#endif +#include "SAPI.h" +#include "php_globals.h" + +#if HARDENING_PATCH + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE) +#undef AF_UNIX +#endif + +#if defined(AF_UNIX) +#include +#endif + +#define SYSLOG_PATH "/dev/log" + +#include "snprintf.h" + +#include "hardening_patch.h" + +#ifdef ZTS +#include "hardened_globals.h" +int hardened_globals_id; +#else +struct _hardened_globals hardened_globals; +#endif + +static void hardened_globals_ctor(hardened_globals_struct *hardened_globals TSRMLS_DC) +{ + memset(hardened_globals, 0, sizeof(*hardened_globals)); +} + + +PHPAPI void hardened_startup() +{ +#ifdef ZTS + ts_allocate_id(&hardened_globals_id, sizeof(hardened_globals_struct), (ts_allocate_ctor) hardened_globals_ctor, NULL); +#else + hardened_globals_ctor(&hardened_globals TSRMLS_CC); +#endif +} + +char *loglevel2string(int loglevel) +{ + switch (loglevel) { + case S_FILES: + return "FILES"; + case S_INCLUDE: + return "INCLUDE"; + case S_MEMORY: + return "MEMORY"; + case S_MISC: + return "MISC"; + case S_SQL: + return "SQL"; + case S_EXECUTOR: + return "EXECUTOR"; + case S_VARS: + return "VARS"; + default: + return "UNKNOWN"; + } +} + +PHPAPI void php_security_log(int loglevel, char *fmt, ...) +{ +#if defined(AF_UNIX) + int s, r, i=0; + struct sockaddr_un saun; + char buf[4096+64]; + char error[4096+100]; + char *ip_address; + char *fname; + int lineno; + va_list ap; + TSRMLS_FETCH(); + + if (EG(hphp_log_use_x_forwarded_for)) { + ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC); + if (ip_address == NULL) { + ip_address = "X-FORWARDED-FOR not set"; + } + } else { + ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC); + if (ip_address == NULL) { + ip_address = "REMOTE_ADDR not set"; + } + } + + + va_start(ap, fmt); + ap_php_vsnprintf(error, sizeof(error), fmt, ap); + va_end(ap); + while (error[i]) { + if (error[i] < 32) error[i] = '.'; + i++; + } + + if (zend_is_executing(TSRMLS_C)) { + lineno = zend_get_executed_lineno(TSRMLS_C); + fname = zend_get_executed_filename(TSRMLS_C); + ap_php_snprintf(buf, sizeof(buf), "ALERT - %s (attacker '%s', file '%s', line %u)", error, ip_address, fname, lineno); + } else { + fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC); + if (fname==NULL) { + fname = "unknown"; + } + ap_php_snprintf(buf, sizeof(buf), "ALERT - %s (attacker '%s', file '%s')", error, ip_address, fname); + } + + /* Syslog-Logging disabled? */ + if ((EG(hphp_log_syslog) & loglevel)==0) { + goto log_sapi; + } + + ap_php_snprintf(error, sizeof(error), "<%u>hphp[%u]: %s\n", EG(hphp_log_syslog_facility)|EG(hphp_log_syslog_priority),getpid(),buf); + + s = socket(AF_UNIX, SOCK_DGRAM, 0); + if (s == -1) { + goto log_sapi; + } + + memset(&saun, 0, sizeof(saun)); + saun.sun_family = AF_UNIX; + strcpy(saun.sun_path, SYSLOG_PATH); + /*saun.sun_len = sizeof(saun);*/ + + r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); + if (r) { + close(s); + s = socket(AF_UNIX, SOCK_STREAM, 0); + if (s == -1) { + goto log_sapi; + } + + memset(&saun, 0, sizeof(saun)); + saun.sun_family = AF_UNIX; + strcpy(saun.sun_path, SYSLOG_PATH); + /*saun.sun_len = sizeof(saun);*/ + + r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); + if (r) { + close(s); + goto log_sapi; + } + } + send(s, error, strlen(error), 0); + + close(s); + +log_sapi: + /* SAPI Logging activated? */ + if ((EG(hphp_log_syslog) & loglevel)!=0) { + sapi_module.log_message(buf); + } + +log_script: + /* script logging activaed? */ + if (((EG(hphp_log_script) & loglevel)!=0) && EG(hphp_log_scriptname)!=NULL) { + char cmd[8192], *cmdpos, *bufpos; + FILE *in; + int space; + + ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", EG(hphp_log_scriptname), loglevel2string(loglevel)); + space = sizeof(cmd) - strlen(cmd); + cmdpos = cmd + strlen(cmd); + bufpos = buf; + if (space <= 1) return; + while (space > 2 && *bufpos) { + if (*bufpos == '\'') { + if (space<=5) break; + *cmdpos++ = '\''; + *cmdpos++ = '\\'; + *cmdpos++ = '\''; + *cmdpos++ = '\''; + bufpos++; + space-=4; + } else { + *cmdpos++ = *bufpos++; + space--; + } + } + *cmdpos++ = '\''; + *cmdpos = 0; + + if ((in=VCWD_POPEN(cmd, "r"))==NULL) { + php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", EG(hphp_log_scriptname)); + return; + } + /* read and forget the result */ + while (1) { + int readbytes = fread(cmd, 1, sizeof(cmd), in); + if (readbytes<=0) { + break; + } + } + pclose(in); + } + +#endif +} +#endif + +#if HARDENING_PATCH_MM_PROTECT || HARDENING_PATCH_LL_PROTECT || HARDENING_PATCH_HASH_PROTECT + +/* will be replaced later with more compatible method */ +PHPAPI unsigned int php_canary() +{ + time_t t; + unsigned int canary; + int fd; + + fd = open("/dev/urandom", 0); + if (fd != -1) { + int r = read(fd, &canary, sizeof(canary)); + close(fd); + if (r == sizeof(canary)) { + return (canary); + } + } + /* not good but we never want to do this */ + time(&t); + canary = *(unsigned int *)&t + getpid() << 16; + return (canary); +} +#endif + +#if HARDENING_PATCH_INC_PROTECT + +PHPAPI int php_is_valid_include(zval *z) +{ + char *filename; + int len, i; + TSRMLS_FETCH(); + + /* must be of type string */ + if (z->type != IS_STRING || z->value.str.val == NULL) { + return (0); + } + + /* short cut */ + filename = z->value.str.val; + len = z->value.str.len; + + /* 1. must be shorter than MAXPATHLEN */ + if (len > MAXPATHLEN) { + char *fname = estrndup(filename, len); + for (i=0; i < len; i++) if (fname[i] < 32) fname[i]='.'; + php_security_log(S_INCLUDE, "Include filename ('%s') longer than MAXPATHLEN chars", fname); + efree(fname); + return (0); + } + + /* 2. must not be cutted */ + if (len != strlen(filename)) { + char *fname = estrndup(filename, len); + for (i=0; fname[i]; i++) if (fname[i] < 32) fname[i]='.'; + php_security_log(S_INCLUDE, "Include filename truncated by a \\0 after '%s'", fname); + efree(fname); + return (0); + } + + /* 3. must not be a URL */ + if (strstr(filename, "://")) { + char *fname = estrndup(filename, len); + for (i=0; i < len; i++) if (fname[i] < 32) fname[i]='.'; + php_security_log(S_INCLUDE, "Include filename ('%s') is an URL", fname); + efree(fname); + return (0); + } + + /* 4. must not be an uploaded file */ + if (SG(rfc1867_uploaded_files)) { + if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) filename, len+1)) { + php_security_log(S_INCLUDE, "Include filename is an uploaded file"); + return (0); + } + } + + /* passed all tests */ + return (1); +} + +#endif + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + * vim600: sw=4 ts=4 fdm=marker + * vim<600: sw=4 ts=4 + */ diff -Nura php-4.4.0/main/hardening_patch.h hardening-patch-4.4.0-0.4.2/main/hardening_patch.h --- php-4.4.0/main/hardening_patch.h 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/main/hardening_patch.h 2005-09-07 18:43:16.603482024 +0200 @@ -0,0 +1,46 @@ +/* + +----------------------------------------------------------------------+ + | Hardening Patch for PHP | + +----------------------------------------------------------------------+ + | Copyright (c) 2004-2005 Stefan Esser | + +----------------------------------------------------------------------+ + | This source file is subject to version 2.02 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available at through the world-wide-web at | + | http://www.php.net/license/2_02.txt. | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Stefan Esser | + +----------------------------------------------------------------------+ + */ + +#ifndef HARDENING_PATCH_H +#define HARDENING_PATCH_H + +#include "zend.h" + +#if HARDENING_PATCH +PHPAPI void php_security_log(int loglevel, char *fmt, ...); +PHPAPI void hardened_startup(); +#define HARDENING_PATCH_VERSION "0.4.2" + +#endif + +#if HARDENING_PATCH_MM_PROTECT || HARDENING_PATCH_LL_PROTECT || HARDENING_PATCH_HASH_PROTECT +PHPAPI unsigned int php_canary(); +#endif + +#if HARDENING_PATCH_INC_PROTECT +PHPAPI int php_is_valid_include(zval *z); +#endif + +#endif /* HARDENING_PATCH_H */ + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + */ diff -Nura php-4.4.0/main/hardening_patch.m4 hardening-patch-4.4.0-0.4.2/main/hardening_patch.m4 --- php-4.4.0/main/hardening_patch.m4 1970-01-01 01:00:00.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/main/hardening_patch.m4 2005-09-07 18:40:29.097946736 +0200 @@ -0,0 +1,95 @@ +dnl +dnl $Id: hardening_patch.m4,v 1.1 2004/11/14 13:24:24 ionic Exp $ +dnl +dnl This file contains Hardening Patch for PHP specific autoconf functions. +dnl + +AC_ARG_ENABLE(hardening-patch-mm-protect, +[ --disable-hardening-patch-mm-protect Disable the Memory Manager protection.],[ + DO_HARDENING_PATCH_MM_PROTECT=$enableval +],[ + DO_HARDENING_PATCH_MM_PROTECT=yes +]) + +AC_ARG_ENABLE(hardening-patch-ll-protect, +[ --disable-hardening-patch-ll-protect Disable the Linked List protection.],[ + DO_HARDENING_PATCH_LL_PROTECT=$enableval +],[ + DO_HARDENING_PATCH_LL_PROTECT=yes +]) + +AC_ARG_ENABLE(hardening-patch-inc-protect, +[ --disable-hardening-patch-inc-protect Disable include/require protection.],[ + DO_HARDENING_PATCH_INC_PROTECT=$enableval +],[ + DO_HARDENING_PATCH_INC_PROTECT=yes +]) + +AC_ARG_ENABLE(hardening-patch-fmt-protect, +[ --disable-hardening-patch-fmt-protect Disable format string protection.],[ + DO_HARDENING_PATCH_FMT_PROTECT=$enableval +],[ + DO_HARDENING_PATCH_FMT_PROTECT=yes +]) + +AC_ARG_ENABLE(hardening-patch-hash-protect, +[ --disable-hardening-patch-hash-protect Disable HashTable destructor protection.],[ + DO_HARDENING_PATCH_HASH_PROTECT=$enableval +],[ + DO_HARDENING_PATCH_HASH_PROTECT=yes +]) + +AC_MSG_CHECKING(whether to protect the Zend Memory Manager) +AC_MSG_RESULT($DO_HARDENING_PATCH_MM_PROTECT) + +AC_MSG_CHECKING(whether to protect the Zend Linked Lists) +AC_MSG_RESULT($DO_HARDENING_PATCH_LL_PROTECT) + +AC_MSG_CHECKING(whether to protect include/require statements) +AC_MSG_RESULT($DO_HARDENING_PATCH_INC_PROTECT) + +AC_MSG_CHECKING(whether to protect PHP Format String functions) +AC_MSG_RESULT($DO_HARDENING_PATCH_FMT_PROTECT) + +AC_MSG_CHECKING(whether to protect the destructor of Zend HashTables) +AC_MSG_RESULT($DO_HARDENING_PATCH_HASH_PROTECT) + + +AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch]) + + +if test "$DO_HARDENING_PATCH_MM_PROTECT" = "yes"; then +dnl AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch]) + AC_DEFINE(HARDENING_PATCH_MM_PROTECT, 1, [Memory Manager Protection]) +else + AC_DEFINE(HARDENING_PATCH_MM_PROTECT, 0, [Memory Manager Protection]) +fi + +if test "$DO_HARDENING_PATCH_LL_PROTECT" = "yes"; then +dnl AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch]) + AC_DEFINE(HARDENING_PATCH_LL_PROTECT, 1, [Linked List Protection]) +else + AC_DEFINE(HARDENING_PATCH_LL_PROTECT, 0, [Linked List Protection]) +fi + +if test "$DO_HARDENING_PATCH_INC_PROTECT" = "yes"; then +dnl AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch]) + AC_DEFINE(HARDENING_PATCH_INC_PROTECT, 1, [Include/Require Protection]) +else + AC_DEFINE(HARDENING_PATCH_INC_PROTECT, 0, [Include/Require Protection]) +fi + +if test "$DO_HARDENING_PATCH_FMT_PROTECT" = "yes"; then +dnl AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch]) + AC_DEFINE(HARDENING_PATCH_FMT_PROTECT, 1, [Fmt String Protection]) +else + AC_DEFINE(HARDENING_PATCH_FMT_PROTECT, 0, [Fmt String Protection]) +fi + +if test "$DO_HARDENING_PATCH_HASH_PROTECT" = "yes"; then +dnl AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch]) + AC_DEFINE(HARDENING_PATCH_HASH_PROTECT, 1, [HashTable DTOR Protection]) +else + AC_DEFINE(HARDENING_PATCH_HASH_PROTECT, 0, [HashTable DTOR Protection]) +fi + diff -Nura php-4.4.0/main/main.c hardening-patch-4.4.0-0.4.2/main/main.c --- php-4.4.0/main/main.c 2005-06-20 21:59:43.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/main/main.c 2005-09-07 18:40:29.098946584 +0200 @@ -100,6 +100,10 @@ PHPAPI int core_globals_id; #endif +#if HARDENING_PATCH +#include "hardened_globals.h" +#endif + #define ERROR_BUF_LEN 1024 typedef struct { @@ -150,10 +154,33 @@ */ static PHP_INI_MH(OnChangeMemoryLimit) { +#if HARDENING_PATCH + long orig_memory_limit; + + if (entry->modified) { + orig_memory_limit = zend_atoi(entry->orig_value, entry->orig_value_length); + } else { + orig_memory_limit = 1<<30; + } + if (orig_memory_limit < 0 || orig_memory_limit > (1<<30)) { + orig_memory_limit = 1<<30; + } +#endif if (new_value) { PG(memory_limit) = zend_atoi(new_value, new_value_length); +#if HARDENING_PATCH + if (PG(memory_limit) > orig_memory_limit) { + PG(memory_limit) = orig_memory_limit; + php_security_log(S_MISC, "script tried to increase memory_limit above allowed value"); + return FAILURE; + } +#endif } else { +#if HARDENING_PATCH + PG(memory_limit) = orig_memory_limit; +#else PG(memory_limit) = 1<<30; /* effectively, no limit */ +#endif } return zend_set_memory_limit(PG(memory_limit)); } @@ -1096,6 +1123,10 @@ tsrm_ls = ts_resource(0); #endif +#if HARDENING_PATCH + hardened_startup(); +#endif + sapi_initialize_empty_request(TSRMLS_C); sapi_activate(TSRMLS_C); @@ -1108,6 +1139,12 @@ php_output_startup(); php_output_activate(TSRMLS_C); +#if HARDENING_PATCH_INC_PROTECT + zuf.is_valid_include = php_is_valid_include; +#endif +#if HARDENING_PATCH + zuf.security_log_function = php_security_log; +#endif zuf.error_function = php_error_cb; zuf.printf_function = php_printf; zuf.write_function = php_body_write_wrapper; @@ -1209,6 +1246,10 @@ REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_PATH", PHP_CONFIG_FILE_PATH, sizeof(PHP_CONFIG_FILE_PATH)-1, CONST_PERSISTENT | CONST_CS); REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS); REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS); +#if HARDENING_PATCH + REGISTER_MAIN_LONG_CONSTANT("HARDENING_PATCH", 1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("HARDENING_PATCH_VERSION", HARDENING_PATCH_VERSION, sizeof(HARDENING_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS); +#endif REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS); REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS); REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS); @@ -1316,7 +1357,7 @@ */ static inline void php_register_server_variables(TSRMLS_D) { - zval *array_ptr=NULL; + zval *array_ptr=NULL, *vptr; ALLOC_ZVAL(array_ptr); array_init(array_ptr); @@ -1326,6 +1367,16 @@ /* Server variables */ if (sapi_module.register_server_variables) { sapi_module.register_server_variables(array_ptr TSRMLS_CC); + if (zend_hash_find(array_ptr->value.ht, "HTTP_RAW_POST_DATA", sizeof("HTTP_RAW_POST_DATA"), (void **)&vptr)==SUCCESS) { + char *str; + if (vptr->type != IS_STRING) { + str = "Array"; + } else { + str = vptr->value.str.val; + } + php_security_log(S_VARS, "Attacker tried to overwrite HTTP_RAW_POST_DATA with '%s' through a HTTP header", str); + zend_hash_del(array_ptr->value.ht, "HTTP_RAW_POST_DATA", sizeof("HTTP_RAW_POST_DATA")); + } } /* PHP Authentication support */ diff -Nura php-4.4.0/main/php_config.h.in hardening-patch-4.4.0-0.4.2/main/php_config.h.in --- php-4.4.0/main/php_config.h.in 2005-07-11 12:07:41.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/main/php_config.h.in 2005-09-07 18:40:29.099946432 +0200 @@ -860,6 +860,39 @@ /* Enabling BIND8 compatibility for Panther */ #undef BIND_8_COMPAT +/* Hardening-Patch */ +#undef HARDENING_PATCH + +/* Memory Manager Protection */ +#undef HARDENING_PATCH_MM_PROTECT + +/* Memory Manager Protection */ +#undef HARDENING_PATCH_MM_PROTECT + +/* Linked List Protection */ +#undef HARDENING_PATCH_LL_PROTECT + +/* Linked List Protection */ +#undef HARDENING_PATCH_LL_PROTECT + +/* Include/Require Protection */ +#undef HARDENING_PATCH_INC_PROTECT + +/* Include/Require Protection */ +#undef HARDENING_PATCH_INC_PROTECT + +/* Fmt String Protection */ +#undef HARDENING_PATCH_FMT_PROTECT + +/* Fmt String Protection */ +#undef HARDENING_PATCH_FMT_PROTECT + +/* HashTable DTOR Protection */ +#undef HARDENING_PATCH_HASH_PROTECT + +/* HashTable DTOR Protection */ +#undef HARDENING_PATCH_HASH_PROTECT + /* Whether you have AOLserver */ #undef HAVE_AOLSERVER @@ -1143,6 +1176,12 @@ /* Define if you have the getaddrinfo function */ #undef HAVE_GETADDRINFO +/* Whether realpath is broken */ +#undef PHP_BROKEN_REALPATH + +/* Whether realpath is broken */ +#undef PHP_BROKEN_REALPATH + /* Whether system headers declare timezone */ #undef HAVE_DECLARED_TIMEZONE diff -Nura php-4.4.0/main/php_content_types.c hardening-patch-4.4.0-0.4.2/main/php_content_types.c --- php-4.4.0/main/php_content_types.c 2002-12-31 17:26:14.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/main/php_content_types.c 2005-09-07 18:40:29.099946432 +0200 @@ -77,6 +77,7 @@ sapi_register_post_entries(php_post_entries); sapi_register_default_post_reader(php_default_post_reader); sapi_register_treat_data(php_default_treat_data); + sapi_register_input_filter(php_default_input_filter); return SUCCESS; } /* }}} */ diff -Nura php-4.4.0/main/php.h hardening-patch-4.4.0-0.4.2/main/php.h --- php-4.4.0/main/php.h 2005-04-17 15:37:29.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/main/php.h 2005-09-07 18:40:29.100946280 +0200 @@ -35,11 +35,19 @@ #include "zend_qsort.h" #include "php_compat.h" + #include "zend_API.h" #undef sprintf #define sprintf php_sprintf +#if HARDENING_PATCH +#if HAVE_REALPATH +#undef realpath +#define realpath php_realpath +#endif +#endif + /* PHP's DEBUG value must match Zend's ZEND_DEBUG value */ #undef PHP_DEBUG #define PHP_DEBUG ZEND_DEBUG @@ -435,6 +443,10 @@ #endif #endif /* !XtOffsetOf */ +#if HARDENING_PATCH +#include "hardening_patch.h" +#endif + #endif /* diff -Nura php-4.4.0/main/php_variables.c hardening-patch-4.4.0-0.4.2/main/php_variables.c --- php-4.4.0/main/php_variables.c 2005-05-17 20:42:35.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/main/php_variables.c 2005-09-07 18:40:29.100946280 +0200 @@ -225,17 +225,28 @@ while (var) { val = strchr(var, '='); if (val) { /* have a value */ - int val_len; + unsigned int val_len, new_val_len; *val++ = '\0'; php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); - php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); + val = estrndup(val, val_len); + if (sapi_module.input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { + php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); + } + efree(val); } var = php_strtok_r(NULL, "&", &strtok_buf); } } +SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter) +{ + /* TODO: check .ini setting here and apply user-defined input filter */ + *new_val_len = val_len; + return 1; +} + SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) { char *res = NULL, *var, *val, *separator=NULL; @@ -313,15 +324,26 @@ while (var) { val = strchr(var, '='); if (val) { /* have a value */ - int val_len; + unsigned int val_len, new_val_len; *val++ = '\0'; php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); - php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); + val = estrndup(val, val_len); + if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) { + php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); + } + efree(val); } else { + unsigned int val_len, new_val_len; + php_url_decode(var, strlen(var)); - php_register_variable_safe(var, "", 0, array_ptr TSRMLS_CC); + val_len = 0; + val = estrndup("", 0); + if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) { + php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); + } + efree(val); } var = php_strtok_r(NULL, separator, &strtok_buf); } diff -Nura php-4.4.0/main/rfc1867.c hardening-patch-4.4.0-0.4.2/main/rfc1867.c --- php-4.4.0/main/rfc1867.c 2005-04-04 16:59:58.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/main/rfc1867.c 2005-09-07 18:40:29.101946128 +0200 @@ -127,6 +127,7 @@ #define UPLOAD_ERROR_C 3 /* Partially uploaded */ #define UPLOAD_ERROR_D 4 /* No file uploaded */ #define UPLOAD_ERROR_E 6 /* Missing /tmp or similar directory */ +#define UPLOAD_ERROR_F 7 /* Filter forbids upload */ void php_rfc1867_register_constants(TSRMLS_D) { @@ -136,6 +137,7 @@ REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_PARTIAL", UPLOAD_ERROR_C, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_FILE", UPLOAD_ERROR_D, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_TMP_DIR", UPLOAD_ERROR_E, CONST_CS | CONST_PERSISTENT); + REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_FILTER", UPLOAD_ERROR_F, CONST_CS | CONST_PERSISTENT); } static void normalize_protected_variable(char *varname TSRMLS_DC) @@ -844,6 +846,7 @@ char buff[FILLUNIT]; char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; int blen=0, wlen=0; + unsigned long offset; zend_llist_clean(&header); @@ -891,21 +894,24 @@ if (!filename && param) { char *value = multipart_buffer_read_body(mbuff TSRMLS_CC); + unsigned int new_val_len; /* Dummy variable */ if (!value) { value = estrdup(""); } + if (sapi_module.input_filter(PARSE_POST, param, &value, strlen(value), &new_val_len TSRMLS_CC)) { #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) - if (php_mb_encoding_translation(TSRMLS_C)) { - php_mb_gpc_stack_variable(param, value, &val_list, &len_list, - &num_vars, &num_vars_max TSRMLS_CC); - } else { - safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); - } + if (php_mb_encoding_translation(TSRMLS_C)) { + php_mb_gpc_stack_variable(param, value, &val_list, &len_list, + &num_vars, &num_vars_max TSRMLS_CC); + } else { + safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); + } #else - safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); + safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); #endif + } if (!strcasecmp(param, "MAX_FILE_SIZE")) { max_file_size = atol(value); } @@ -981,6 +987,11 @@ cancel_upload = UPLOAD_ERROR_D; } + if (sapi_module.pre_upload_filter && sapi_module.pre_upload_filter(param, filename TSRMLS_CC)==FAILURE) { + cancel_upload = UPLOAD_ERROR_F; + } + + offset = 0; while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff) TSRMLS_CC))) { if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) { @@ -990,6 +1001,11 @@ sapi_module.sapi_error(E_WARNING, "MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved", max_file_size, param, filename); cancel_upload = UPLOAD_ERROR_B; } else if (blen > 0) { + + if (sapi_module.upload_content_filter && sapi_module.upload_content_filter(offset, buff, blen, &blen TSRMLS_CC)==FAILURE) { + cancel_upload = UPLOAD_ERROR_F; + } + wlen = write(fd, buff, blen); if (wlen < blen) { @@ -997,6 +1013,7 @@ cancel_upload = UPLOAD_ERROR_C; } else { total_bytes += wlen; + offset += wlen; } } } @@ -1011,6 +1028,10 @@ } #endif + if (!cancel_upload && sapi_module.post_upload_filter && sapi_module.post_upload_filter(temp_filename TSRMLS_CC)==FAILURE) { + cancel_upload = UPLOAD_ERROR_F; + } + if (cancel_upload) { if (temp_filename) { if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */ diff -Nura php-4.4.0/main/SAPI.c hardening-patch-4.4.0-0.4.2/main/SAPI.c --- php-4.4.0/main/SAPI.c 2005-02-22 15:46:24.000000000 +0100 +++ hardening-patch-4.4.0-0.4.2/main/SAPI.c 2005-09-07 18:40:29.102945976 +0200 @@ -831,6 +831,31 @@ return SUCCESS; } +SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC)) +{ + sapi_module.input_filter = input_filter; + return SUCCESS; +} + +SAPI_API int sapi_register_pre_upload_filter(unsigned int (*pre_upload_filter)(char *varname, char *filename TSRMLS_DC)) +{ + sapi_module.pre_upload_filter = pre_upload_filter; + return SUCCESS; +} + +SAPI_API int sapi_register_upload_content_filter(unsigned int (*upload_content_filter)(unsigned long offset, char *buffer, unsigned int buffer_len, unsigned int *new_buffer_len TSRMLS_DC)) +{ + sapi_module.upload_content_filter = upload_content_filter; + return SUCCESS; +} + +SAPI_API int sapi_register_post_upload_filter(unsigned int (*post_upload_filter)(char *tmpfilename TSRMLS_DC)) +{ + sapi_module.post_upload_filter = post_upload_filter; + return SUCCESS; +} + + SAPI_API int sapi_flush(TSRMLS_D) { diff -Nura php-4.4.0/main/SAPI.h hardening-patch-4.4.0-0.4.2/main/SAPI.h --- php-4.4.0/main/SAPI.h 2003-04-09 22:27:55.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/main/SAPI.h 2005-09-07 18:40:29.103945824 +0200 @@ -101,9 +101,10 @@ char *current_user; int current_user_length; - /* this is necessary for CLI module */ - int argc; - char **argv; + /* this is necessary for CLI module */ + int argc; + char **argv; + } sapi_request_info; @@ -177,6 +178,10 @@ SAPI_API void sapi_unregister_post_entry(sapi_post_entry *post_entry); SAPI_API int sapi_register_default_post_reader(void (*default_post_reader)(TSRMLS_D)); SAPI_API int sapi_register_treat_data(void (*treat_data)(int arg, char *str, zval *destArray TSRMLS_DC)); +SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC)); +SAPI_API int sapi_register_pre_upload_filter(unsigned int (*pre_upload_filter)(char *varname, char *filename TSRMLS_DC)); +SAPI_API int sapi_register_upload_content_filter(unsigned int (*upload_content_filter)(unsigned long offset, char *buffer, unsigned int buffer_len, unsigned int *new_buffer_len TSRMLS_DC)); +SAPI_API int sapi_register_post_upload_filter(unsigned int (*post_upload_filter)(char *tmpfilename TSRMLS_DC)); SAPI_API int sapi_flush(TSRMLS_D); SAPI_API struct stat *sapi_get_stat(TSRMLS_D); @@ -238,8 +243,15 @@ int (*get_target_uid)(uid_t * TSRMLS_DC); int (*get_target_gid)(gid_t * TSRMLS_DC); + unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC); + + unsigned int (*pre_upload_filter)(char *varname, char *filename TSRMLS_DC); + unsigned int (*upload_content_filter)(unsigned long offset, char *buffer, unsigned int buffer_len, unsigned int *new_buffer_len TSRMLS_DC); + unsigned int (*post_upload_filter)(char *tmpfilename TSRMLS_DC); + void (*ini_defaults)(HashTable *configuration_hash); int phpinfo_as_text; + }; @@ -262,16 +274,26 @@ #define SAPI_DEFAULT_MIMETYPE "text/html" #define SAPI_DEFAULT_CHARSET "" + +#if HARDENING_PATCH +#define SAPI_PHP_VERSION_HEADER "X-Powered-By: PHP/" PHP_VERSION " with Hardening-Patch" +#else #define SAPI_PHP_VERSION_HEADER "X-Powered-By: PHP/" PHP_VERSION +#endif #define SAPI_POST_READER_FUNC(post_reader) void post_reader(TSRMLS_D) #define SAPI_POST_HANDLER_FUNC(post_handler) void post_handler(char *content_type_dup, void *arg TSRMLS_DC) #define SAPI_TREAT_DATA_FUNC(treat_data) void treat_data(int arg, char *str, zval* destArray TSRMLS_DC) +#define SAPI_INPUT_FILTER_FUNC(input_filter) unsigned int input_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC) +#define SAPI_PRE_UPLOAD_FILTER_FUNC(pre_upload_filter) unsigned int pre_upload_filter(char *varname, char *filename TSRMLS_DC) +#define SAPI_UPLOAD_CONTENT_FILTER_FUNC(upload_content_filter) unsigned int upload_content_filter(unsigned long offset, char *buffer, unsigned int buffer_len, unsigned int *new_buffer_len TSRMLS_DC) +#define SAPI_POST_UPLOAD_FILTER_FUNC(post_upload_filter) unsigned int post_upload_filter(char *tmpfilename TSRMLS_DC) SAPI_API SAPI_POST_READER_FUNC(sapi_read_standard_form_data); SAPI_API SAPI_POST_READER_FUNC(php_default_post_reader); SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data); +SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter); #define STANDARD_SAPI_MODULE_PROPERTIES diff -Nura php-4.4.0/main/snprintf.c hardening-patch-4.4.0-0.4.2/main/snprintf.c --- php-4.4.0/main/snprintf.c 2005-04-08 07:44:53.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/main/snprintf.c 2005-09-07 18:40:29.103945824 +0200 @@ -1013,7 +1013,11 @@ case 'n': +#if HARDENING_PATCH_FMT_PROTECT + php_security_log(S_MISC, "'n' specifier within format string"); +#else *(va_arg(ap, int *)) = cc; +#endif break; /* diff -Nura php-4.4.0/main/spprintf.c hardening-patch-4.4.0-0.4.2/main/spprintf.c --- php-4.4.0/main/spprintf.c 2005-04-08 07:44:53.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/main/spprintf.c 2005-09-07 18:40:29.104945672 +0200 @@ -630,7 +630,11 @@ case 'n': +#if HARDENING_PATCH_FMT_PROTECT + php_security_log(S_MISC, "'n' specifier within format string"); +#else *(va_arg(ap, int *)) = xbuf->len; +#endif break; /* diff -Nura php-4.4.0/pear/go-pear-list.php hardening-patch-4.4.0-0.4.2/pear/go-pear-list.php --- php-4.4.0/pear/go-pear-list.php 2005-07-01 11:41:04.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/pear/go-pear-list.php 2005-09-07 19:03:13.095587576 +0200 @@ -8,7 +8,7 @@ $packages = array( // required packages for the installer "PEAR" => "1.3.5", -"XML_RPC" => "1.3.1", +"XML_RPC" => "1.4.0", "Console_Getopt" => "1.2", "Archive_Tar" => "1.3.1", diff -Nura php-4.4.0/pear/packages/XML_RPC-1.3.1.tar hardening-patch-4.4.0-0.4.2/pear/packages/XML_RPC-1.3.1.tar --- php-4.4.0/pear/packages/XML_RPC-1.3.1.tar 2005-07-01 11:42:14.000000000 +0200 +++ hardening-patch-4.4.0-0.4.2/pear/packages/XML_RPC-1.3.1.tar 1970-01-01 01:00:00.000000000 +0100 @@ -1,3733 +0,0 @@ -package2.xml100644 1750 144 32557 10260516576 6517 - - XML_RPC - pear.php.net - PHP implementation of the XML-RPC protocol - A PEAR-ified version of Useful Inc's XML-RPC for PHP. - -It has support for HTTP/HTTPS transport, proxies and authentication. - - Stig Bakken - ssb - stig@php.net - no - - - Daniel Convissor - danielc - danielc@php.net - yes - - 2005-06-29 - - - 1.3.1 - 1.3.0 - - - stable - stable - - PHP License - * Security fix. Update highly recommended! - - - - - - - - - - - - - - - - - - - - - PEAR - pear.php.net - 1.4.0a1 - 1.4.0a12 - - - - - 4.2.0 - 6.0.0 - - - 1.4.0a1 - - - - - - - - 1.3.0RC3 - 1.3.0 - - - beta - stable - - 2005-05-10 - PHP License - * When verifying requests against function signatures, if the number of parameters don't match, provide an appropriate message. NOTE: this resolves a path disclosure vulnerability. (Refines the changes made in the last commit.) Bug 4231. -* XML_RPC_Message::getParam() now returns an XML_RPC_Response object upon error. Changed from Release 1.3.0RC2. -* Add the XML_RPC_Value::isValue() method. For testing if an item is an XML_RPC_Value object. -* If XML_RPC_Client::send() is given an incorrect $msg parameter, raise an error with the new XML_RPC_ERROR_PROGRAMMING code and return 0. -* Improve cross-platform operation by using PEAR::loadExtension() instead of dl(). -* Use <br /> instead of <br> in XML_RPC_Value::dump(). - - - - 1.3.0RC2 - 1.3.0 - - - beta - beta - - 2005-05-05 - PHP License - * If XML_RPC_Message::getParam() is given an incorrect parameter, raise an error with the new XML_RPC_ERROR_INCORRECT_PARAMS code and return FALSE. -* Handle improper requests to XML_RPC_Server::verifySignature(). Bug 4231. -* Try to allow HTTP 100 responses if followed by a 200 response. Bug 4116. -* Help Delphi users by making RPCMETHODNAME an alias for METHODNAME. Request 4205. - - - - 1.3.0RC1 - 1.3.0 - - - beta - beta - - 2005-04-07 - PHP License - * Improve timeout handling for situations where connection to server is made but no response is not received in time. Accomplished via stream_set_timeout(). Request 3963. -* Add Fault Code 6: "The requested method didn't return an XML_RPC_Response object." Request 4032. -* Add the createServerPayload() and createServerHeaders() methods and the $server_payload and $server_headers properties. Request 3121. -* As in earlier versions, if the $serviceNow parameter to XML_RPC_Server() is 0, no data will be returned, but now the new $server_payload and $server_headers properties will be set. -* Convert the parser handle to an integer before using it as an index for $XML_RPC_xh[$parser]. Reduces E_STRICT notices. Bug 3782. -* Add createHeaders() method and $headers property to XML_RPC_Client to make testing easier. - - - - 1.2.2 - 1.2.0 - - - stable - stable - - 2005-03-07 - PHP License - * When using a proxy, add the protocol to the Request-URI, making it an "absoluteURI" as per the HTTP 1.0 spec. Bug 3679. - - - - 1.2.1 - 1.2.0 - - - stable - stable - - 2005-03-01 - PHP License - * Add isset() check before examining the dispatch map. Bug 3658. - - - - 1.2.0 - 1.2.0 - - - stable - stable - - 2005-02-27 - PHP License - * Provide the "stable" release. -* Add package2.xml for compatibility with PEAR 1.4.0. -* For changes since 1.1.0, see the changelogs for the various RC releases. - - - - 1.2.0RC7 - 1.2.0RC7 - - - beta - beta - - 2005-02-22 - PHP License - * Add the setSendEncoding() method and $send_encoding - property to XML_RPC_Message. Request 3537. -* Allow class methods to be mapped using either syntax: - 'function' => 'hello::sayHello', - or - 'function' => array('hello', 'sayhello'), - Bug 3363. -* Use 8192 instead of 32768 for bytes in fread() - in parseResponseFile(). Bug 3340. - - - - 1.2.0RC6 - 1.2.0RC6 - - - beta - beta - - 2005-01-25 - PHP License - * Don't put the protocol in the Host field of the POST data. (danielc) - - - - 1.2.0RC5 - 1.2.0RC5 - - - beta - beta - - 2005-01-24 - PHP License - * If $port is 443 but a protocol isn't specified in $server, assume ssl:// is the protocol. - - - - 1.2.0RC4 - 1.2.0RC4 - - - beta - beta - - 2005-01-24 - PHP License - * When a connection attempt fails, have the method return 0. (danielc) -* Move the protocol/port checking/switching and the property settings from sendPayloadHTTP10() to the XML_RPC_Client constructor. (danielc) -* Add tests for setting the client properties. (danielc) -* Remove $GLOBALS['XML_RPC_twoslash'] since it's not used. (danielc) -* Bundle the tests with the package. (danielc) - - - - 1.2.0RC3 - 1.2.0RC3 - - - beta - beta - - 2005-01-19 - PHP License - * ssl uses port 443, not 445. - - - - 1.2.0RC2 - 1.2.0RC2 - - - beta - beta - - 2005-01-11 - PHP License - * Handle ssl:// in the $server string. (danielc) -* Also default to port 445 for ssl:// requests as well. (danielc) -* Enhance debugging in the server. (danielc) - - - - 1.2.0RC1 - 1.2.0RC1 - - - beta - beta - - 2004-12-30 - PHP License - * Make things work with SSL. Bug 2489. (nkukard lbsd net) -* Allow array function callbacks (Matt Kane) -* Some minor speed-ups (Matt Kane) -* Add Dump.php to the package (Christian Weiske) -* Replace all line endings with \r\n. Had only done replacements on \n. Bug 2521. (danielc) -* Silence fsockopen() errors. Bug 1714. (danielc) -* Encode empty arrays as an array. Bug 1493. (danielc) -* Eliminate undefined index notice when submitting empty arrays to XML_RPC_Encode(). Bug 1819. (danielc) -* Speed up check for enumerated arrays in XML_RPC_Encode(). (danielc) -* Prepend "XML_RPC_" to ERROR_NON_NUMERIC_FOUND, eliminating problem when eval()'ing error messages. (danielc) -* Use XML_RPC_Base::raiseError() instead of PEAR::raiseError() in XML_RPC_ee() because PEAR.php is lazy loaded. (danielc) -* Allow raiseError() to be called statically. (danielc) -* Stop double escaping of character entities. Bug 987. (danielc) - NOTICE: the following have been removed: - * XML_RPC_dh() - * $GLOBALS['XML_RPC_entities'] - * XML_RPC_entity_decode() - * XML_RPC_lookup_entity() -* Determine the XML's encoding via the encoding attribute in the XML declaration. Bug 52. (danielc) - - - - 1.1.0 - 1.1.0 - - - stable - stable - - 2004-03-15 - PHP License - * Added support for sequential arrays to XML_RPC_encode() (mroch) -* Cleaned up new XML_RPC_encode() changes a bit (mroch, pierre) -* Remove "require_once 'PEAR.php'", include only when needed to raise an error -* Replace echo and error_log() with raiseError() (mroch) -* Make all classes extend XML_RPC_Base, which will handle common functions (mroch) -* be tolerant of junk after methodResponse (Luca Mariano, mroch) -* Silent notice even in the error log (pierre) -* fix include of shared xml extension on win32 (pierre) - - - - 1.0.4 - 1.0.4 - - - stable - stable - - 2002-10-02 - PHP License - * added HTTP proxy authorization support (thanks to Arnaud Limbourg) - - - - 1.0.3 - 1.0.3 - - - stable - stable - - 2002-05-19 - PHP License - * fix bug when parsing responses with boolean types - - - - 1.0.2 - 1.0.2 - - - stable - stable - - 2002-04-16 - PHP License - * E_ALL fixes -* fix HTTP response header parsing - - - - 1.0.1 - 1.0.1 - - - stable - stable - - 2001-09-25 - PHP License - This is a PEAR-ified version of Useful Inc's 1.0.1 release. -Includes an urgent security fix identified by Dan Libby <dan@libby.com>. - - - -XML_RPC-1.3.1/tests/protoport.php100644 1750 144 25543 10260516576 12042 - * @copyright 2005 The PHP Group - * @license http://www.php.net/license/3_0.txt PHP License - * @version CVS: $Id: protoport.php,v 1.4 2005/01/24 17:48:47 danielc Exp $ - * @link http://pear.php.net/package/XML_RPC - * @since File available since Release 1.2 - */ - -/* - * If the package version number is found in the left hand - * portion of the if() expression below, that means this file has - * come from the PEAR installer. Therefore, let's test the - * installed version of XML_RPC which should be in the include path. - * - * If the version has not been substituted in the if() expression, - * this file has likely come from a CVS checkout or a .tar file. - * Therefore, we'll assume the tests should use the version of - * XML_RPC that has come from there as well. - */ -if ('1.3.1' != '@'.'package_version'.'@') { - /** - * Get the needed class from the PEAR installation - */ - require_once 'XML/RPC.php'; -} else { - /** - * Get the needed class from the parent directory - */ - require_once '../RPC.php'; -} - -/** - * Compare the test result to the expected result - * - * If the test fails, echo out the results. - * - * @param array $expect the array of object properties you expect - * from the test - * @param object $actual the object results from the test - * @param string $test_name the name of the test - * - * @return void - */ -function compare($expect, $actual, $test_name) { - $actual = get_object_vars($actual); - if (count(array_diff($actual, $expect))) { - echo "$test_name failed.\nExpect: "; - print_r($expect); - echo "Actual: "; - print_r($actual); - echo "\n"; - } -} - -if (php_sapi_name() != 'cli') { - echo "
\n";
-}
-
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 80,
-    'proxy' => '',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'theserver');
-compare($x, $c, 'defaults');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 80,
-    'proxy' => '',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'http://theserver');
-compare($x, $c, 'defaults with http');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 443,
-    'proxy' => '',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'https://theserver');
-compare($x, $c, 'defaults with https');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 443,
-    'proxy' => '',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'ssl://theserver');
-compare($x, $c, 'defaults with ssl');
-
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 65,
-    'proxy' => '',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'theserver', 65);
-compare($x, $c, 'port 65');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 65,
-    'proxy' => '',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'http://theserver', 65);
-compare($x, $c, 'port 65 with http');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 65,
-    'proxy' => '',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'https://theserver', 65);
-compare($x, $c, 'port 65 with https');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 65,
-    'proxy' => '',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'ssl://theserver', 65);
-compare($x, $c, 'port 65 with ssl');
-
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 80,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'theserver', 0,
-                        'theproxy');
-compare($x, $c, 'defaults proxy');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 80,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 8080,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'http://theserver', 0,
-                        'http://theproxy');
-compare($x, $c, 'defaults with http proxy');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 443,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'ssl://',
-    'proxy_port' => 443,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'https://theserver', 0,
-                        'https://theproxy');
-compare($x, $c, 'defaults with https proxy');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 443,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'ssl://',
-    'proxy_port' => 443,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'ssl://theserver', 0,
-                        'ssl://theproxy');
-compare($x, $c, 'defaults with ssl proxy');
-
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 65,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 6565,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'theserver', 65,
-                        'theproxy', 6565);
-compare($x, $c, 'port 65 proxy 6565');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 65,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'http://',
-    'proxy_port' => 6565,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'http://theserver', 65,
-                        'http://theproxy', 6565);
-compare($x, $c, 'port 65 with http proxy 6565');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 65,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'ssl://',
-    'proxy_port' => 6565,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'https://theserver', 65,
-                        'https://theproxy', 6565);
-compare($x, $c, 'port 65 with https proxy 6565');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 65,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'ssl://',
-    'proxy_port' => 6565,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'ssl://theserver', 65,
-                        'ssl://theproxy', 6565);
-compare($x, $c, 'port 65 with ssl proxy 6565');
-
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'ssl://',
-    'port' => 443,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'ssl://',
-    'proxy_port' => 443,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'theserver', 443,
-                        'theproxy', 443);
-compare($x, $c, 'port 443 no protocol and proxy port 443 no protocol');
-
-$x = array(
-    'path' => 'thepath',
-    'server' => 'theserver',
-    'protocol' => 'http://',
-    'port' => 80,
-    'proxy' => 'theproxy',
-    'proxy_protocol' => 'ssl://',
-    'proxy_port' => 6565,
-    'proxy_user' => '',
-    'proxy_pass' => '',
-    'errno' => 0,
-    'errstring' => '',
-    'debug' => 0,
-    'username' => '',
-    'password' => '',
-);
-$c = new XML_RPC_Client('thepath', 'theserver', 0,
-                        'ssl://theproxy', 6565);
-compare($x, $c, 'port 443 no protocol and proxy port 443 no protocol');
-XML_RPC-1.3.1/tests/test_Dump.php100644   1750    144        3042 10260516576  11704 new XML_RPC_Value('das ist der Titel', 'string'),
-    'startDate'=>new XML_RPC_Value(mktime(0,0,0,13,11,2004), 'dateTime.iso8601'),
-    'endDate'  =>new XML_RPC_Value(mktime(0,0,0,15,11,2004), 'dateTime.iso8601'),
-    'error'    =>'string',
-    'arkey'    => new XML_RPC_Value( array(
-        new XML_RPC_Value('simple string'),
-        new XML_RPC_Value(12345, 'int')
-        ), 'array')
-    )
-    ,'struct');
-
-XML_RPC_Dump($val);
-
-echo '==============' . "\r\n";
-$val2 = new XML_RPC_Value(44353, 'int');
-XML_RPC_Dump($val2);
-
-echo '==============' . "\r\n";
-$val3 = new XML_RPC_Value('this should be a string', 'string');
-XML_RPC_Dump($val3);
-
-echo '==============' . "\r\n";
-$val4 = new XML_RPC_Value(true, 'boolean');
-XML_RPC_Dump($val4);
-XML_RPC-1.3.1/Dump.php100644   1750    144       12074 10260516576   7530 
- * @version    CVS: $Id: Dump.php,v 1.7 2005/01/24 03:47:55 danielc Exp $
- * @link       http://pear.php.net/package/XML_RPC
- */
-
-
-/**
- * Pull in the XML_RPC class
- */
-require_once 'XML/RPC.php';
-
-
-/**
- * Generates the dump of the XML_RPC_Value and echoes it
- *
- * @param object $value  the XML_RPC_Value object to dump
- *
- * @return void
- */
-function XML_RPC_Dump($value)
-{
-    $dumper = new XML_RPC_Dump();
-    echo $dumper->generateDump($value);
-}
-
-
-/**
- * Class which generates a dump of a XML_RPC_Value object
- *
- * @category   Web Services
- * @package    XML_RPC
- * @author     Christian Weiske 
- * @version    Release: 1.3.1
- * @link       http://pear.php.net/package/XML_RPC
- */
-class XML_RPC_Dump
-{
-    /**
-     * The indentation array cache
-     * @var array
-     */
-    var $arIndent      = array();
-
-    /**
-     * The spaces used for indenting the XML
-     * @var string
-     */
-    var $strBaseIndent = '    ';
-
-    /**
-     * Returns the dump in XML format without printing it out
-     *
-     * @param object $value   the XML_RPC_Value object to dump
-     * @param int    $nLevel  the level of indentation
-     *
-     * @return string  the dump
-     */
-    function generateDump($value, $nLevel = 0)
-    {
-        if (!is_object($value) && get_class($value) != 'xml_rpc_value') {
-            require_once 'PEAR.php';
-            PEAR::raiseError('Tried to dump non-XML_RPC_Value variable' . "\r\n",
-                             0, PEAR_ERROR_PRINT);
-            if (is_object($value)) {
-                $strType = get_class($value);
-            } else {
-                $strType = gettype($value);
-            }
-            return $this->getIndent($nLevel) . 'NOT A XML_RPC_Value: '
-                   . $strType . "\r\n";
-        }
-
-        switch ($value->kindOf()) {
-        case 'struct':
-            $ret = $this->genStruct($value, $nLevel);
-            break;
-        case 'array':
-            $ret = $this->genArray($value, $nLevel);
-            break;
-        case 'scalar':
-            $ret = $this->genScalar($value->scalarval(), $nLevel);
-            break;
-        default:
-            require_once 'PEAR.php';
-            PEAR::raiseError('Illegal type "' . $value->kindOf()
-                             . '" in XML_RPC_Value' . "\r\n", 0,
-                             PEAR_ERROR_PRINT);
-        }
-
-        return $ret;
-    }
-
-    /**
-     * Returns the scalar value dump
-     *
-     * @param object $value   the scalar XML_RPC_Value object to dump
-     * @param int    $nLevel  the level of indentation
-     *
-     * @return string  Dumped version of the scalar value
-     */
-    function genScalar($value, $nLevel)
-    {
-        if (gettype($value) == 'object') {
-            $strClass = ' ' . get_class($value);
-        } else {
-            $strClass = '';
-        }
-        return $this->getIndent($nLevel) . gettype($value) . $strClass
-               . ' ' . $value . "\r\n";
-    }
-
-    /**
-     * Returns the dump of a struct
-     *
-     * @param object $value   the struct XML_RPC_Value object to dump
-     * @param int    $nLevel  the level of indentation
-     *
-     * @return string  Dumped version of the scalar value
-     */
-    function genStruct($value, $nLevel)
-    {
-        $value->structreset();
-        $strOutput = $this->getIndent($nLevel) . 'struct' . "\r\n";
-        while (list($key, $keyval) = $value->structeach()) {
-            $strOutput .= $this->getIndent($nLevel + 1) . $key . "\r\n";
-            $strOutput .= $this->generateDump($keyval, $nLevel + 2);
-        }
-        return $strOutput;
-    }
-
-    /**
-     * Returns the dump of an array
-     *
-     * @param object $value   the array XML_RPC_Value object to dump
-     * @param int    $nLevel  the level of indentation
-     *
-     * @return string  Dumped version of the scalar value
-     */
-    function genArray($value, $nLevel)
-    {
-        $nSize     = $value->arraysize();
-        $strOutput = $this->getIndent($nLevel) . 'array' . "\r\n";
-        for($nA = 0; $nA < $nSize; $nA++) {
-            $strOutput .= $this->getIndent($nLevel + 1) . $nA . "\r\n";
-            $strOutput .= $this->generateDump($value->arraymem($nA),
-                                              $nLevel + 2);
-        }
-        return $strOutput;
-    }
-
-    /**
-     * Returns the indent for a specific level and caches it for faster use
-     *
-     * @param int $nLevel  the level
-     *
-     * @return string  the indented string
-     */
-    function getIndent($nLevel)
-    {
-        if (!isset($this->arIndent[$nLevel])) {
-            $this->arIndent[$nLevel] = str_repeat($this->strBaseIndent, $nLevel);
-        }
-        return $this->arIndent[$nLevel];
-    }
-}
-
-/*
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * c-hanging-comment-ender-p: nil
- * End:
- */
-
-?>
-XML_RPC-1.3.1/RPC.php100644   1750    144      150065 10260516576   7272 
- * @author     Stig Bakken 
- * @author     Martin Jansen 
- * @author     Daniel Convissor 
- * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
- * @version    CVS: $Id: RPC.php,v 1.74 2005/05/09 20:51:54 danielc Exp $
- * @link       http://pear.php.net/package/XML_RPC
- */
-
-
-if (!function_exists('xml_parser_create')) {
-    PEAR::loadExtension('xml');
-}
-
-/**#@+
- * Error constants
- */
-/**
- * Parameter values don't match parameter types
- */
-define('XML_RPC_ERROR_INVALID_TYPE', 101);
-/**
- * Parameter declared to be numeric but the values are not
- */
-define('XML_RPC_ERROR_NON_NUMERIC_FOUND', 102);
-/**
- * Communication error
- */
-define('XML_RPC_ERROR_CONNECTION_FAILED', 103);
-/**
- * The array or struct has already been started
- */
-define('XML_RPC_ERROR_ALREADY_INITIALIZED', 104);
-/**
- * Incorrect parameters submitted
- */
-define('XML_RPC_ERROR_INCORRECT_PARAMS', 105);
-/**
- * Programming error by developer
- */
-define('XML_RPC_ERROR_PROGRAMMING', 106);
-/**#@-*/
-
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_I4']
- */
-$GLOBALS['XML_RPC_I4'] = 'i4';
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_Int']
- */
-$GLOBALS['XML_RPC_Int'] = 'int';
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_Boolean']
- */
-$GLOBALS['XML_RPC_Boolean'] = 'boolean';
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_Double']
- */
-$GLOBALS['XML_RPC_Double'] = 'double';
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_String']
- */
-$GLOBALS['XML_RPC_String'] = 'string';
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_DateTime']
- */
-$GLOBALS['XML_RPC_DateTime'] = 'dateTime.iso8601';
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_Base64']
- */
-$GLOBALS['XML_RPC_Base64'] = 'base64';
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_Array']
- */
-$GLOBALS['XML_RPC_Array'] = 'array';
-
-/**
- * Data types
- * @global string $GLOBALS['XML_RPC_Struct']
- */
-$GLOBALS['XML_RPC_Struct'] = 'struct';
-
-
-/**
- * Data type meta-types
- * @global array $GLOBALS['XML_RPC_Types']
- */
-$GLOBALS['XML_RPC_Types'] = array(
-    $GLOBALS['XML_RPC_I4']       => 1,
-    $GLOBALS['XML_RPC_Int']      => 1,
-    $GLOBALS['XML_RPC_Boolean']  => 1,
-    $GLOBALS['XML_RPC_String']   => 1,
-    $GLOBALS['XML_RPC_Double']   => 1,
-    $GLOBALS['XML_RPC_DateTime'] => 1,
-    $GLOBALS['XML_RPC_Base64']   => 1,
-    $GLOBALS['XML_RPC_Array']    => 2,
-    $GLOBALS['XML_RPC_Struct']   => 3,
-);
-
-
-/**
- * Error message numbers
- * @global array $GLOBALS['XML_RPC_err']
- */
-$GLOBALS['XML_RPC_err'] = array(
-    'unknown_method'      => 1,
-    'invalid_return'      => 2,
-    'incorrect_params'    => 3,
-    'introspect_unknown'  => 4,
-    'http_error'          => 5,
-    'not_response_object' => 6,
-);
-
-/**
- * Error message strings
- * @global array $GLOBALS['XML_RPC_str']
- */
-$GLOBALS['XML_RPC_str'] = array(
-    'unknown_method'      => 'Unknown method',
-    'invalid_return'      => 'Invalid return payload: enable debugging to examine incoming payload',
-    'incorrect_params'    => 'Incorrect parameters passed to method',
-    'introspect_unknown'  => 'Can\'t introspect: method unknown',
-    'http_error'          => 'Didn\'t receive 200 OK from remote server.',
-    'not_response_object' => 'The requested method didn\'t return an XML_RPC_Response object.',
-);
-
-
-/**
- * Default XML encoding (ISO-8859-1, UTF-8 or US-ASCII)
- * @global string $GLOBALS['XML_RPC_defencoding']
- */
-$GLOBALS['XML_RPC_defencoding'] = 'UTF-8';
-
-/**
- * User error codes start at 800
- * @global int $GLOBALS['XML_RPC_erruser']
- */
-$GLOBALS['XML_RPC_erruser'] = 800;
-
-/**
- * XML parse error codes start at 100
- * @global int $GLOBALS['XML_RPC_errxml']
- */
-$GLOBALS['XML_RPC_errxml'] = 100;
-
-
-/**
- * Compose backslashes for escaping regexp
- * @global string $GLOBALS['XML_RPC_backslash']
- */
-$GLOBALS['XML_RPC_backslash'] = chr(92) . chr(92);
-
-
-/**
- * Stores state during parsing
- *
- * quick explanation of components:
- *   + st     = builds up a string for evaluation
- *   + ac     = accumulates values
- *   + qt     = decides if quotes are needed for evaluation
- *   + cm     = denotes struct or array (comma needed)
- *   + isf    = indicates a fault
- *   + lv     = indicates "looking for a value": implements the logic
- *               to allow values with no types to be strings
- *   + params = stores parameters in method calls
- *   + method = stores method name
- *
- * @global array $GLOBALS['XML_RPC_xh']
- */
-$GLOBALS['XML_RPC_xh'] = array();
-
-
-/**
- * Start element handler for the XML parser
- *
- * @return void
- */
-function XML_RPC_se($parser_resource, $name, $attrs)
-{
-    global $XML_RPC_xh, $XML_RPC_DateTime, $XML_RPC_String;
-    $parser = (int) $parser_resource;
-
-    switch ($name) {
-    case 'STRUCT':
-    case 'ARRAY':
-        $XML_RPC_xh[$parser]['st'] .= 'array(';
-        $XML_RPC_xh[$parser]['cm']++;
-        // this last line turns quoting off
-        // this means if we get an empty array we'll
-        // simply get a bit of whitespace in the eval
-        $XML_RPC_xh[$parser]['qt'] = 0;
-        break;
-
-    case 'NAME':
-        $XML_RPC_xh[$parser]['st'] .= '"';
-        $XML_RPC_xh[$parser]['ac'] = '';
-        break;
-
-    case 'FAULT':
-        $XML_RPC_xh[$parser]['isf'] = 1;
-        break;
-
-    case 'PARAM':
-        $XML_RPC_xh[$parser]['st'] = '';
-        break;
-
-    case 'VALUE':
-        $XML_RPC_xh[$parser]['st'] .= 'new XML_RPC_Value(';
-        $XML_RPC_xh[$parser]['lv'] = 1;
-        $XML_RPC_xh[$parser]['vt'] = $XML_RPC_String;
-        $XML_RPC_xh[$parser]['ac'] = '';
-        $XML_RPC_xh[$parser]['qt'] = 0;
-        // look for a value: if this is still 1 by the
-        // time we reach the first data segment then the type is string
-        // by implication and we need to add in a quote
-        break;
-
-    case 'I4':
-    case 'INT':
-    case 'STRING':
-    case 'BOOLEAN':
-    case 'DOUBLE':
-    case 'DATETIME.ISO8601':
-    case 'BASE64':
-        $XML_RPC_xh[$parser]['ac'] = ''; // reset the accumulator
-
-        if ($name == 'DATETIME.ISO8601' || $name == 'STRING') {
-            $XML_RPC_xh[$parser]['qt'] = 1;
-
-            if ($name == 'DATETIME.ISO8601') {
-                $XML_RPC_xh[$parser]['vt'] = $XML_RPC_DateTime;
-            }
-
-        } elseif ($name == 'BASE64') {
-            $XML_RPC_xh[$parser]['qt'] = 2;
-        } else {
-            // No quoting is required here -- but
-            // at the end of the element we must check
-            // for data format errors.
-            $XML_RPC_xh[$parser]['qt'] = 0;
-        }
-        break;
-
-    case 'MEMBER':
-        $XML_RPC_xh[$parser]['ac'] = '';
-    }
-
-    if ($name != 'VALUE') {
-        $XML_RPC_xh[$parser]['lv'] = 0;
-    }
-}
-
-/**
- * End element handler for the XML parser
- *
- * @return void
- */
-function XML_RPC_ee($parser_resource, $name)
-{
-    global $XML_RPC_xh, $XML_RPC_Types, $XML_RPC_String;
-    $parser = (int) $parser_resource;
-
-    switch ($name) {
-    case 'STRUCT':
-    case 'ARRAY':
-        if ($XML_RPC_xh[$parser]['cm']
-            && substr($XML_RPC_xh[$parser]['st'], -1) == ',')
-        {
-            $XML_RPC_xh[$parser]['st'] = substr($XML_RPC_xh[$parser]['st'], 0, -1);
-        }
-
-        $XML_RPC_xh[$parser]['st'] .= ')';
-        $XML_RPC_xh[$parser]['vt'] = strtolower($name);
-        $XML_RPC_xh[$parser]['cm']--;
-        break;
-
-    case 'NAME':
-        $XML_RPC_xh[$parser]['st'] .= $XML_RPC_xh[$parser]['ac'] . '" => ';
-        break;
-
-    case 'BOOLEAN':
-        // special case here: we translate boolean 1 or 0 into PHP
-        // constants true or false
-        if ($XML_RPC_xh[$parser]['ac'] == '1') {
-            $XML_RPC_xh[$parser]['ac'] = 'true';
-        } else {
-            $XML_RPC_xh[$parser]['ac'] = 'false';
-        }
-
-        $XML_RPC_xh[$parser]['vt'] = strtolower($name);
-        // Drop through intentionally.
-
-    case 'I4':
-    case 'INT':
-    case 'STRING':
-    case 'DOUBLE':
-    case 'DATETIME.ISO8601':
-    case 'BASE64':
-        if ($XML_RPC_xh[$parser]['qt'] == 1) {
-            // we use double quotes rather than single so backslashification works OK
-            $XML_RPC_xh[$parser]['st'] .= '"' . $XML_RPC_xh[$parser]['ac'] . '"';
-        } elseif ($XML_RPC_xh[$parser]['qt'] == 2) {
-            $XML_RPC_xh[$parser]['st'] .= 'base64_decode("'
-                                        . $XML_RPC_xh[$parser]['ac'] . '")';
-        } elseif ($name == 'BOOLEAN') {
-            $XML_RPC_xh[$parser]['st'] .= $XML_RPC_xh[$parser]['ac'];
-        } else {
-            // we have an I4, INT or a DOUBLE
-            // we must check that only 0123456789-. are characters here
-            if (!ereg("^[+-]?[0123456789 \t\.]+$", $XML_RPC_xh[$parser]['ac'])) {
-                XML_RPC_Base::raiseError('Non-numeric value received in INT or DOUBLE',
-                                         XML_RPC_ERROR_NON_NUMERIC_FOUND);
-                $XML_RPC_xh[$parser]['st'] .= 'XML_RPC_ERROR_NON_NUMERIC_FOUND';
-            } else {
-                // it's ok, add it on
-                $XML_RPC_xh[$parser]['st'] .= $XML_RPC_xh[$parser]['ac'];
-            }
-        }
-
-        $XML_RPC_xh[$parser]['ac'] = '';
-        $XML_RPC_xh[$parser]['qt'] = 0;
-        $XML_RPC_xh[$parser]['lv'] = 3; // indicate we've found a value
-        break;
-
-    case 'VALUE':
-        // deal with a string value
-        if (strlen($XML_RPC_xh[$parser]['ac']) > 0 &&
-            $XML_RPC_xh[$parser]['vt'] == $XML_RPC_String) {
-
-            $XML_RPC_xh[$parser]['st'] .= '"' . $XML_RPC_xh[$parser]['ac'] . '"';
-        }
-
-        // This if () detects if no scalar was inside 
-        // and pads an empty "".
-        if ($XML_RPC_xh[$parser]['st'][strlen($XML_RPC_xh[$parser]['st'])-1] == '(') {
-            $XML_RPC_xh[$parser]['st'] .= '""';
-        }
-        $XML_RPC_xh[$parser]['st'] .= ", '" . $XML_RPC_xh[$parser]['vt'] . "')";
-        if ($XML_RPC_xh[$parser]['cm']) {
-            $XML_RPC_xh[$parser]['st'] .= ',';
-        }
-        break;
-
-    case 'MEMBER':
-        $XML_RPC_xh[$parser]['ac'] = '';
-        $XML_RPC_xh[$parser]['qt'] = 0;
-        break;
-
-    case 'DATA':
-        $XML_RPC_xh[$parser]['ac'] = '';
-        $XML_RPC_xh[$parser]['qt'] = 0;
-        break;
-
-    case 'PARAM':
-        $XML_RPC_xh[$parser]['params'][] = $XML_RPC_xh[$parser]['st'];
-        break;
-
-    case 'METHODNAME':
-    case 'RPCMETHODNAME':
-        $XML_RPC_xh[$parser]['method'] = ereg_replace("^[\n\r\t ]+", '',
-                                                      $XML_RPC_xh[$parser]['ac']);
-        break;
-    }
-
-    // if it's a valid type name, set the type
-    if (isset($XML_RPC_Types[strtolower($name)])) {
-        $XML_RPC_xh[$parser]['vt'] = strtolower($name);
-    }
-}
-
-/**
- * Character data handler for the XML parser
- *
- * @return void
- */
-function XML_RPC_cd($parser_resource, $data)
-{
-    global $XML_RPC_xh, $XML_RPC_backslash;
-    $parser = (int) $parser_resource;
-
-    if ($XML_RPC_xh[$parser]['lv'] != 3) {
-        // "lookforvalue==3" means that we've found an entire value
-        // and should discard any further character data
-
-        if ($XML_RPC_xh[$parser]['lv'] == 1) {
-            // if we've found text and we're just in a  then
-            // turn quoting on, as this will be a string
-            $XML_RPC_xh[$parser]['qt'] = 1;
-            // and say we've found a value
-            $XML_RPC_xh[$parser]['lv'] = 2;
-        }
-
-        // replace characters that eval would
-        // do special things with
-        if (!isset($XML_RPC_xh[$parser]['ac'])) {
-            $XML_RPC_xh[$parser]['ac'] = '';
-        }
-        $XML_RPC_xh[$parser]['ac'] .= str_replace('$', '\$',
-            str_replace('"', '\"', str_replace(chr(92),
-            $XML_RPC_backslash, $data)));
-    }
-}
-
-/**
- * The common methods and properties for all of the XML_RPC classes
- *
- * @category   Web Services
- * @package    XML_RPC
- * @author     Edd Dumbill 
- * @author     Stig Bakken 
- * @author     Martin Jansen 
- * @author     Daniel Convissor 
- * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
- * @version    Release: 1.3.1
- * @link       http://pear.php.net/package/XML_RPC
- */
-class XML_RPC_Base {
-
-    /**
-     * PEAR Error handling
-     *
-     * @return object  PEAR_Error object
-     */
-    function raiseError($msg, $code)
-    {
-        include_once 'PEAR.php';
-        if (is_object(@$this)) {
-            return PEAR::raiseError(get_class($this) . ': ' . $msg, $code);
-        } else {
-            return PEAR::raiseError('XML_RPC: ' . $msg, $code);
-        }
-    }
-
-    /**
-     * Tell whether something is a PEAR_Error object
-     *
-     * @param mixed $value  the item to check
-     *
-     * @return bool  whether $value is a PEAR_Error object or not
-     *
-     * @access public
-     */
-    function isError($value)
-    {
-        return is_a($value, 'PEAR_Error');
-    }
-}
-
-/**
- * The methods and properties for submitting XML RPC requests
- *
- * @category   Web Services
- * @package    XML_RPC
- * @author     Edd Dumbill 
- * @author     Stig Bakken 
- * @author     Martin Jansen 
- * @author     Daniel Convissor 
- * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
- * @version    Release: 1.3.1
- * @link       http://pear.php.net/package/XML_RPC
- */
-class XML_RPC_Client extends XML_RPC_Base {
-
-    /**
-     * The path and name of the RPC server script you want the request to go to
-     * @var string
-     */
-    var $path = '';
-
-    /**
-     * The name of the remote server to connect to
-     * @var string
-     */
-    var $server = '';
-
-    /**
-     * The protocol to use in contacting the remote server
-     * @var string
-     */
-    var $protocol = 'http://';
-
-    /**
-     * The port for connecting to the remote server
-     *
-     * The default is 80 for http:// connections
-     * and 443 for https:// and ssl:// connections.
-     *
-     * @var integer
-     */
-    var $port = 80;
-
-    /**
-     * A user name for accessing the RPC server
-     * @var string
-     * @see XML_RPC_Client::setCredentials()
-     */
-    var $username = '';
-
-    /**
-     * A password for accessing the RPC server
-     * @var string
-     * @see XML_RPC_Client::setCredentials()
-     */
-    var $password = '';
-
-    /**
-     * The name of the proxy server to use, if any
-     * @var string
-     */
-    var $proxy = '';
-
-    /**
-     * The protocol to use in contacting the proxy server, if any
-     * @var string
-     */
-    var $proxy_protocol = 'http://';
-
-    /**
-     * The port for connecting to the proxy server
-     *
-     * The default is 8080 for http:// connections
-     * and 443 for https:// and ssl:// connections.
-     *
-     * @var integer
-     */
-    var $proxy_port = 8080;
-
-    /**
-     * A user name for accessing the proxy server
-     * @var string
-     */
-    var $proxy_user = '';
-
-    /**
-     * A password for accessing the proxy server
-     * @var string
-     */
-    var $proxy_pass = '';
-
-    /**
-     * The error number, if any
-     * @var integer
-     */
-    var $errno = 0;
-
-    /**
-     * The error message, if any
-     * @var string
-     */
-    var $errstring = '';
-
-    /**
-     * The current debug mode (1 = on, 0 = off)
-     * @var integer
-     */
-    var $debug = 0;
-
-    /**
-     * The HTTP headers for the current request.
-     * @var string
-     */
-    var $headers = '';
-
-
-    /**
-     * Sets the object's properties
-     *
-     * @param string  $path        the path and name of the RPC server script
-     *                              you want the request to go to
-     * @param string  $server      the URL of the remote server to connect to.
-     *                              If this parameter doesn't specify a
-     *                              protocol and $port is 443, ssl:// is
-     *                              assumed.
-     * @param integer $port        a port for connecting to the remote server.
-     *                              Defaults to 80 for http:// connections and
-     *                              443 for https:// and ssl:// connections.
-     * @param string  $proxy       the URL of the proxy server to use, if any.
-     *                              If this parameter doesn't specify a
-     *                              protocol and $port is 443, ssl:// is
-     *                              assumed.
-     * @param integer $proxy_port  a port for connecting to the remote server.
-     *                              Defaults to 8080 for http:// connections and
-     *                              443 for https:// and ssl:// connections.
-     * @param string  $proxy_user  a user name for accessing the proxy server
-     * @param string  $proxy_pass  a password for accessing the proxy server
-     *
-     * @return void
-     */
-    function XML_RPC_Client($path, $server, $port = 0,
-                            $proxy = '', $proxy_port = 0,
-                            $proxy_user = '', $proxy_pass = '')
-    {
-        $this->path       = $path;
-        $this->proxy_user = $proxy_user;
-        $this->proxy_pass = $proxy_pass;
-
-        preg_match('@^(http://|https://|ssl://)?(.*)$@', $server, $match);
-        if ($match[1] == '') {
-            if ($port == 443) {
-                $this->server   = $match[2];
-                $this->protocol = 'ssl://';
-                $this->port     = 443;
-            } else {
-                $this->server = $match[2];
-                if ($port) {
-                    $this->port = $port;
-                }
-            }
-        } elseif ($match[1] == 'http://') {
-            $this->server = $match[2];
-            if ($port) {
-                $this->port = $port;
-            }
-        } else {
-            $this->server   = $match[2];
-            $this->protocol = 'ssl://';
-            if ($port) {
-                $this->port = $port;
-            } else {
-                $this->port = 443;
-            }
-        }
-
-        if ($proxy) {
-            preg_match('@^(http://|https://|ssl://)?(.*)$@', $proxy, $match);
-            if ($match[1] == '') {
-                if ($proxy_port == 443) {
-                    $this->proxy          = $match[2];
-                    $this->proxy_protocol = 'ssl://';
-                    $this->proxy_port     = 443;
-                } else {
-                    $this->proxy = $match[2];
-                    if ($proxy_port) {
-                        $this->proxy_port = $proxy_port;
-                    }
-                }
-            } elseif ($match[1] == 'http://') {
-                $this->proxy = $match[2];
-                if ($proxy_port) {
-                    $this->proxy_port = $proxy_port;
-                }
-            } else {
-                $this->proxy          = $match[2];
-                $this->proxy_protocol = 'ssl://';
-                if ($proxy_port) {
-                    $this->proxy_port = $proxy_port;
-                } else {
-                    $this->proxy_port = 443;
-                }
-            }
-        }
-    }
-
-    /**
-     * Change the current debug mode
-     *
-     * @param int $in  where 1 = on, 0 = off
-     *
-     * @return void
-     */
-    function setDebug($in)
-    {
-        if ($in) {
-            $this->debug = 1;
-        } else {
-            $this->debug = 0;
-        }
-    }
-
-    /**
-     * Set username and password properties for connecting to the RPC server
-     *
-     * @param string $u  the user name
-     * @param string $p  the password
-     *
-     * @return void
-     *
-     * @see XML_RPC_Client::$username, XML_RPC_Client::$password
-     */
-    function setCredentials($u, $p)
-    {
-        $this->username = $u;
-        $this->password = $p;
-    }
-
-    /**
-     * Transmit the RPC request via HTTP 1.0 protocol
-     *
-     * @param object $msg       the XML_RPC_Message object
-     * @param int    $timeout   how many seconds to wait for the request
-     *
-     * @return object  an XML_RPC_Response object.  0 is returned if any
-     *                  problems happen.
-     *
-     * @see XML_RPC_Message, XML_RPC_Client::XML_RPC_Client(),
-     *      XML_RPC_Client::setCredentials()
-     */
-    function send($msg, $timeout = 0)
-    {
-        if (strtolower(get_class($msg)) != 'xml_rpc_message') {
-            $this->errstr = 'send()\'s $msg parameter must be an'
-                          . ' XML_RPC_Message object.';
-            $this->raiseError($this->errstr, XML_RPC_ERROR_PROGRAMMING);
-            return 0;
-        }
-        $msg->debug = $this->debug;
-        return $this->sendPayloadHTTP10($msg, $this->server, $this->port,
-                                        $timeout, $this->username,
-                                        $this->password);
-    }
-
-    /**
-     * Transmit the RPC request via HTTP 1.0 protocol
-     *
-     * Requests should be sent using XML_RPC_Client send() rather than
-     * calling this method directly.
-     *
-     * @param object $msg       the XML_RPC_Message object
-     * @param string $server    the server to send the request to
-     * @param int    $port      the server port send the request to
-     * @param int    $timeout   how many seconds to wait for the request
-     *                           before giving up
-     * @param string $username  a user name for accessing the RPC server
-     * @param string $password  a password for accessing the RPC server
-     *
-     * @return object  an XML_RPC_Response object.  0 is returned if any
-     *                  problems happen.
-     *
-     * @access protected
-     * @see XML_RPC_Client::send()
-     */
-    function sendPayloadHTTP10($msg, $server, $port, $timeout = 0,
-                               $username = '', $password = '')
-    {
-        /*
-         * If we're using a proxy open a socket to the proxy server
-         * instead to the xml-rpc server
-         */
-        if ($this->proxy) {
-            if ($this->proxy_protocol == 'http://') {
-                $protocol = '';
-            } else {
-                $protocol = $this->proxy_protocol;
-            }
-            if ($timeout > 0) {
-                $fp = @fsockopen($protocol . $this->proxy, $this->proxy_port,
-                                 $this->errno, $this->errstr, $timeout);
-            } else {
-                $fp = @fsockopen($protocol . $this->proxy, $this->proxy_port,
-                                 $this->errno, $this->errstr);
-            }
-        } else {
-            if ($this->protocol == 'http://') {
-                $protocol = '';
-            } else {
-                $protocol = $this->protocol;
-            }
-            if ($timeout > 0) {
-                $fp = @fsockopen($protocol . $server, $port,
-                                 $this->errno, $this->errstr, $timeout);
-            } else {
-                $fp = @fsockopen($protocol . $server, $port,
-                                 $this->errno, $this->errstr);
-            }
-        }
-
-        /*
-         * Just raising the error without returning it is strange,
-         * but keep it here for backwards compatibility.
-         */
-        if (!$fp && $this->proxy) {
-            $this->raiseError('Connection to proxy server '
-                              . $this->proxy . ':' . $this->proxy_port
-                              . ' failed. ' . $this->errstr,
-                              XML_RPC_ERROR_CONNECTION_FAILED);
-            return 0;
-        } elseif (!$fp) {
-            $this->raiseError('Connection to RPC server '
-                              . $server . ':' . $port
-                              . ' failed. ' . $this->errstr,
-                              XML_RPC_ERROR_CONNECTION_FAILED);
-            return 0;
-        }
-
-        if ($timeout) {
-            stream_set_timeout($fp, $timeout);
-        }
-
-        // Pre-emptive BC hacks for fools calling sendPayloadHTTP10() directly
-        if ($username != $this->username) {
-            $this->setCredentials($username, $password);
-        }
-
-        // Only create the payload if it was not created previously
-        if (empty($msg->payload)) {
-            $msg->createPayload();
-        }
-        $this->createHeaders($msg);
-
-        $op  = $this->headers . "\r\n\r\n";
-        $op .= $msg->payload;
-
-        if (!fputs($fp, $op, strlen($op))) {
-            $this->errstr = 'Write error';
-            return 0;
-        }
-        $resp = $msg->parseResponseFile($fp);
-
-        $meta = stream_get_meta_data($fp);
-        if ($meta['timed_out']) {
-            fclose($fp);
-            $this->errstr = 'RPC server did not send response before timeout.';
-            $this->raiseError($this->errstr, XML_RPC_ERROR_CONNECTION_FAILED);
-            return 0;
-        }
-
-        fclose($fp);
-        return $resp;
-    }
-
-    /**
-     * Determines the HTTP headers and puts it in the $headers property
-     *
-     * @param object $msg       the XML_RPC_Message object
-     *
-     * @return boolean  TRUE if okay, FALSE if the message payload isn't set.
-     *
-     * @access protected
-     */
-    function createHeaders($msg)
-    {
-        if (empty($msg->payload)) {
-            return false;
-        }
-        if ($this->proxy) {
-            $this->headers = 'POST ' . $this->protocol . $this->server;
-            if ($this->proxy_port) {
-                $this->headers .= ':' . $this->port;
-            }
-        } else {
-           $this->headers = 'POST ';
-        }
-        $this->headers .= $this->path. " HTTP/1.0\r\n";
-        
-        $this->headers .= "User-Agent: PEAR XML_RPC\r\n";
-        $this->headers .= 'Host: ' . $this->server . "\r\n";
-
-        if ($this->proxy && $this->proxy_user) {
-            $this->headers .= 'Proxy-Authorization: Basic '
-                     . base64_encode("$this->proxy_user:$this->proxy_pass")
-                     . "\r\n";
-        }
-
-        // thanks to Grant Rauscher  for this
-        if ($this->username) {
-            $this->headers .= 'Authorization: Basic '
-                     . base64_encode("$this->username:$this->password")
-                     . "\r\n";
-        }
-
-        $this->headers .= "Content-Type: text/xml\r\n";
-        $this->headers .= 'Content-Length: ' . strlen($msg->payload);
-        return true;
-    }
-}
-
-/**
- * The methods and properties for interpreting responses to XML RPC requests
- *
- * @category   Web Services
- * @package    XML_RPC
- * @author     Edd Dumbill 
- * @author     Stig Bakken 
- * @author     Martin Jansen 
- * @author     Daniel Convissor 
- * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
- * @version    Release: 1.3.1
- * @link       http://pear.php.net/package/XML_RPC
- */
-class XML_RPC_Response extends XML_RPC_Base
-{
-    var $xv;
-    var $fn;
-    var $fs;
-    var $hdrs;
-
-    /**
-     * @return void
-     */
-    function XML_RPC_Response($val, $fcode = 0, $fstr = '')
-    {
-        if ($fcode != 0) {
-            $this->fn = $fcode;
-            $this->fs = htmlspecialchars($fstr);
-        } else {
-            $this->xv = $val;
-        }
-    }
-
-    /**
-     * @return int  the error code
-     */
-    function faultCode()
-    {
-        if (isset($this->fn)) {
-            return $this->fn;
-        } else {
-            return 0;
-        }
-    }
-
-    /**
-     * @return string  the error string
-     */
-    function faultString()
-    {
-        return $this->fs;
-    }
-
-    /**
-     * @return mixed  the value
-     */
-    function value()
-    {
-        return $this->xv;
-    }
-
-    /**
-     * @return string  the error message in XML format
-     */
-    function serialize()
-    {
-        $rs = "\n";
-        if ($this->fn) {
-            $rs .= "
-  
-    
-      
-        faultCode
-        " . $this->fn . "
-      
-      
-        faultString
-        " . $this->fs . "
-      
-    
-  
-";
-        } else {
-            $rs .= "\n\n" . $this->xv->serialize() .
-        "\n";
-        }
-        $rs .= "\n";
-        return $rs;
-    }
-}
-
-/**
- * The methods and properties for composing XML RPC messages
- *
- * @category   Web Services
- * @package    XML_RPC
- * @author     Edd Dumbill 
- * @author     Stig Bakken 
- * @author     Martin Jansen 
- * @author     Daniel Convissor 
- * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
- * @version    Release: 1.3.1
- * @link       http://pear.php.net/package/XML_RPC
- */
-class XML_RPC_Message extends XML_RPC_Base
-{
-    /**
-     * The current debug mode (1 = on, 0 = off)
-     * @var integer
-     */
-    var $debug = 0;
-
-    /**
-     * The encoding to be used for outgoing messages
-     *
-     * Defaults to the value of $GLOBALS['XML_RPC_defencoding']
-     *
-     * @var string
-     * @see XML_RPC_Message::setSendEncoding(),
-     *      $GLOBALS['XML_RPC_defencoding'], XML_RPC_Message::xml_header()
-     */
-    var $send_encoding = '';
-
-    /**
-     * The method presently being evaluated
-     * @var string
-     */
-    var $methodname = '';
-
-    /**
-     * @var array
-     */
-    var $params = array();
-
-    /**
-     * The XML message being generated
-     * @var string
-     */
-    var $payload = '';
-
-    /**
-     * @return void
-     */
-    function XML_RPC_Message($meth, $pars = 0)
-    {
-        $this->methodname = $meth;
-        if (is_array($pars) && sizeof($pars) > 0) {
-            for ($i = 0; $i < sizeof($pars); $i++) {
-                $this->addParam($pars[$i]);
-            }
-        }
-    }
-
-    /**
-     * Produces the XML declaration including the encoding attribute
-     *
-     * The encoding is determined by this class' $send_encoding
-     * property.  If the $send_encoding property is not set, use
-     * $GLOBALS['XML_RPC_defencoding'].
-     *
-     * @return string  the XML declaration and  element
-     *
-     * @see XML_RPC_Message::setSendEncoding(),
-     *      XML_RPC_Message::$send_encoding, $GLOBALS['XML_RPC_defencoding']
-     */
-    function xml_header()
-    {
-        global $XML_RPC_defencoding;
-        if (!$this->send_encoding) {
-            $this->send_encoding = $XML_RPC_defencoding;
-        }
-        return 'send_encoding . '"?>'
-               . "\n\n";
-    }
-
-    /**
-     * @return string  the closing  tag
-     */
-    function xml_footer()
-    {
-        return "\n";
-    }
-
-    /**
-     * @return void
-     *
-     * @uses XML_RPC_Message::xml_header(), XML_RPC_Message::xml_footer()
-     */
-    function createPayload()
-    {
-        $this->payload = $this->xml_header();
-        $this->payload .= '' . $this->methodname . "\n";
-        $this->payload .= "\n";
-        for ($i = 0; $i < sizeof($this->params); $i++) {
-            $p = $this->params[$i];
-            $this->payload .= "\n" . $p->serialize() . "\n";
-        }
-        $this->payload .= "\n";
-        $this->payload .= $this->xml_footer();
-        $this->payload = ereg_replace("[\r\n]+", "\r\n", $this->payload);
-    }
-
-    /**
-     * @return string  the name of the method
-     */
-    function method($meth = '')
-    {
-        if ($meth != '') {
-            $this->methodname = $meth;
-        }
-        return $this->methodname;
-    }
-
-    /**
-     * @return string  the payload
-     */
-    function serialize()
-    {
-        $this->createPayload();
-        return $this->payload;
-    }
-
-    /**
-     * @return void
-     */
-    function addParam($par)
-    {
-        $this->params[] = $par;
-    }
-
-    /**
-     * Obtains an XML_RPC_Value object for the given parameter
-     *
-     * @param int $i  the index number of the parameter to obtain
-     *
-     * @return object  the XML_RPC_Value object.
-     *                  If the parameter doesn't exist, an XML_RPC_Response object.
-     *
-     * @since Returns XML_RPC_Response object on error since Release 1.3.0
-     */
-    function getParam($i)
-    {
-        global $XML_RPC_err, $XML_RPC_str;
-
-        if (isset($this->params[$i])) {
-            return $this->params[$i];
-        } else {
-            $this->raiseError('The submitted request did not contain this parameter',
-                              XML_RPC_ERROR_INCORRECT_PARAMS);
-            return new XML_RPC_Response(0, $XML_RPC_err['incorrect_params'],
-                                        $XML_RPC_str['incorrect_params']);
-        }
-    }
-
-    /**
-     * @return int  the number of parameters
-     */
-    function getNumParams()
-    {
-        return sizeof($this->params);
-    }
-
-    /**
-     * Sets the XML declaration's encoding attribute
-     *
-     * @param string $type  the encoding type (ISO-8859-1, UTF-8 or US-ASCII)
-     *
-     * @return void
-     *
-     * @see XML_RPC_Message::$send_encoding, XML_RPC_Message::xml_header()
-     * @since Method available since Release 1.2.0
-     */
-    function setSendEncoding($type)
-    {
-        $this->send_encoding = $type;
-    }
-
-    /**
-     * Determine the XML's encoding via the encoding attribute
-     * in the XML declaration
-     *
-     * If the encoding parameter is not set or is not ISO-8859-1, UTF-8
-     * or US-ASCII, $XML_RPC_defencoding will be returned.
-     *
-     * @param string $data  the XML that will be parsed
-     *
-     * @return string  the encoding to be used
-     *
-     * @link   http://php.net/xml_parser_create
-     * @since  Method available since Release 1.2.0
-     */
-    function getEncoding($data)
-    {
-        global $XML_RPC_defencoding;
-
-        if (preg_match('/<\?xml[^>]*\s*encoding\s*=\s*[\'"]([^"\']*)[\'"]/i',
-                       $data, $match))
-        {
-            $match[1] = trim(strtoupper($match[1]));
-            switch ($match[1]) {
-                case 'ISO-8859-1':
-                case 'UTF-8':
-                case 'US-ASCII':
-                    return $match[1];
-                    break;
-
-                default:
-                    return $XML_RPC_defencoding;
-            }
-        } else {
-            return $XML_RPC_defencoding;
-        }
-    }
-
-    /**
-     * @return object  a new XML_RPC_Response object
-     */
-    function parseResponseFile($fp)
-    {
-        $ipd = '';
-        while ($data = @fread($fp, 8192)) {
-            $ipd .= $data;
-        }
-        return $this->parseResponse($ipd);
-    }
-
-    /**
-     * @return object  a new XML_RPC_Response object
-     */
-    function parseResponse($data = '')
-    {
-        global $XML_RPC_xh, $XML_RPC_err, $XML_RPC_str, $XML_RPC_defencoding;
-
-        $encoding = $this->getEncoding($data);
-        $parser_resource = xml_parser_create($encoding);
-        $parser = (int) $parser_resource;
-
-        $XML_RPC_xh[$parser] = array();
-
-        $XML_RPC_xh[$parser]['st'] = '';
-        $XML_RPC_xh[$parser]['cm'] = 0;
-        $XML_RPC_xh[$parser]['isf'] = 0;
-        $XML_RPC_xh[$parser]['ac'] = '';
-        $XML_RPC_xh[$parser]['qt'] = '';
-
-        xml_parser_set_option($parser_resource, XML_OPTION_CASE_FOLDING, true);
-        xml_set_element_handler($parser_resource, 'XML_RPC_se', 'XML_RPC_ee');
-        xml_set_character_data_handler($parser_resource, 'XML_RPC_cd');
-
-        $hdrfnd = 0;
-        if ($this->debug) {
-            print "
---GOT---\n";
-            print isset($_SERVER['SERVER_PROTOCOL']) ? htmlspecialchars($data) : $data;
-            print "\n---END---\n
";
-        }
-
-        // See if response is a 200 or a 100 then a 200, else raise error.
-        // But only do this if we're using the HTTP protocol.
-        if (ereg('^HTTP', $data) &&
-            !ereg('^HTTP/[0-9\.]+ 200 ', $data) &&
-            !preg_match('@^HTTP/[0-9\.]+ 10[0-9]([A-Za-z ]+)?[\r\n]+HTTP/[0-9\.]+ 200@', $data))
-        {
-                $errstr = substr($data, 0, strpos($data, "\n") - 1);
-                error_log('HTTP error, got response: ' . $errstr);
-                $r = new XML_RPC_Response(0, $XML_RPC_err['http_error'],
-                                          $XML_RPC_str['http_error'] . ' (' .
-                                          $errstr . ')');
-                xml_parser_free($parser_resource);
-                return $r;
-        }
-        // gotta get rid of headers here
-
-
-        if (!$hdrfnd && ($brpos = strpos($data,"\r\n\r\n"))) {
-            $XML_RPC_xh[$parser]['ha'] = substr($data, 0, $brpos);
-            $data = substr($data, $brpos + 4);
-            $hdrfnd = 1;
-        }
-
-        /*
-         * be tolerant of junk after methodResponse
-         * (e.g. javascript automatically inserted by free hosts)
-         * thanks to Luca Mariano 
-         */
-        $data = substr($data, 0, strpos($data, "") + 17);
-
-        if (!xml_parse($parser_resource, $data, sizeof($data))) {
-            // thanks to Peter Kocks 
-            if (xml_get_current_line_number($parser_resource) == 1) {
-                $errstr = 'XML error at line 1, check URL';
-            } else {
-                $errstr = sprintf('XML error: %s at line %d',
-                                  xml_error_string(xml_get_error_code($parser_resource)),
-                                  xml_get_current_line_number($parser_resource));
-            }
-            error_log($errstr);
-            $r = new XML_RPC_Response(0, $XML_RPC_err['invalid_return'],
-                                      $XML_RPC_str['invalid_return']);
-            xml_parser_free($parser_resource);
-            return $r;
-        }
-        xml_parser_free($parser_resource);
-        if ($this->debug) {
-            print '
---EVALING---[' .
-            strlen($XML_RPC_xh[$parser]['st']) . " chars]---\n" .
-            htmlspecialchars($XML_RPC_xh[$parser]['st']) . ";\n---END---
";
-        }
-        if (strlen($XML_RPC_xh[$parser]['st']) == 0) {
-            // then something odd has happened
-            // and it's time to generate a client side error
-            // indicating something odd went on
-            $r = new XML_RPC_Response(0, $XML_RPC_err['invalid_return'],
-                                      $XML_RPC_str['invalid_return']);
-        } else {
-            eval('$v=' . $XML_RPC_xh[$parser]['st'] . '; $allOK=1;');
-            if ($XML_RPC_xh[$parser]['isf']) {
-                $f = $v->structmem('faultCode');
-                $fs = $v->structmem('faultString');
-                $r = new XML_RPC_Response($v, $f->scalarval(),
-                                          $fs->scalarval());
-            } else {
-                $r = new XML_RPC_Response($v);
-            }
-        }
-        $r->hdrs = split("\r?\n", $XML_RPC_xh[$parser]['ha'][1]);
-        return $r;
-    }
-}
-
-/**
- * The methods and properties that represent data in XML RPC format
- *
- * @category   Web Services
- * @package    XML_RPC
- * @author     Edd Dumbill 
- * @author     Stig Bakken 
- * @author     Martin Jansen 
- * @author     Daniel Convissor 
- * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
- * @version    Release: 1.3.1
- * @link       http://pear.php.net/package/XML_RPC
- */
-class XML_RPC_Value extends XML_RPC_Base
-{
-    var $me = array();
-    var $mytype = 0;
-
-    /**
-     * @return void
-     */
-    function XML_RPC_Value($val = -1, $type = '')
-    {
-        global $XML_RPC_Types;
-        $this->me = array();
-        $this->mytype = 0;
-        if ($val != -1 || $type != '') {
-            if ($type == '') {
-                $type = 'string';
-            }
-            if (!array_key_exists($type, $XML_RPC_Types)) {
-                // XXX
-                // need some way to report this error
-            } elseif ($XML_RPC_Types[$type] == 1) {
-                $this->addScalar($val, $type);
-            } elseif ($XML_RPC_Types[$type] == 2) {
-                $this->addArray($val);
-            } elseif ($XML_RPC_Types[$type] == 3) {
-                $this->addStruct($val);
-            }
-        }
-    }
-
-    /**
-     * @return int  returns 1 if successful or 0 if there are problems
-     */
-    function addScalar($val, $type = 'string')
-    {
-        global $XML_RPC_Types, $XML_RPC_Boolean;
-
-        if ($this->mytype == 1) {
-            $this->raiseError('Scalar can have only one value',
-                              XML_RPC_ERROR_INVALID_TYPE);
-            return 0;
-        }
-        $typeof = $XML_RPC_Types[$type];
-        if ($typeof != 1) {
-            $this->raiseError("Not a scalar type (${typeof})",
-                              XML_RPC_ERROR_INVALID_TYPE);
-            return 0;
-        }
-
-        if ($type == $XML_RPC_Boolean) {
-            if (strcasecmp($val, 'true') == 0
-                || $val == 1
-                || ($val == true && strcasecmp($val, 'false')))
-            {
-                $val = 1;
-            } else {
-                $val = 0;
-            }
-        }
-
-        if ($this->mytype == 2) {
-            // we're adding to an array here
-            $ar = $this->me['array'];
-            $ar[] = new XML_RPC_Value($val, $type);
-            $this->me['array'] = $ar;
-        } else {
-            // a scalar, so set the value and remember we're scalar
-            $this->me[$type] = $val;
-            $this->mytype = $typeof;
-        }
-        return 1;
-    }
-
-    /**
-     * @return int  returns 1 if successful or 0 if there are problems
-     */
-    function addArray($vals)
-    {
-        global $XML_RPC_Types;
-        if ($this->mytype != 0) {
-            $this->raiseError(
-                    'Already initialized as a [' . $this->kindOf() . ']',
-                    XML_RPC_ERROR_ALREADY_INITIALIZED);
-            return 0;
-        }
-        $this->mytype = $XML_RPC_Types['array'];
-        $this->me['array'] = $vals;
-        return 1;
-    }
-
-    /**
-     * @return int  returns 1 if successful or 0 if there are problems
-     */
-    function addStruct($vals)
-    {
-        global $XML_RPC_Types;
-        if ($this->mytype != 0) {
-            $this->raiseError(
-                    'Already initialized as a [' . $this->kindOf() . ']',
-                    XML_RPC_ERROR_ALREADY_INITIALIZED);
-            return 0;
-        }
-        $this->mytype = $XML_RPC_Types['struct'];
-        $this->me['struct'] = $vals;
-        return 1;
-    }
-
-    /**
-     * @return void
-     */
-    function dump($ar)
-    {
-        reset($ar);
-        foreach ($ar as $key => $val) {
-            echo "$key => $val
";
-            if ($key == 'array') {
-                foreach ($val as $key2 => $val2) {
-                    echo "-- $key2 => $val2
";
-                }
-            }
-        }
-    }
-
-    /**
-     * @return string  the data type of the current value
-     */
-    function kindOf()
-    {
-        switch ($this->mytype) {
-        case 3:
-            return 'struct';
-
-        case 2:
-            return 'array';
-
-        case 1:
-            return 'scalar';
-
-        default:
-            return 'undef';
-        }
-    }
-
-    /**
-     * @return string  the data in XML format
-     */
-    function serializedata($typ, $val)
-    {
-        $rs = '';
-        global $XML_RPC_Types, $XML_RPC_Base64, $XML_RPC_String, $XML_RPC_Boolean;
-        if (!array_key_exists($typ, $XML_RPC_Types)) {
-            // XXX
-            // need some way to report this error
-            return;
-        }
-        switch ($XML_RPC_Types[$typ]) {
-        case 3:
-            // struct
-            $rs .= "\n";
-            reset($val);
-            foreach ($val as $key2 => $val2) {
-                $rs .= "${key2}\n";
-                $rs .= $this->serializeval($val2);
-                $rs .= "\n";
-            }
-            $rs .= '';
-            break;
-
-        case 2:
-            // array
-            $rs .= "\n\n";
-            for ($i = 0; $i < sizeof($val); $i++) {
-                $rs .= $this->serializeval($val[$i]);
-            }
-            $rs .= "\n";
-            break;
-
-        case 1:
-            switch ($typ) {
-            case $XML_RPC_Base64:
-                $rs .= "<${typ}>" . base64_encode($val) . "";
-                break;
-            case $XML_RPC_Boolean:
-                $rs .= "<${typ}>" . ($val ? '1' : '0') . "";
-                break;
-            case $XML_RPC_String:
-                $rs .= "<${typ}>" . htmlspecialchars($val). "";
-                break;
-            default:
-                $rs .= "<${typ}>${val}";
-            }
-        }
-        return $rs;
-    }
-
-    /**
-     * @return string  the data in XML format
-     */
-    function serialize()
-    {
-        return $this->serializeval($this);
-    }
-
-    /**
-     * @return string  the data in XML format
-     */
-    function serializeval($o)
-    {
-        $rs = '';
-        $ar = $o->me;
-        reset($ar);
-        list($typ, $val) = each($ar);
-        $rs .= '';
-        $rs .= $this->serializedata($typ, $val);
-        $rs .= "\n";
-        return $rs;
-    }
-
-    /**
-     * @return mixed  the contents of the element requested
-     */
-    function structmem($m)
-    {
-        return $this->me['struct'][$m];
-    }
-
-    /**
-     * @return void
-     */
-    function structreset()
-    {
-        reset($this->me['struct']);
-    }
-
-    /**
-     * @return  the key/value pair of the struct's current element
-     */
-    function structeach()
-    {
-        return each($this->me['struct']);
-    }
-
-    /**
-     * @return mixed  the current value
-     */
-    function getval()
-    {
-        // UNSTABLE
-        global $XML_RPC_BOOLEAN, $XML_RPC_Base64;
-
-        reset($this->me);
-        $b = current($this->me);
-
-        // contributed by I Sofer, 2001-03-24
-        // add support for nested arrays to scalarval
-        // i've created a new method here, so as to
-        // preserve back compatibility
-
-        if (is_array($b)) {
-            foreach ($b as $id => $cont) {
-                $b[$id] = $cont->scalarval();
-            }
-        }
-
-        // add support for structures directly encoding php objects
-        if (is_object($b)) {
-            $t = get_object_vars($b);
-            foreach ($t as $id => $cont) {
-                $t[$id] = $cont->scalarval();
-            }
-            foreach ($t as $id => $cont) {
-                eval('$b->'.$id.' = $cont;');
-            }
-        }
-
-        // end contrib
-        return $b;
-    }
-
-    /**
-     * @return mixed
-     */
-    function scalarval()
-    {
-        global $XML_RPC_Boolean, $XML_RPC_Base64;
-        reset($this->me);
-        return current($this->me);
-    }
-
-    /**
-     * @return string
-     */
-    function scalartyp()
-    {
-        global $XML_RPC_I4, $XML_RPC_Int;
-        reset($this->me);
-        $a = key($this->me);
-        if ($a == $XML_RPC_I4) {
-            $a = $XML_RPC_Int;
-        }
-        return $a;
-    }
-
-    /**
-     * @return mixed  the struct's current element
-     */
-    function arraymem($m)
-    {
-        return $this->me['array'][$m];
-    }
-
-    /**
-     * @return int  the number of elements in the array
-     */
-    function arraysize()
-    {
-        reset($this->me);
-        list($a, $b) = each($this->me);
-        return sizeof($b);
-    }
-
-    /**
-     * Determines if the item submitted is an XML_RPC_Value object
-     *
-     * @param mixed $val  the variable to be evaluated
-     *
-     * @return bool  TRUE if the item is an XML_RPC_Value object
-     *
-     * @static
-     * @since Method available since Release 1.3.0
-     */
-    function isValue($val)
-    {
-        return (strtolower(get_class($val)) == 'xml_rpc_value');
-    }
-}
-
-/**
- * Return an ISO8601 encoded string
- *
- * While timezones ought to be supported, the XML-RPC spec says:
- *
- * "Don't assume a timezone. It should be specified by the server in its
- * documentation what assumptions it makes about timezones."
- *
- * This routine always assumes localtime unless $utc is set to 1, in which
- * case UTC is assumed and an adjustment for locale is made when encoding.
- *
- * @return string  the formatted date
- */
-function XML_RPC_iso8601_encode($timet, $utc = 0)
-{
-    if (!$utc) {
-        $t = strftime('%Y%m%dT%H:%M:%S', $timet);
-    } else {
-        if (function_exists('gmstrftime')) {
-            // gmstrftime doesn't exist in some versions
-            // of PHP
-            $t = gmstrftime('%Y%m%dT%H:%M:%S', $timet);
-        } else {
-            $t = strftime('%Y%m%dT%H:%M:%S', $timet - date('Z'));
-        }
-    }
-    return $t;
-}
-
-/**
- * Convert a datetime string into a Unix timestamp
- *
- * While timezones ought to be supported, the XML-RPC spec says:
- *
- * "Don't assume a timezone. It should be specified by the server in its
- * documentation what assumptions it makes about timezones."
- *
- * This routine always assumes localtime unless $utc is set to 1, in which
- * case UTC is assumed and an adjustment for locale is made when encoding.
- *
- * @return int  the unix timestamp of the date submitted
- */
-function XML_RPC_iso8601_decode($idate, $utc = 0)
-{
-    $t = 0;
-    if (ereg('([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})', $idate, $regs)) {
-        if ($utc) {
-            $t = gmmktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]);
-        } else {
-            $t = mktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]);
-        }
-    }
-    return $t;
-}
-
-/**
- * Converts an XML_RPC_Value object into native PHP types
- *
- * @param object $XML_RPC_val  the XML_RPC_Value object to decode
- *
- * @return mixed  the PHP values
- */
-function XML_RPC_decode($XML_RPC_val)
-{
-    $kind = $XML_RPC_val->kindOf();
-
-    if ($kind == 'scalar') {
-        return $XML_RPC_val->scalarval();
-
-    } elseif ($kind == 'array') {
-        $size = $XML_RPC_val->arraysize();
-        $arr = array();
-        for ($i = 0; $i < $size; $i++) {
-            $arr[] = XML_RPC_decode($XML_RPC_val->arraymem($i));
-        }
-        return $arr;
-
-    } elseif ($kind == 'struct') {
-        $XML_RPC_val->structreset();
-        $arr = array();
-        while (list($key, $value) = $XML_RPC_val->structeach()) {
-            $arr[$key] = XML_RPC_decode($value);
-        }
-        return $arr;
-    }
-}
-
-/**
- * Converts native PHP types into an XML_RPC_Value object
- *
- * @param mixed $php_val  the PHP value or variable you want encoded
- *
- * @return object  the XML_RPC_Value object
- */
-function XML_RPC_encode($php_val)
-{
-    global $XML_RPC_Boolean, $XML_RPC_Int, $XML_RPC_Double, $XML_RPC_String,
-           $XML_RPC_Array, $XML_RPC_Struct;
-
-    $type = gettype($php_val);
-    $XML_RPC_val = new XML_RPC_Value;
-
-    switch ($type) {
-    case 'array':
-        if (empty($php_val)) {
-            $XML_RPC_val->addArray($php_val);
-            break;
-        }
-        $tmp = array_diff(array_keys($php_val), range(0, count($php_val)-1));
-        if (empty($tmp)) {
-           $arr = array();
-           foreach ($php_val as $k => $v) {
-               $arr[$k] = XML_RPC_encode($v);
-           }
-           $XML_RPC_val->addArray($arr);
-           break;
-        }
-        // fall though if it's not an enumerated array
-
-    case 'object':
-        $arr = array();
-        foreach ($php_val as $k => $v) {
-            $arr[$k] = XML_RPC_encode($v);
-        }
-        $XML_RPC_val->addStruct($arr);
-        break;
-
-    case 'integer':
-        $XML_RPC_val->addScalar($php_val, $XML_RPC_Int);
-        break;
-
-    case 'double':
-        $XML_RPC_val->addScalar($php_val, $XML_RPC_Double);
-        break;
-
-    case 'string':
-    case 'NULL':
-        $XML_RPC_val->addScalar($php_val, $XML_RPC_String);
-        break;
-
-    case 'boolean':
-        // Add support for encoding/decoding of booleans, since they
-        // are supported in PHP
-        // by 
-        $XML_RPC_val->addScalar($php_val, $XML_RPC_Boolean);
-        break;
-
-    case 'unknown type':
-    default:
-        $XML_RPC_val = false;
-    }
-    return $XML_RPC_val;
-}
-
-/*
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * c-hanging-comment-ender-p: nil
- * End:
- */
-
-?>
-XML_RPC-1.3.1/Server.php100644   1750    144       47770 10260516576  10104 
- * @author     Stig Bakken 
- * @author     Martin Jansen 
- * @author     Daniel Convissor 
- * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
- * @version    CVS: $Id: Server.php,v 1.26 2005/05/09 21:39:47 danielc Exp $
- * @link       http://pear.php.net/package/XML_RPC
- */
-
-
-/**
- * Pull in the XML_RPC class
- */
-require_once 'XML/RPC.php';
-
-
-/**
- * signature for system.listMethods: return = array,
- * parameters = a string or nothing
- * @global array $GLOBALS['XML_RPC_Server_listMethods_sig']
- */
-$GLOBALS['XML_RPC_Server_listMethods_sig'] = array(
-    array($GLOBALS['XML_RPC_Array'],
-          $GLOBALS['XML_RPC_String']
-    ),
-    array($GLOBALS['XML_RPC_Array'])
-);
-
-/**
- * docstring for system.listMethods
- * @global string $GLOBALS['XML_RPC_Server_listMethods_doc']
- */
-$GLOBALS['XML_RPC_Server_listMethods_doc'] = 'This method lists all the'
-        . ' methods that the XML-RPC server knows how to dispatch';
-
-/**
- * signature for system.methodSignature: return = array,
- * parameters = string
- * @global array $GLOBALS['XML_RPC_Server_methodSignature_sig']
- */
-$GLOBALS['XML_RPC_Server_methodSignature_sig'] = array(
-    array($GLOBALS['XML_RPC_Array'],
-          $GLOBALS['XML_RPC_String']
-    )
-);
-
-/**
- * docstring for system.methodSignature
- * @global string $GLOBALS['XML_RPC_Server_methodSignature_doc']
- */
-$GLOBALS['XML_RPC_Server_methodSignature_doc'] = 'Returns an array of known'
-        . ' signatures (an array of arrays) for the method name passed. If'
-        . ' no signatures are known, returns a none-array (test for type !='
-        . ' array to detect missing signature)';
-
-/**
- * signature for system.methodHelp: return = string,
- * parameters = string
- * @global array $GLOBALS['XML_RPC_Server_methodHelp_sig']
- */
-$GLOBALS['XML_RPC_Server_methodHelp_sig'] = array(
-    array($GLOBALS['XML_RPC_String'],
-          $GLOBALS['XML_RPC_String']
-    )
-);
-
-/**
- * docstring for methodHelp
- * @global string $GLOBALS['XML_RPC_Server_methodHelp_doc']
- */
-$GLOBALS['XML_RPC_Server_methodHelp_doc'] = 'Returns help text if defined'
-        . ' for the method passed, otherwise returns an empty string';
-
-/**
- * dispatch map for the automatically declared XML-RPC methods.
- * @global array $GLOBALS['XML_RPC_Server_dmap']
- */
-$GLOBALS['XML_RPC_Server_dmap'] = array(
-    'system.listMethods' => array(
-        'function'  => 'XML_RPC_Server_listMethods',
-        'signature' => $GLOBALS['XML_RPC_Server_listMethods_sig'],
-        'docstring' => $GLOBALS['XML_RPC_Server_listMethods_doc']
-    ),
-    'system.methodHelp' => array(
-        'function'  => 'XML_RPC_Server_methodHelp',
-        'signature' => $GLOBALS['XML_RPC_Server_methodHelp_sig'],
-        'docstring' => $GLOBALS['XML_RPC_Server_methodHelp_doc']
-    ),
-    'system.methodSignature' => array(
-        'function'  => 'XML_RPC_Server_methodSignature',
-        'signature' => $GLOBALS['XML_RPC_Server_methodSignature_sig'],
-        'docstring' => $GLOBALS['XML_RPC_Server_methodSignature_doc']
-    )
-);
-
-/**
- * @global string $GLOBALS['XML_RPC_Server_debuginfo']
- */
-$GLOBALS['XML_RPC_Server_debuginfo'] = '';
-
-
-/**
- * Lists all the methods that the XML-RPC server knows how to dispatch
- *
- * @return object  a new XML_RPC_Response object
- */
-function XML_RPC_Server_listMethods($server, $m)
-{
-    global $XML_RPC_err, $XML_RPC_str, $XML_RPC_Server_dmap;
-
-    $v = new XML_RPC_Value();
-    $outAr = array();
-    foreach ($server->dmap as $key => $val) {
-        $outAr[] = new XML_RPC_Value($key, 'string');
-    }
-    foreach ($XML_RPC_Server_dmap as $key => $val) {
-        $outAr[] = new XML_RPC_Value($key, 'string');
-    }
-    $v->addArray($outAr);
-    return new XML_RPC_Response($v);
-}
-
-/**
- * Returns an array of known signatures (an array of arrays)
- * for the given method
- *
- * If no signatures are known, returns a none-array
- * (test for type != array to detect missing signature)
- *
- * @return object  a new XML_RPC_Response object
- */
-function XML_RPC_Server_methodSignature($server, $m)
-{
-    global $XML_RPC_err, $XML_RPC_str, $XML_RPC_Server_dmap;
-
-    $methName = $m->getParam(0);
-    $methName = $methName->scalarval();
-    if (strpos($methName, 'system.') === 0) {
-        $dmap = $XML_RPC_Server_dmap;
-        $sysCall = 1;
-    } else {
-        $dmap = $server->dmap;
-        $sysCall = 0;
-    }
-    //  print "\n";
-    if (isset($dmap[$methName])) {
-        if ($dmap[$methName]['signature']) {
-            $sigs = array();
-            $thesigs = $dmap[$methName]['signature'];
-            for ($i = 0; $i < sizeof($thesigs); $i++) {
-                $cursig = array();
-                $inSig = $thesigs[$i];
-                for ($j = 0; $j < sizeof($inSig); $j++) {
-                    $cursig[] = new XML_RPC_Value($inSig[$j], 'string');
-                }
-                $sigs[] = new XML_RPC_Value($cursig, 'array');
-            }
-            $r = new XML_RPC_Response(new XML_RPC_Value($sigs, 'array'));
-        } else {
-            $r = new XML_RPC_Response(new XML_RPC_Value('undef', 'string'));
-        }
-    } else {
-        $r = new XML_RPC_Response(0, $XML_RPC_err['introspect_unknown'],
-                                  $XML_RPC_str['introspect_unknown']);
-    }
-    return $r;
-}
-
-/**
- * Returns help text if defined for the method passed, otherwise returns
- * an empty string
- *
- * @return object  a new XML_RPC_Response object
- */
-function XML_RPC_Server_methodHelp($server, $m)
-{
-    global $XML_RPC_err, $XML_RPC_str, $XML_RPC_Server_dmap;
-
-    $methName = $m->getParam(0);
-    $methName = $methName->scalarval();
-    if (strpos($methName, 'system.') === 0) {
-        $dmap = $XML_RPC_Server_dmap;
-        $sysCall = 1;
-    } else {
-        $dmap = $server->dmap;
-        $sysCall = 0;
-    }
-    //  print "\n";
-    if (isset($dmap[$methName])) {
-        if ($dmap[$methName]['docstring']) {
-            $r = new XML_RPC_Response(new XML_RPC_Value($dmap[$methName]['docstring']),
-                                                        'string');
-        } else {
-            $r = new XML_RPC_Response(new XML_RPC_Value('', 'string'));
-        }
-    } else {
-        $r = new XML_RPC_Response(0, $XML_RPC_err['introspect_unknown'],
-                                     $XML_RPC_str['introspect_unknown']);
-    }
-    return $r;
-}
-
-/**
- * @return void
- */
-function XML_RPC_Server_debugmsg($m)
-{
-    global $XML_RPC_Server_debuginfo;
-    $XML_RPC_Server_debuginfo = $XML_RPC_Server_debuginfo . $m . "\n";
-}
-
-
-/**
- * A server for receiving and replying to XML RPC requests
- *
- * 
- * $server = new XML_RPC_Server(
- *     array(
- *         'isan8' =>
- *             array(
- *                 'function' => 'is_8',
- *                 'signature' =>
- *                      array(
- *                          array('boolean', 'int'),
- *                          array('boolean', 'int', 'boolean'),
- *                          array('boolean', 'string'),
- *                          array('boolean', 'string', 'boolean'),
- *                      ),
- *                 'docstring' => 'Is the value an 8?'
- *             ),
- *     ),
- *     1,
- *     0
- * ); 
- * 
- *
- * @category   Web Services
- * @package    XML_RPC
- * @author     Edd Dumbill 
- * @author     Stig Bakken 
- * @author     Martin Jansen 
- * @author     Daniel Convissor 
- * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
- * @version    Release: 1.3.1
- * @link       http://pear.php.net/package/XML_RPC
- */
-class XML_RPC_Server
-{
-    /**
-     * The dispatch map, listing the methods this server provides.
-     * @var array
-     */
-    var $dmap = array();
-
-    /**
-     * The present response's encoding
-     * @var string
-     * @see XML_RPC_Message::getEncoding()
-     */
-    var $encoding = '';
-
-    /**
-     * Debug mode (0 = off, 1 = on)
-     * @var integer
-     */
-    var $debug = 0;
-
-    /**
-     * The response's HTTP headers
-     * @var string
-     */
-    var $server_headers = '';
-
-    /**
-     * The response's XML payload
-     * @var string
-     */
-    var $server_payload = '';
-
-
-    /**
-     * Constructor for the XML_RPC_Server class
-     *
-     * @param array $dispMap   the dispatch map. An associative array
-     *                          explaining each function. The keys of the main
-     *                          array are the procedure names used by the
-     *                          clients. The value is another associative array
-     *                          that contains up to three elements:
-     *                            + The 'function' element's value is the name
-     *                              of the function or method that gets called.
-     *                              To define a class' method: 'class::method'.
-     *                            + The 'signature' element (optional) is an
-     *                              array describing the return values and
-     *                              parameters
-     *                            + The 'docstring' element (optional) is a
-     *                              string describing what the method does
-     * @param int $serviceNow  should the HTTP response be sent now?
-     *                          (1 = yes, 0 = no)
-     * @param int $debug       should debug output be displayed?
-     *                          (1 = yes, 0 = no)
-     *
-     * @return void
-     */
-    function XML_RPC_Server($dispMap, $serviceNow = 1, $debug = 0)
-    {
-        global $HTTP_RAW_POST_DATA;
-
-        if ($debug) {
-            $this->debug = 1;
-        } else {
-            $this->debug = 0;
-        }
-
-        $this->dmap = $dispMap;
-
-        if ($serviceNow) {
-            $this->service();
-        } else {
-            $this->createServerPayload();
-            $this->createServerHeaders();
-        }
-    }
-
-    /**
-     * @return string  the debug information if debug debug mode is on
-     */
-    function serializeDebug()
-    {
-        global $XML_RPC_Server_debuginfo, $HTTP_RAW_POST_DATA;
-
-        if ($this->debug) {
-            XML_RPC_Server_debugmsg('vvv POST DATA RECEIVED BY SERVER vvv' . "\n"
-                                    . $HTTP_RAW_POST_DATA
-                                    . "\n" . '^^^ END POST DATA ^^^');
-        }
-
-        if ($XML_RPC_Server_debuginfo != '') {
-            return "\n";
-        } else {
-            return '';
-        }
-    }
-
-    /**
-     * Sends the response
-     *
-     * The encoding and content-type are determined by
-     * XML_RPC_Message::getEncoding()
-     *
-     * @return void
-     *
-     * @uses XML_RPC_Server::createServerPayload(),
-     *       XML_RPC_Server::createServerHeaders()
-     */
-    function service()
-    {
-        $this->createServerPayload();
-        $this->createServerHeaders();
-        header($this->server_headers);
-        print $this->server_payload;
-    }
-
-    /**
-     * Generates the payload and puts it in the $server_payload property
-     *
-     * @return void
-     *
-     * @uses XML_RPC_Server::parseRequest(), XML_RPC_Server::$encoding,
-     *       XML_RPC_Response::serialize(), XML_RPC_Server::serializeDebug()
-     */
-    function createServerPayload()
-    {
-        $r = $this->parseRequest();
-        $this->server_payload = 'encoding . '"?>' . "\n"
-                              . $this->serializeDebug()
-                              . $r->serialize();
-    }
-
-    /**
-     * Determines the HTTP headers and puts them in the $server_headers
-     * property
-     *
-     * @return boolean  TRUE if okay, FALSE if $server_payload isn't set.
-     *
-     * @uses XML_RPC_Server::createServerPayload(),
-     *       XML_RPC_Server::$server_headers
-     */
-    function createServerHeaders()
-    {
-        if (!$this->server_payload) {
-            return false;
-        }
-        $this->server_headers = 'Content-Length: '
-                              . strlen($this->server_payload) . "\r\n"
-                              . 'Content-Type: text/xml;'
-                              . ' charset=' . $this->encoding;
-        return true;
-    }
-
-    /**
-     * @return array
-     */
-    function verifySignature($in, $sig)
-    {
-        for ($i = 0; $i < sizeof($sig); $i++) {
-            // check each possible signature in turn
-            $cursig = $sig[$i];
-            if (sizeof($cursig) == $in->getNumParams() + 1) {
-                $itsOK = 1;
-                for ($n = 0; $n < $in->getNumParams(); $n++) {
-                    $p = $in->getParam($n);
-                    // print "\n";
-                    if ($p->kindOf() == 'scalar') {
-                        $pt = $p->scalartyp();
-                    } else {
-                        $pt = $p->kindOf();
-                    }
-                    // $n+1 as first type of sig is return type
-                    if ($pt != $cursig[$n+1]) {
-                        $itsOK = 0;
-                        $pno = $n+1;
-                        $wanted = $cursig[$n+1];
-                        $got = $pt;
-                        break;
-                    }
-                }
-                if ($itsOK) {
-                    return array(1);
-                }
-            }
-        }
-        if (isset($wanted)) {
-            return array(0, "Wanted ${wanted}, got ${got} at param ${pno}");
-        } else {
-            $allowed = array();
-            foreach ($sig as $val) {
-                end($val);
-                $allowed[] = key($val);
-            }
-            $allowed = array_unique($allowed);
-            $last = count($allowed) - 1;
-            if ($last > 0) {
-                $allowed[$last] = 'or ' . $allowed[$last];
-            }
-            return array(0,
-                         'Signature permits ' . implode(', ', $allowed)
-                                . ' parameters but the request had '
-                                . $in->getNumParams());
-        }
-    }
-
-    /**
-     * @return object  a new XML_RPC_Response object
-     *
-     * @uses XML_RPC_Message::getEncoding(), XML_RPC_Server::$encoding
-     */
-    function parseRequest($data = '')
-    {
-        global $XML_RPC_xh, $HTTP_RAW_POST_DATA,
-                $XML_RPC_err, $XML_RPC_str, $XML_RPC_errxml,
-                $XML_RPC_defencoding, $XML_RPC_Server_dmap;
-
-        if ($data == '') {
-            $data = $HTTP_RAW_POST_DATA;
-        }
-
-        $this->encoding = XML_RPC_Message::getEncoding($data);
-        $parser_resource = xml_parser_create($this->encoding);
-        $parser = (int) $parser_resource;
-
-        $XML_RPC_xh[$parser] = array();
-        $XML_RPC_xh[$parser]['st']     = '';
-        $XML_RPC_xh[$parser]['cm']     = 0;
-        $XML_RPC_xh[$parser]['isf']    = 0;
-        $XML_RPC_xh[$parser]['params'] = array();
-        $XML_RPC_xh[$parser]['method'] = '';
-
-        $plist = '';
-
-        // decompose incoming XML into request structure
-
-        xml_parser_set_option($parser_resource, XML_OPTION_CASE_FOLDING, true);
-        xml_set_element_handler($parser_resource, 'XML_RPC_se', 'XML_RPC_ee');
-        xml_set_character_data_handler($parser_resource, 'XML_RPC_cd');
-        if (!xml_parse($parser_resource, $data, 1)) {
-            // return XML error as a faultCode
-            $r = new XML_RPC_Response(0,
-                                      $XML_RPC_errxml+xml_get_error_code($parser_resource),
-                                      sprintf('XML error: %s at line %d',
-                                              xml_error_string(xml_get_error_code($parser_resource)),
-                                              xml_get_current_line_number($parser_resource)));
-            xml_parser_free($parser_resource);
-        } else {
-            xml_parser_free($parser_resource);
-            $m = new XML_RPC_Message($XML_RPC_xh[$parser]['method']);
-            // now add parameters in
-            for ($i = 0; $i < sizeof($XML_RPC_xh[$parser]['params']); $i++) {
-                // print '\n";
-                $plist .= "$i - " . $XML_RPC_xh[$parser]['params'][$i] . " \n";
-                eval('$m->addParam(' . $XML_RPC_xh[$parser]['params'][$i] . ');');
-            }
-            XML_RPC_Server_debugmsg($plist);
-
-            // now to deal with the method
-            $methName = $XML_RPC_xh[$parser]['method'];
-            if (strpos($methName, 'system.') === 0) {
-                $dmap = $XML_RPC_Server_dmap;
-                $sysCall = 1;
-            } else {
-                $dmap = $this->dmap;
-                $sysCall = 0;
-            }
-
-            if (isset($dmap[$methName]['function'])
-                && is_string($dmap[$methName]['function'])
-                && strpos($dmap[$methName]['function'], '::') !== false)
-            {
-                $dmap[$methName]['function'] =
-                        explode('::', $dmap[$methName]['function']);
-            }
-
-            if (isset($dmap[$methName]['function'])
-                && is_callable($dmap[$methName]['function']))
-            {
-                // dispatch if exists
-                if (isset($dmap[$methName]['signature'])) {
-                    $sr = $this->verifySignature($m,
-                                                 $dmap[$methName]['signature'] );
-                }
-                if (!isset($dmap[$methName]['signature']) || $sr[0]) {
-                    // if no signature or correct signature
-                    if ($sysCall) {
-                        $r = call_user_func($dmap[$methName]['function'], $this, $m);
-                    } else {
-                        $r = call_user_func($dmap[$methName]['function'], $m);
-                    }
-                    if (!is_a($r, 'XML_RPC_Response')) {
-                        $r = new XML_RPC_Response(0, $XML_RPC_err['not_response_object'],
-                                                  $XML_RPC_str['not_response_object']);
-                    }
-                } else {
-                    $r = new XML_RPC_Response(0, $XML_RPC_err['incorrect_params'],
-                                              $XML_RPC_str['incorrect_params']
-                                              . ': ' . $sr[1]);
-                }
-            } else {
-                // else prepare error response
-                $r = new XML_RPC_Response(0, $XML_RPC_err['unknown_method'],
-                                          $XML_RPC_str['unknown_method']);
-            }
-        }
-        return $r;
-    }
-
-    /**
-     * Echos back the input packet as a string value
-     *
-     * @return void
-     *
-     * Useful for debugging.
-     */
-    function echoInput()
-    {
-        global $HTTP_RAW_POST_DATA;
-
-        $r = new XML_RPC_Response(0);
-        $r->xv = new XML_RPC_Value("'Aha said I: '" . $HTTP_RAW_POST_DATA, 'string');
-        print $r->serialize();
-    }
-}
-
-/*
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * c-hanging-comment-ender-p: nil
- * End:
- */
-
-?>
-package.xml100644   1750    144       22507 10260516576   6427 
-
-
- XML_RPC
- PHP implementation of the XML-RPC protocol
- A PEAR-ified version of Useful Inc's XML-RPC for PHP.
-
-It has support for HTTP/HTTPS transport, proxies and authentication.
- 
- 
-  
-   ssb
-   Stig Bakken
-   stig@php.net
-   lead
-  
-  
-   danielc
-   Daniel Convissor
-   danielc@php.net
-   lead
-  
-  
- 
-  1.3.1
-  2005-06-29
-  PHP License
-  stable
-  * Security fix. Update highly recommended!
-  
-  
-   
-    
-   
-   
-    
-   
-   
-    
-   
-   
-    
-   
-   
-    
-   
-  
- 
- 
-   
-    1.3.0RC3
-    2005-05-10
-    beta
-    * When verifying requests against function signatures, if the number of parameters don't match, provide an appropriate message.  NOTE: this resolves a path disclosure vulnerability.  (Refines the changes made in the last commit.)  Bug 4231.
-* XML_RPC_Message::getParam() now returns an XML_RPC_Response object upon error.  Changed from Release 1.3.0RC2.
-* Add the XML_RPC_Value::isValue() method. For testing if an item is an XML_RPC_Value object.
-* If XML_RPC_Client::send() is given an incorrect $msg parameter, raise an error with the new XML_RPC_ERROR_PROGRAMMING code and return 0.
-* Improve cross-platform operation by using PEAR::loadExtension() instead of dl().
-* Use <br /> instead of <br> in XML_RPC_Value::dump().
-    
-   
-   
-    1.3.0RC2
-    2005-05-05
-    beta
-    * If XML_RPC_Message::getParam() is given an incorrect parameter, raise an error with the new XML_RPC_ERROR_INCORRECT_PARAMS code and return FALSE.
-* Handle improper requests to XML_RPC_Server::verifySignature().  Bug 4231.
-* Try to allow HTTP 100 responses if followed by a 200 response.  Bug 4116.
-* Help Delphi users by making RPCMETHODNAME an alias for METHODNAME.  Request 4205.
-    
-   
-   
-    1.3.0RC1
-    2005-04-07
-    beta
-    * Improve timeout handling for situations where connection to server is made but no response is not received in time. Accomplished via stream_set_timeout().  Request 3963.
-* Add Fault Code 6: "The requested method didn't return an XML_RPC_Response object."  Request 4032.
-* Add the createServerPayload() and createServerHeaders() methods and the $server_payload and $server_headers properties.  Request 3121.
-* As in earlier versions, if the $serviceNow parameter to XML_RPC_Server() is 0, no data will be returned, but now the new $server_payload and $server_headers properties will be set.
-* Convert the parser handle to an integer before using it as an index for $XML_RPC_xh[$parser].  Reduces E_STRICT notices.  Bug 3782.
-* Add createHeaders() method and $headers property to XML_RPC_Client to make testing easier.
-    
-   
-   
-    1.2.2
-    2005-03-07
-    stable
-    * When using a proxy, add the protocol to the Request-URI, making it an "absoluteURI" as per the HTTP 1.0 spec.  Bug 3679.
-    
-   
-   
-    1.2.1
-    2005-03-01
-    stable
-    * Add isset() check before examining the dispatch map.  Bug 3658.
-    
-   
-   
-    1.2.0
-    2005-02-27
-    stable
-    * Provide the "stable" release.
-* Add package2.xml for compatibility with PEAR 1.4.0.
-* For changes since 1.1.0, see the changelogs for the various RC releases.
-    
-   
-   
-    1.2.0RC7
-    2005-02-22
-    beta
-    * Add the setSendEncoding() method and $send_encoding
-  property to XML_RPC_Message.  Request 3537.
-* Allow class methods to be mapped using either syntax:
-     'function' => 'hello::sayHello',
-     or
-     'function' => array('hello', 'sayhello'),
-  Bug 3363.
-* Use 8192 instead of 32768 for bytes in fread()
-  in parseResponseFile().  Bug 3340.
-    
-   
-   
-    1.2.0RC6
-    2005-01-25
-    beta
-    * Don't put the protocol in the Host field of the POST data.  (danielc)
-    
-   
-   
-    1.2.0RC5
-    2005-01-24
-    beta
-    * If $port is 443 but a protocol isn't specified in $server, assume ssl:// is the protocol.
-    
-   
-   
-    1.2.0RC4
-    2005-01-24
-    beta
-    * When a connection attempt fails, have the method return 0.  (danielc)
-* Move the protocol/port checking/switching and the property settings from sendPayloadHTTP10() to the XML_RPC_Client constructor.  (danielc)
-* Add tests for setting the client properties.  (danielc)
-* Remove $GLOBALS['XML_RPC_twoslash'] since it's not used.  (danielc)
-* Bundle the tests with the package.  (danielc)
-    
-   
-   
-    1.2.0RC3
-    2005-01-19
-    beta
-    * ssl uses port 443, not 445.
-    
-   
-   
-    1.2.0RC2
-    2005-01-11
-    beta
-    * Handle ssl:// in the $server string.  (danielc)
-* Also default to port 445 for ssl:// requests as well.  (danielc)
-* Enhance debugging in the server.  (danielc)
-    
-   
-   
-    1.2.0RC1
-    2004-12-30
-    beta
-    * Make things work with SSL.  Bug 2489.  (nkukard lbsd net)
-* Allow array function callbacks (Matt Kane)
-* Some minor speed-ups (Matt Kane)
-* Add Dump.php to the package (Christian Weiske)
-* Replace all line endings with \r\n.  Had only done replacements on \n.  Bug 2521.  (danielc)
-* Silence fsockopen() errors.  Bug 1714.  (danielc)
-* Encode empty arrays as an array. Bug 1493.  (danielc)
-* Eliminate undefined index notice when submitting empty arrays to XML_RPC_Encode().  Bug 1819.  (danielc)
-* Speed up check for enumerated arrays in XML_RPC_Encode().  (danielc)
-* Prepend "XML_RPC_" to ERROR_NON_NUMERIC_FOUND, eliminating problem when eval()'ing error messages.  (danielc)
-* Use XML_RPC_Base::raiseError() instead of PEAR::raiseError() in XML_RPC_ee() because PEAR.php is lazy loaded.  (danielc)
-* Allow raiseError() to be called statically.  (danielc)
-* Stop double escaping of character entities.  Bug 987.  (danielc)
-  NOTICE: the following have been removed:
-    * XML_RPC_dh()
-    * $GLOBALS['XML_RPC_entities']
-    * XML_RPC_entity_decode()
-    * XML_RPC_lookup_entity()
-* Determine the XML's encoding via the encoding attribute in the XML declaration.  Bug 52.  (danielc)
-    
-   
-   
-    1.1.0
-    2004-03-15
-    stable
-    * Added support for sequential arrays to XML_RPC_encode() (mroch)
-* Cleaned up new XML_RPC_encode() changes a bit (mroch, pierre)
-* Remove "require_once 'PEAR.php'", include only when needed to raise an error
-* Replace echo and error_log() with raiseError() (mroch)
-* Make all classes extend XML_RPC_Base, which will handle common functions  (mroch)
-* be tolerant of junk after methodResponse (Luca Mariano, mroch)
-* Silent notice even in the error log (pierre)
-* fix include of shared xml extension on win32 (pierre)
-    
-   
-   
-    1.0.4
-    2002-10-02
-    stable
-    * added HTTP proxy authorization support (thanks to Arnaud Limbourg)
-    
-   
-   
-    1.0.3
-    2002-05-19
-    stable
-    * fix bug when parsing responses with boolean types
-    
-   
-   
-    1.0.2
-    2002-04-16
-    stable
-    * E_ALL fixes
-* fix HTTP response header parsing
-    
-   
-   
-    1.0.1
-    2001-09-25
-    stable
-    This is a PEAR-ified version of Useful Inc's 1.0.1 release.
-Includes an urgent security fix identified by Dan Libby <dan@libby.com>.
-    
-   
- 
-
-
\ Kein Zeilenumbruch am Dateiende.
diff -Nura php-4.4.0/pear/packages/XML_RPC-1.4.0.tar hardening-patch-4.4.0-0.4.2/pear/packages/XML_RPC-1.4.0.tar
--- php-4.4.0/pear/packages/XML_RPC-1.4.0.tar	1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/pear/packages/XML_RPC-1.4.0.tar	2005-08-22 23:59:57.000000000 +0200
@@ -0,0 +1,3933 @@
+package2.xml100666      0      0       37144 10277724746   6362 
+
+ XML_RPC
+ pear.php.net
+ PHP implementation of the XML-RPC protocol
+ A PEAR-ified version of Useful Inc's XML-RPC for PHP.
+
+It has support for HTTP/HTTPS transport, proxies and authentication.
+ 
+  Stig Bakken
+  ssb
+  stig@php.net
+  no
+ 
+ 
+  Daniel Convissor
+  danielc
+  danielc@php.net
+  yes
+ 
+ 2005-08-14
+ 
+ 
+  1.4.0
+  1.4.0
+ 
+ 
+  stable
+  stable
+ 
+ PHP License
+ * MAJOR SECURITY FIX: eliminate use of eval().
+* Using socket_get_status() because stream_get_meta_data() was introduced in 4.3.0, but we need to support 4.2.0.  Bug 4805.
+ 
+  
+   
+    
+   
+   
+    
+   
+   
+    
+   
+   
+    
+   
+   
+    
+   
+  
+ 
+ 
+  PEAR
+  pear.php.net
+  1.4.0a1
+  1.4.0a12
+ 
+ 
+  
+   
+    4.2.0
+    6.0.0
+   
+   
+    1.4.0a1
+   
+  
+ 
+ 
+ 
+  
+   
+    1.3.3
+    1.3.0
+   
+   
+    stable
+    stable
+   
+   2005-07-15
+   PHP License
+   * Eliminate memory leak by resetting $XML_RPC_xh each time parseResponse() is called.  Bug 4780.
+* Using socket_set_timeout() because stream_set_timeout() was introduced in 4.3.0, but we need to support 4.2.0.  Bug 4805.
+  
+  
+   
+    1.3.2
+    1.3.0
+   
+   
+    stable
+    stable
+   
+   2005-07-07
+   PHP License
+   * Eliminate path disclosure vulnerabilities by suppressing error messages when eval()'ing.
+* Eliminate path disclosure vulnerability by catching bogus parameters submitted to XML_RPC_Value::serializeval().
+* In XML_RPC_Server::service(), only call createServerPayload() and createServerHeaders() if necessary.  Fixes compatibility issue introduced in Release 1.3.0RC1 for users who set the $serviceNow parameter of XML_RPC_Server() to 0.  Bug 4757.
+* Change "var $errstring" to "var $errstr".  Bug 4582.  Was put into CVS version 1.75 of RPC.php but didn't make it into RELEASE_1_3_1.
+  
+  
+   
+    1.3.1
+    1.3.0
+   
+   
+    stable
+    stable
+   
+   2005-06-29
+   PHP License
+   * Security fix. Update highly recommended!
+  
+  
+   
+    1.3.0
+    1.3.0
+   
+   
+    stable
+    stable
+   
+   2005-06-13
+   PHP License
+   * Stable release.  See earlier releases for changes since 1.2.2.
+  
+  
+   
+    1.3.0RC3
+    1.3.0
+   
+   
+    beta
+    stable
+   
+   2005-05-10
+   PHP License
+   * When verifying requests against function signatures, if the number of parameters don't match, provide an appropriate message.  NOTE: this resolves a path disclosure vulnerability.  (Refines the changes made in the last commit.)  Bug 4231.
+* XML_RPC_Message::getParam() now returns an XML_RPC_Response object upon error.  Changed from Release 1.3.0RC2.
+* Add the XML_RPC_Value::isValue() method. For testing if an item is an XML_RPC_Value object.
+* If XML_RPC_Client::send() is given an incorrect $msg parameter, raise an error with the new XML_RPC_ERROR_PROGRAMMING code and return 0.
+* Improve cross-platform operation by using PEAR::loadExtension() instead of dl().
+* Use <br /> instead of <br> in XML_RPC_Value::dump().
+  
+  
+   
+    1.3.0RC2
+    1.3.0
+   
+   
+    beta
+    beta
+   
+   2005-05-05
+   PHP License
+   * If XML_RPC_Message::getParam() is given an incorrect parameter, raise an error with the new XML_RPC_ERROR_INCORRECT_PARAMS code and return FALSE.
+* Handle improper requests to XML_RPC_Server::verifySignature().  Bug 4231.
+* Try to allow HTTP 100 responses if followed by a 200 response.  Bug 4116.
+* Help Delphi users by making RPCMETHODNAME an alias for METHODNAME.  Request 4205.
+  
+  
+   
+    1.3.0RC1
+    1.3.0
+   
+   
+    beta
+    beta
+   
+   2005-04-07
+   PHP License
+   * Improve timeout handling for situations where connection to server is made but no response is not received in time. Accomplished via stream_set_timeout().  Request 3963.
+* Add Fault Code 6: "The requested method didn't return an XML_RPC_Response object."  Request 4032.
+* Add the createServerPayload() and createServerHeaders() methods and the $server_payload and $server_headers properties.  Request 3121.
+* As in earlier versions, if the $serviceNow parameter to XML_RPC_Server() is 0, no data will be returned, but now the new $server_payload and $server_headers properties will be set.
+* Convert the parser handle to an integer before using it as an index for $XML_RPC_xh[$parser].  Reduces E_STRICT notices.  Bug 3782.
+* Add createHeaders() method and $headers property to XML_RPC_Client to make testing easier.
+  
+  
+   
+    1.2.2
+    1.2.0
+   
+   
+    stable
+    stable
+   
+   2005-03-07
+   PHP License
+   * When using a proxy, add the protocol to the Request-URI, making it an "absoluteURI" as per the HTTP 1.0 spec.  Bug 3679.
+  
+  
+   
+    1.2.1
+    1.2.0
+   
+   
+    stable
+    stable
+   
+   2005-03-01
+   PHP License
+   * Add isset() check before examining the dispatch map.  Bug 3658.
+  
+  
+   
+    1.2.0
+    1.2.0
+   
+   
+    stable
+    stable
+   
+   2005-02-27
+   PHP License
+   * Provide the "stable" release.
+* Add package2.xml for compatibility with PEAR 1.4.0.
+* For changes since 1.1.0, see the changelogs for the various RC releases.
+  
+  
+   
+    1.2.0RC7
+    1.2.0RC7
+   
+   
+    beta
+    beta
+   
+   2005-02-22
+   PHP License
+   * Add the setSendEncoding() method and $send_encoding
+  property to XML_RPC_Message.  Request 3537.
+* Allow class methods to be mapped using either syntax:
+     'function' => 'hello::sayHello',
+     or
+     'function' => array('hello', 'sayhello'),
+  Bug 3363.
+* Use 8192 instead of 32768 for bytes in fread()
+  in parseResponseFile().  Bug 3340.
+  
+  
+   
+    1.2.0RC6
+    1.2.0RC6
+   
+   
+    beta
+    beta
+   
+   2005-01-25
+   PHP License
+   * Don't put the protocol in the Host field of the POST data.  (danielc)
+  
+  
+   
+    1.2.0RC5
+    1.2.0RC5
+   
+   
+    beta
+    beta
+   
+   2005-01-24
+   PHP License
+   * If $port is 443 but a protocol isn't specified in $server, assume ssl:// is the protocol.
+  
+  
+   
+    1.2.0RC4
+    1.2.0RC4
+   
+   
+    beta
+    beta
+   
+   2005-01-24
+   PHP License
+   * When a connection attempt fails, have the method return 0.  (danielc)
+* Move the protocol/port checking/switching and the property settings from sendPayloadHTTP10() to the XML_RPC_Client constructor.  (danielc)
+* Add tests for setting the client properties.  (danielc)
+* Remove $GLOBALS['XML_RPC_twoslash'] since it's not used.  (danielc)
+* Bundle the tests with the package.  (danielc)
+  
+  
+   
+    1.2.0RC3
+    1.2.0RC3
+   
+   
+    beta
+    beta
+   
+   2005-01-19
+   PHP License
+   * ssl uses port 443, not 445.
+  
+  
+   
+    1.2.0RC2
+    1.2.0RC2
+   
+   
+    beta
+    beta
+   
+   2005-01-11
+   PHP License
+   * Handle ssl:// in the $server string.  (danielc)
+* Also default to port 445 for ssl:// requests as well.  (danielc)
+* Enhance debugging in the server.  (danielc)
+  
+  
+   
+    1.2.0RC1
+    1.2.0RC1
+   
+   
+    beta
+    beta
+   
+   2004-12-30
+   PHP License
+   * Make things work with SSL.  Bug 2489.  (nkukard lbsd net)
+* Allow array function callbacks (Matt Kane)
+* Some minor speed-ups (Matt Kane)
+* Add Dump.php to the package (Christian Weiske)
+* Replace all line endings with \r\n.  Had only done replacements on \n.  Bug 2521.  (danielc)
+* Silence fsockopen() errors.  Bug 1714.  (danielc)
+* Encode empty arrays as an array. Bug 1493.  (danielc)
+* Eliminate undefined index notice when submitting empty arrays to XML_RPC_Encode().  Bug 1819.  (danielc)
+* Speed up check for enumerated arrays in XML_RPC_Encode().  (danielc)
+* Prepend "XML_RPC_" to ERROR_NON_NUMERIC_FOUND, eliminating problem when eval()'ing error messages.  (danielc)
+* Use XML_RPC_Base::raiseError() instead of PEAR::raiseError() in XML_RPC_ee() because PEAR.php is lazy loaded.  (danielc)
+* Allow raiseError() to be called statically.  (danielc)
+* Stop double escaping of character entities.  Bug 987.  (danielc)
+  NOTICE: the following have been removed:
+    * XML_RPC_dh()
+    * $GLOBALS['XML_RPC_entities']
+    * XML_RPC_entity_decode()
+    * XML_RPC_lookup_entity()
+* Determine the XML's encoding via the encoding attribute in the XML declaration.  Bug 52.  (danielc)
+  
+  
+   
+    1.1.0
+    1.1.0
+   
+   
+    stable
+    stable
+   
+   2004-03-15
+   PHP License
+   * Added support for sequential arrays to XML_RPC_encode() (mroch)
+* Cleaned up new XML_RPC_encode() changes a bit (mroch, pierre)
+* Remove "require_once 'PEAR.php'", include only when needed to raise an error
+* Replace echo and error_log() with raiseError() (mroch)
+* Make all classes extend XML_RPC_Base, which will handle common functions  (mroch)
+* be tolerant of junk after methodResponse (Luca Mariano, mroch)
+* Silent notice even in the error log (pierre)
+* fix include of shared xml extension on win32 (pierre)
+  
+  
+   
+    1.0.4
+    1.0.4
+   
+   
+    stable
+    stable
+   
+   2002-10-02
+   PHP License
+   * added HTTP proxy authorization support (thanks to Arnaud Limbourg)
+  
+  
+   
+    1.0.3
+    1.0.3
+   
+   
+    stable
+    stable
+   
+   2002-05-19
+   PHP License
+   * fix bug when parsing responses with boolean types
+  
+  
+   
+    1.0.2
+    1.0.2
+   
+   
+    stable
+    stable
+   
+   2002-04-16
+   PHP License
+   * E_ALL fixes
+* fix HTTP response header parsing
+  
+  
+   
+    1.0.1
+    1.0.1
+   
+   
+    stable
+    stable
+   
+   2001-09-25
+   PHP License
+   This is a PEAR-ified version of Useful Inc's 1.0.1 release.
+Includes an urgent security fix identified by Dan Libby <dan@libby.com>.
+  
+ 
+
+XML_RPC-1.4.0/tests/protoport.php100666      0      0       25543 10277724745  11707 
+ * @copyright  2005 The PHP Group
+ * @license    http://www.php.net/license/3_0.txt  PHP License
+ * @version    CVS: $Id: protoport.php,v 1.4 2005/01/24 17:48:47 danielc Exp $
+ * @link       http://pear.php.net/package/XML_RPC
+ * @since      File available since Release 1.2
+ */
+
+/*
+ * If the package version number is found in the left hand
+ * portion of the if() expression below, that means this file has
+ * come from the PEAR installer.  Therefore, let's test the
+ * installed version of XML_RPC which should be in the include path.
+ * 
+ * If the version has not been substituted in the if() expression,
+ * this file has likely come from a CVS checkout or a .tar file.
+ * Therefore, we'll assume the tests should use the version of
+ * XML_RPC that has come from there as well.
+ */
+if ('1.4.0' != '@'.'package_version'.'@') {
+    /**
+     * Get the needed class from the PEAR installation
+     */
+    require_once 'XML/RPC.php';
+} else {
+    /**
+     * Get the needed class from the parent directory
+     */
+    require_once '../RPC.php';
+}
+
+/**
+ * Compare the test result to the expected result
+ *
+ * If the test fails, echo out the results.
+ *
+ * @param array  $expect     the array of object properties you expect
+ *                            from the test
+ * @param object $actual     the object results from the test
+ * @param string $test_name  the name of the test
+ *
+ * @return void
+ */
+function compare($expect, $actual, $test_name) {
+    $actual = get_object_vars($actual);
+    if (count(array_diff($actual, $expect))) {
+        echo "$test_name failed.\nExpect: ";
+        print_r($expect);
+        echo "Actual: ";
+        print_r($actual);
+        echo "\n";
+    }
+}
+
+if (php_sapi_name() != 'cli') {
+    echo "
\n";
+}
+
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 80,
+    'proxy' => '',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'theserver');
+compare($x, $c, 'defaults');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 80,
+    'proxy' => '',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'http://theserver');
+compare($x, $c, 'defaults with http');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 443,
+    'proxy' => '',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'https://theserver');
+compare($x, $c, 'defaults with https');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 443,
+    'proxy' => '',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'ssl://theserver');
+compare($x, $c, 'defaults with ssl');
+
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 65,
+    'proxy' => '',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'theserver', 65);
+compare($x, $c, 'port 65');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 65,
+    'proxy' => '',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'http://theserver', 65);
+compare($x, $c, 'port 65 with http');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 65,
+    'proxy' => '',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'https://theserver', 65);
+compare($x, $c, 'port 65 with https');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 65,
+    'proxy' => '',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'ssl://theserver', 65);
+compare($x, $c, 'port 65 with ssl');
+
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 80,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'theserver', 0,
+                        'theproxy');
+compare($x, $c, 'defaults proxy');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 80,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 8080,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'http://theserver', 0,
+                        'http://theproxy');
+compare($x, $c, 'defaults with http proxy');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 443,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'ssl://',
+    'proxy_port' => 443,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'https://theserver', 0,
+                        'https://theproxy');
+compare($x, $c, 'defaults with https proxy');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 443,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'ssl://',
+    'proxy_port' => 443,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'ssl://theserver', 0,
+                        'ssl://theproxy');
+compare($x, $c, 'defaults with ssl proxy');
+
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 65,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 6565,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'theserver', 65,
+                        'theproxy', 6565);
+compare($x, $c, 'port 65 proxy 6565');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 65,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'http://',
+    'proxy_port' => 6565,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'http://theserver', 65,
+                        'http://theproxy', 6565);
+compare($x, $c, 'port 65 with http proxy 6565');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 65,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'ssl://',
+    'proxy_port' => 6565,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'https://theserver', 65,
+                        'https://theproxy', 6565);
+compare($x, $c, 'port 65 with https proxy 6565');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 65,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'ssl://',
+    'proxy_port' => 6565,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'ssl://theserver', 65,
+                        'ssl://theproxy', 6565);
+compare($x, $c, 'port 65 with ssl proxy 6565');
+
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'ssl://',
+    'port' => 443,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'ssl://',
+    'proxy_port' => 443,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'theserver', 443,
+                        'theproxy', 443);
+compare($x, $c, 'port 443 no protocol and proxy port 443 no protocol');
+
+$x = array(
+    'path' => 'thepath',
+    'server' => 'theserver',
+    'protocol' => 'http://',
+    'port' => 80,
+    'proxy' => 'theproxy',
+    'proxy_protocol' => 'ssl://',
+    'proxy_port' => 6565,
+    'proxy_user' => '',
+    'proxy_pass' => '',
+    'errno' => 0,
+    'errstring' => '',
+    'debug' => 0,
+    'username' => '',
+    'password' => '',
+);
+$c = new XML_RPC_Client('thepath', 'theserver', 0,
+                        'ssl://theproxy', 6565);
+compare($x, $c, 'port 443 no protocol and proxy port 443 no protocol');
+XML_RPC-1.4.0/tests/test_Dump.php100666      0      0        3042 10277724745  11551 new XML_RPC_Value('das ist der Titel', 'string'),
+    'startDate'=>new XML_RPC_Value(mktime(0,0,0,13,11,2004), 'dateTime.iso8601'),
+    'endDate'  =>new XML_RPC_Value(mktime(0,0,0,15,11,2004), 'dateTime.iso8601'),
+    'error'    =>'string',
+    'arkey'    => new XML_RPC_Value( array(
+        new XML_RPC_Value('simple string'),
+        new XML_RPC_Value(12345, 'int')
+        ), 'array')
+    )
+    ,'struct');
+
+XML_RPC_Dump($val);
+
+echo '==============' . "\r\n";
+$val2 = new XML_RPC_Value(44353, 'int');
+XML_RPC_Dump($val2);
+
+echo '==============' . "\r\n";
+$val3 = new XML_RPC_Value('this should be a string', 'string');
+XML_RPC_Dump($val3);
+
+echo '==============' . "\r\n";
+$val4 = new XML_RPC_Value(true, 'boolean');
+XML_RPC_Dump($val4);
+XML_RPC-1.4.0/Dump.php100666      0      0       12074 10277724745   7375 
+ * @version    CVS: $Id: Dump.php,v 1.7 2005/01/24 03:47:55 danielc Exp $
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+
+
+/**
+ * Pull in the XML_RPC class
+ */
+require_once 'XML/RPC.php';
+
+
+/**
+ * Generates the dump of the XML_RPC_Value and echoes it
+ *
+ * @param object $value  the XML_RPC_Value object to dump
+ *
+ * @return void
+ */
+function XML_RPC_Dump($value)
+{
+    $dumper = new XML_RPC_Dump();
+    echo $dumper->generateDump($value);
+}
+
+
+/**
+ * Class which generates a dump of a XML_RPC_Value object
+ *
+ * @category   Web Services
+ * @package    XML_RPC
+ * @author     Christian Weiske 
+ * @version    Release: 1.4.0
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+class XML_RPC_Dump
+{
+    /**
+     * The indentation array cache
+     * @var array
+     */
+    var $arIndent      = array();
+
+    /**
+     * The spaces used for indenting the XML
+     * @var string
+     */
+    var $strBaseIndent = '    ';
+
+    /**
+     * Returns the dump in XML format without printing it out
+     *
+     * @param object $value   the XML_RPC_Value object to dump
+     * @param int    $nLevel  the level of indentation
+     *
+     * @return string  the dump
+     */
+    function generateDump($value, $nLevel = 0)
+    {
+        if (!is_object($value) && get_class($value) != 'xml_rpc_value') {
+            require_once 'PEAR.php';
+            PEAR::raiseError('Tried to dump non-XML_RPC_Value variable' . "\r\n",
+                             0, PEAR_ERROR_PRINT);
+            if (is_object($value)) {
+                $strType = get_class($value);
+            } else {
+                $strType = gettype($value);
+            }
+            return $this->getIndent($nLevel) . 'NOT A XML_RPC_Value: '
+                   . $strType . "\r\n";
+        }
+
+        switch ($value->kindOf()) {
+        case 'struct':
+            $ret = $this->genStruct($value, $nLevel);
+            break;
+        case 'array':
+            $ret = $this->genArray($value, $nLevel);
+            break;
+        case 'scalar':
+            $ret = $this->genScalar($value->scalarval(), $nLevel);
+            break;
+        default:
+            require_once 'PEAR.php';
+            PEAR::raiseError('Illegal type "' . $value->kindOf()
+                             . '" in XML_RPC_Value' . "\r\n", 0,
+                             PEAR_ERROR_PRINT);
+        }
+
+        return $ret;
+    }
+
+    /**
+     * Returns the scalar value dump
+     *
+     * @param object $value   the scalar XML_RPC_Value object to dump
+     * @param int    $nLevel  the level of indentation
+     *
+     * @return string  Dumped version of the scalar value
+     */
+    function genScalar($value, $nLevel)
+    {
+        if (gettype($value) == 'object') {
+            $strClass = ' ' . get_class($value);
+        } else {
+            $strClass = '';
+        }
+        return $this->getIndent($nLevel) . gettype($value) . $strClass
+               . ' ' . $value . "\r\n";
+    }
+
+    /**
+     * Returns the dump of a struct
+     *
+     * @param object $value   the struct XML_RPC_Value object to dump
+     * @param int    $nLevel  the level of indentation
+     *
+     * @return string  Dumped version of the scalar value
+     */
+    function genStruct($value, $nLevel)
+    {
+        $value->structreset();
+        $strOutput = $this->getIndent($nLevel) . 'struct' . "\r\n";
+        while (list($key, $keyval) = $value->structeach()) {
+            $strOutput .= $this->getIndent($nLevel + 1) . $key . "\r\n";
+            $strOutput .= $this->generateDump($keyval, $nLevel + 2);
+        }
+        return $strOutput;
+    }
+
+    /**
+     * Returns the dump of an array
+     *
+     * @param object $value   the array XML_RPC_Value object to dump
+     * @param int    $nLevel  the level of indentation
+     *
+     * @return string  Dumped version of the scalar value
+     */
+    function genArray($value, $nLevel)
+    {
+        $nSize     = $value->arraysize();
+        $strOutput = $this->getIndent($nLevel) . 'array' . "\r\n";
+        for($nA = 0; $nA < $nSize; $nA++) {
+            $strOutput .= $this->getIndent($nLevel + 1) . $nA . "\r\n";
+            $strOutput .= $this->generateDump($value->arraymem($nA),
+                                              $nLevel + 2);
+        }
+        return $strOutput;
+    }
+
+    /**
+     * Returns the indent for a specific level and caches it for faster use
+     *
+     * @param int $nLevel  the level
+     *
+     * @return string  the indented string
+     */
+    function getIndent($nLevel)
+    {
+        if (!isset($this->arIndent[$nLevel])) {
+            $this->arIndent[$nLevel] = str_repeat($this->strBaseIndent, $nLevel);
+        }
+        return $this->arIndent[$nLevel];
+    }
+}
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * c-hanging-comment-ender-p: nil
+ * End:
+ */
+
+?>
+XML_RPC-1.4.0/RPC.php100666      0      0      156232 10277724745   7141 
+ * @author     Stig Bakken 
+ * @author     Martin Jansen 
+ * @author     Daniel Convissor 
+ * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
+ * @version    CVS: $Id: RPC.php,v 1.83 2005/08/14 20:25:35 danielc Exp $
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+
+
+if (!function_exists('xml_parser_create')) {
+    PEAR::loadExtension('xml');
+}
+
+/**#@+
+ * Error constants
+ */
+/**
+ * Parameter values don't match parameter types
+ */
+define('XML_RPC_ERROR_INVALID_TYPE', 101);
+/**
+ * Parameter declared to be numeric but the values are not
+ */
+define('XML_RPC_ERROR_NON_NUMERIC_FOUND', 102);
+/**
+ * Communication error
+ */
+define('XML_RPC_ERROR_CONNECTION_FAILED', 103);
+/**
+ * The array or struct has already been started
+ */
+define('XML_RPC_ERROR_ALREADY_INITIALIZED', 104);
+/**
+ * Incorrect parameters submitted
+ */
+define('XML_RPC_ERROR_INCORRECT_PARAMS', 105);
+/**
+ * Programming error by developer
+ */
+define('XML_RPC_ERROR_PROGRAMMING', 106);
+/**#@-*/
+
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_I4']
+ */
+$GLOBALS['XML_RPC_I4'] = 'i4';
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_Int']
+ */
+$GLOBALS['XML_RPC_Int'] = 'int';
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_Boolean']
+ */
+$GLOBALS['XML_RPC_Boolean'] = 'boolean';
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_Double']
+ */
+$GLOBALS['XML_RPC_Double'] = 'double';
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_String']
+ */
+$GLOBALS['XML_RPC_String'] = 'string';
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_DateTime']
+ */
+$GLOBALS['XML_RPC_DateTime'] = 'dateTime.iso8601';
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_Base64']
+ */
+$GLOBALS['XML_RPC_Base64'] = 'base64';
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_Array']
+ */
+$GLOBALS['XML_RPC_Array'] = 'array';
+
+/**
+ * Data types
+ * @global string $GLOBALS['XML_RPC_Struct']
+ */
+$GLOBALS['XML_RPC_Struct'] = 'struct';
+
+
+/**
+ * Data type meta-types
+ * @global array $GLOBALS['XML_RPC_Types']
+ */
+$GLOBALS['XML_RPC_Types'] = array(
+    $GLOBALS['XML_RPC_I4']       => 1,
+    $GLOBALS['XML_RPC_Int']      => 1,
+    $GLOBALS['XML_RPC_Boolean']  => 1,
+    $GLOBALS['XML_RPC_String']   => 1,
+    $GLOBALS['XML_RPC_Double']   => 1,
+    $GLOBALS['XML_RPC_DateTime'] => 1,
+    $GLOBALS['XML_RPC_Base64']   => 1,
+    $GLOBALS['XML_RPC_Array']    => 2,
+    $GLOBALS['XML_RPC_Struct']   => 3,
+);
+
+
+/**
+ * Error message numbers
+ * @global array $GLOBALS['XML_RPC_err']
+ */
+$GLOBALS['XML_RPC_err'] = array(
+    'unknown_method'      => 1,
+    'invalid_return'      => 2,
+    'incorrect_params'    => 3,
+    'introspect_unknown'  => 4,
+    'http_error'          => 5,
+    'not_response_object' => 6,
+    'invalid_request'     => 7,
+);
+
+/**
+ * Error message strings
+ * @global array $GLOBALS['XML_RPC_str']
+ */
+$GLOBALS['XML_RPC_str'] = array(
+    'unknown_method'      => 'Unknown method',
+    'invalid_return'      => 'Invalid return payload: enable debugging to examine incoming payload',
+    'incorrect_params'    => 'Incorrect parameters passed to method',
+    'introspect_unknown'  => 'Can\'t introspect: method unknown',
+    'http_error'          => 'Didn\'t receive 200 OK from remote server.',
+    'not_response_object' => 'The requested method didn\'t return an XML_RPC_Response object.',
+    'invalid_request'     => 'Invalid request payload',
+);
+
+
+/**
+ * Default XML encoding (ISO-8859-1, UTF-8 or US-ASCII)
+ * @global string $GLOBALS['XML_RPC_defencoding']
+ */
+$GLOBALS['XML_RPC_defencoding'] = 'UTF-8';
+
+/**
+ * User error codes start at 800
+ * @global int $GLOBALS['XML_RPC_erruser']
+ */
+$GLOBALS['XML_RPC_erruser'] = 800;
+
+/**
+ * XML parse error codes start at 100
+ * @global int $GLOBALS['XML_RPC_errxml']
+ */
+$GLOBALS['XML_RPC_errxml'] = 100;
+
+
+/**
+ * Compose backslashes for escaping regexp
+ * @global string $GLOBALS['XML_RPC_backslash']
+ */
+$GLOBALS['XML_RPC_backslash'] = chr(92) . chr(92);
+
+
+/**
+ * Valid parents of XML elements
+ * @global array $GLOBALS['XML_RPC_valid_parents']
+ */
+$GLOBALS['XML_RPC_valid_parents'] = array(
+    'BOOLEAN' => array('VALUE'),
+    'I4' => array('VALUE'),
+    'INT' => array('VALUE'),
+    'STRING' => array('VALUE'),
+    'DOUBLE' => array('VALUE'),
+    'DATETIME.ISO8601' => array('VALUE'),
+    'BASE64' => array('VALUE'),
+    'ARRAY' => array('VALUE'),
+    'STRUCT' => array('VALUE'),
+    'PARAM' => array('PARAMS'),
+    'METHODNAME' => array('METHODCALL'),
+    'PARAMS' => array('METHODCALL', 'METHODRESPONSE'),
+    'MEMBER' => array('STRUCT'),
+    'NAME' => array('MEMBER'),
+    'DATA' => array('ARRAY'),
+    'FAULT' => array('METHODRESPONSE'),
+    'VALUE' => array('MEMBER', 'DATA', 'PARAM', 'FAULT'),
+);
+
+
+/**
+ * Stores state during parsing
+ *
+ * quick explanation of components:
+ *   + ac     = accumulates values
+ *   + qt     = decides if quotes are needed for evaluation
+ *   + cm     = denotes struct or array (comma needed)
+ *   + isf    = indicates a fault
+ *   + lv     = indicates "looking for a value": implements the logic
+ *               to allow values with no types to be strings
+ *   + params = stores parameters in method calls
+ *   + method = stores method name
+ *
+ * @global array $GLOBALS['XML_RPC_xh']
+ */
+$GLOBALS['XML_RPC_xh'] = array();
+
+
+/**
+ * Start element handler for the XML parser
+ *
+ * @return void
+ */
+function XML_RPC_se($parser_resource, $name, $attrs)
+{
+    global $XML_RPC_xh, $XML_RPC_DateTime, $XML_RPC_String, $XML_RPC_valid_parents;
+    $parser = (int) $parser_resource;
+
+    // if invalid xmlrpc already detected, skip all processing
+    if ($XML_RPC_xh[$parser]['isf'] >= 2) {
+        return;
+    }
+
+    // check for correct element nesting
+    // top level element can only be of 2 types
+    if (count($XML_RPC_xh[$parser]['stack']) == 0) {
+        if ($name != 'METHODRESPONSE' && $name != 'METHODCALL') {
+            $XML_RPC_xh[$parser]['isf'] = 2;
+            $XML_RPC_xh[$parser]['isf_reason'] = 'missing top level xmlrpc element';
+            return;
+        }
+    } else {
+        // not top level element: see if parent is OK
+        if (!in_array($XML_RPC_xh[$parser]['stack'][0], $XML_RPC_valid_parents[$name])) {
+            $name = preg_replace('[^a-zA-Z0-9._-]', '', $name);
+            $XML_RPC_xh[$parser]['isf'] = 2;
+            $XML_RPC_xh[$parser]['isf_reason'] = "xmlrpc element $name cannot be child of {$XML_RPC_xh[$parser]['stack'][0]}";
+            return;
+        }
+    }
+
+    switch ($name) {
+    case 'STRUCT':
+        $XML_RPC_xh[$parser]['cm']++;
+
+        // turn quoting off
+        $XML_RPC_xh[$parser]['qt'] = 0;
+
+        $cur_val = array();
+        $cur_val['value'] = array();
+        $cur_val['members'] = 1;
+        array_unshift($XML_RPC_xh[$parser]['valuestack'], $cur_val);
+        break;
+
+    case 'ARRAY':
+        $XML_RPC_xh[$parser]['cm']++;
+
+        // turn quoting off
+        $XML_RPC_xh[$parser]['qt'] = 0;
+
+        $cur_val = array();
+        $cur_val['value'] = array();
+        $cur_val['members'] = 0;
+        array_unshift($XML_RPC_xh[$parser]['valuestack'], $cur_val);
+        break;
+
+    case 'NAME':
+        $XML_RPC_xh[$parser]['ac'] = '';
+        break;
+
+    case 'FAULT':
+        $XML_RPC_xh[$parser]['isf'] = 1;
+        break;
+
+    case 'PARAM':
+        $XML_RPC_xh[$parser]['valuestack'] = array();
+        break;
+
+    case 'VALUE':
+        $XML_RPC_xh[$parser]['lv'] = 1;
+        $XML_RPC_xh[$parser]['vt'] = $XML_RPC_String;
+        $XML_RPC_xh[$parser]['ac'] = '';
+        $XML_RPC_xh[$parser]['qt'] = 0;
+        // look for a value: if this is still 1 by the
+        // time we reach the first data segment then the type is string
+        // by implication and we need to add in a quote
+        break;
+
+    case 'I4':
+    case 'INT':
+    case 'STRING':
+    case 'BOOLEAN':
+    case 'DOUBLE':
+    case 'DATETIME.ISO8601':
+    case 'BASE64':
+        $XML_RPC_xh[$parser]['ac'] = ''; // reset the accumulator
+
+        if ($name == 'DATETIME.ISO8601' || $name == 'STRING') {
+            $XML_RPC_xh[$parser]['qt'] = 1;
+
+            if ($name == 'DATETIME.ISO8601') {
+                $XML_RPC_xh[$parser]['vt'] = $XML_RPC_DateTime;
+            }
+
+        } elseif ($name == 'BASE64') {
+            $XML_RPC_xh[$parser]['qt'] = 2;
+        } else {
+            // No quoting is required here -- but
+            // at the end of the element we must check
+            // for data format errors.
+            $XML_RPC_xh[$parser]['qt'] = 0;
+        }
+        break;
+
+    case 'MEMBER':
+        $XML_RPC_xh[$parser]['ac'] = '';
+        break;
+
+    case 'DATA':
+    case 'METHODCALL':
+    case 'METHODNAME':
+    case 'METHODRESPONSE':
+    case 'PARAMS':
+        // valid elements that add little to processing
+        break;
+    }
+
+
+    // Save current element to stack
+    array_unshift($XML_RPC_xh[$parser]['stack'], $name);
+
+    if ($name != 'VALUE') {
+        $XML_RPC_xh[$parser]['lv'] = 0;
+    }
+}
+
+/**
+ * End element handler for the XML parser
+ *
+ * @return void
+ */
+function XML_RPC_ee($parser_resource, $name)
+{
+    global $XML_RPC_xh, $XML_RPC_Types, $XML_RPC_String;
+    $parser = (int) $parser_resource;
+
+    if ($XML_RPC_xh[$parser]['isf'] >= 2) {
+        return;
+    }
+
+    // push this element from stack
+    // NB: if XML validates, correct opening/closing is guaranteed and
+    // we do not have to check for $name == $curr_elem.
+    // we also checked for proper nesting at start of elements...
+    $curr_elem = array_shift($XML_RPC_xh[$parser]['stack']);
+
+    switch ($name) {
+    case 'STRUCT':
+    case 'ARRAY':
+    $cur_val = array_shift($XML_RPC_xh[$parser]['valuestack']);
+    $XML_RPC_xh[$parser]['value'] = $cur_val['value'];
+        $XML_RPC_xh[$parser]['vt'] = strtolower($name);
+        $XML_RPC_xh[$parser]['cm']--;
+        break;
+
+    case 'NAME':
+    $XML_RPC_xh[$parser]['valuestack'][0]['name'] = $XML_RPC_xh[$parser]['ac'];
+        break;
+
+    case 'BOOLEAN':
+        // special case here: we translate boolean 1 or 0 into PHP
+        // constants true or false
+        if ($XML_RPC_xh[$parser]['ac'] == '1') {
+            $XML_RPC_xh[$parser]['ac'] = 'true';
+        } else {
+            $XML_RPC_xh[$parser]['ac'] = 'false';
+        }
+
+        $XML_RPC_xh[$parser]['vt'] = strtolower($name);
+        // Drop through intentionally.
+
+    case 'I4':
+    case 'INT':
+    case 'STRING':
+    case 'DOUBLE':
+    case 'DATETIME.ISO8601':
+    case 'BASE64':
+        if ($XML_RPC_xh[$parser]['qt'] == 1) {
+            // we use double quotes rather than single so backslashification works OK
+            $XML_RPC_xh[$parser]['value'] = $XML_RPC_xh[$parser]['ac'];
+        } elseif ($XML_RPC_xh[$parser]['qt'] == 2) {
+            $XML_RPC_xh[$parser]['value'] = base64_decode($XML_RPC_xh[$parser]['ac']);
+        } elseif ($name == 'BOOLEAN') {
+            $XML_RPC_xh[$parser]['value'] = $XML_RPC_xh[$parser]['ac'];
+        } else {
+            // we have an I4, INT or a DOUBLE
+            // we must check that only 0123456789-. are characters here
+            if (!ereg("^[+-]?[0123456789 \t\.]+$", $XML_RPC_xh[$parser]['ac'])) {
+                XML_RPC_Base::raiseError('Non-numeric value received in INT or DOUBLE',
+                                         XML_RPC_ERROR_NON_NUMERIC_FOUND);
+                $XML_RPC_xh[$parser]['value'] = XML_RPC_ERROR_NON_NUMERIC_FOUND;
+            } else {
+                // it's ok, add it on
+                $XML_RPC_xh[$parser]['value'] = $XML_RPC_xh[$parser]['ac'];
+            }
+        }
+
+        $XML_RPC_xh[$parser]['ac'] = '';
+        $XML_RPC_xh[$parser]['qt'] = 0;
+        $XML_RPC_xh[$parser]['lv'] = 3; // indicate we've found a value
+        break;
+
+    case 'VALUE':
+        // deal with a string value
+        if (strlen($XML_RPC_xh[$parser]['ac']) > 0 &&
+            $XML_RPC_xh[$parser]['vt'] == $XML_RPC_String) {
+            $XML_RPC_xh[$parser]['value'] = $XML_RPC_xh[$parser]['ac'];
+        }
+
+        $temp = new XML_RPC_Value($XML_RPC_xh[$parser]['value'], $XML_RPC_xh[$parser]['vt']);
+
+        $cur_val = array_shift($XML_RPC_xh[$parser]['valuestack']);
+        if (is_array($cur_val)) {
+            if ($cur_val['members']==0) {
+                $cur_val['value'][] = $temp;
+            } else {
+                $XML_RPC_xh[$parser]['value'] = $temp;
+            }
+            array_unshift($XML_RPC_xh[$parser]['valuestack'], $cur_val);
+        } else {
+            $XML_RPC_xh[$parser]['value'] = $temp;
+        }
+        break;
+
+    case 'MEMBER':
+        $XML_RPC_xh[$parser]['ac'] = '';
+        $XML_RPC_xh[$parser]['qt'] = 0;
+
+        $cur_val = array_shift($XML_RPC_xh[$parser]['valuestack']);
+        if (is_array($cur_val)) {
+            if ($cur_val['members']==1) {
+                $cur_val['value'][$cur_val['name']] = $XML_RPC_xh[$parser]['value'];
+            }
+            array_unshift($XML_RPC_xh[$parser]['valuestack'], $cur_val);
+        }
+        break;
+
+    case 'DATA':
+        $XML_RPC_xh[$parser]['ac'] = '';
+        $XML_RPC_xh[$parser]['qt'] = 0;
+        break;
+
+    case 'PARAM':
+        $XML_RPC_xh[$parser]['params'][] = $XML_RPC_xh[$parser]['value'];
+        break;
+
+    case 'METHODNAME':
+    case 'RPCMETHODNAME':
+        $XML_RPC_xh[$parser]['method'] = ereg_replace("^[\n\r\t ]+", '',
+                                                      $XML_RPC_xh[$parser]['ac']);
+        break;
+    }
+
+    // if it's a valid type name, set the type
+    if (isset($XML_RPC_Types[strtolower($name)])) {
+        $XML_RPC_xh[$parser]['vt'] = strtolower($name);
+    }
+}
+
+/**
+ * Character data handler for the XML parser
+ *
+ * @return void
+ */
+function XML_RPC_cd($parser_resource, $data)
+{
+    global $XML_RPC_xh, $XML_RPC_backslash;
+    $parser = (int) $parser_resource;
+
+    if ($XML_RPC_xh[$parser]['lv'] != 3) {
+        // "lookforvalue==3" means that we've found an entire value
+        // and should discard any further character data
+
+        if ($XML_RPC_xh[$parser]['lv'] == 1) {
+            // if we've found text and we're just in a  then
+            // turn quoting on, as this will be a string
+            $XML_RPC_xh[$parser]['qt'] = 1;
+            // and say we've found a value
+            $XML_RPC_xh[$parser]['lv'] = 2;
+        }
+
+        // replace characters that eval would
+        // do special things with
+        if (!isset($XML_RPC_xh[$parser]['ac'])) {
+            $XML_RPC_xh[$parser]['ac'] = '';
+        }
+        $XML_RPC_xh[$parser]['ac'] .= $data;
+    }
+}
+
+/**
+ * The common methods and properties for all of the XML_RPC classes
+ *
+ * @category   Web Services
+ * @package    XML_RPC
+ * @author     Edd Dumbill 
+ * @author     Stig Bakken 
+ * @author     Martin Jansen 
+ * @author     Daniel Convissor 
+ * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
+ * @version    Release: 1.4.0
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+class XML_RPC_Base {
+
+    /**
+     * PEAR Error handling
+     *
+     * @return object  PEAR_Error object
+     */
+    function raiseError($msg, $code)
+    {
+        include_once 'PEAR.php';
+        if (is_object(@$this)) {
+            return PEAR::raiseError(get_class($this) . ': ' . $msg, $code);
+        } else {
+            return PEAR::raiseError('XML_RPC: ' . $msg, $code);
+        }
+    }
+
+    /**
+     * Tell whether something is a PEAR_Error object
+     *
+     * @param mixed $value  the item to check
+     *
+     * @return bool  whether $value is a PEAR_Error object or not
+     *
+     * @access public
+     */
+    function isError($value)
+    {
+        return is_a($value, 'PEAR_Error');
+    }
+}
+
+/**
+ * The methods and properties for submitting XML RPC requests
+ *
+ * @category   Web Services
+ * @package    XML_RPC
+ * @author     Edd Dumbill 
+ * @author     Stig Bakken 
+ * @author     Martin Jansen 
+ * @author     Daniel Convissor 
+ * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
+ * @version    Release: 1.4.0
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+class XML_RPC_Client extends XML_RPC_Base {
+
+    /**
+     * The path and name of the RPC server script you want the request to go to
+     * @var string
+     */
+    var $path = '';
+
+    /**
+     * The name of the remote server to connect to
+     * @var string
+     */
+    var $server = '';
+
+    /**
+     * The protocol to use in contacting the remote server
+     * @var string
+     */
+    var $protocol = 'http://';
+
+    /**
+     * The port for connecting to the remote server
+     *
+     * The default is 80 for http:// connections
+     * and 443 for https:// and ssl:// connections.
+     *
+     * @var integer
+     */
+    var $port = 80;
+
+    /**
+     * A user name for accessing the RPC server
+     * @var string
+     * @see XML_RPC_Client::setCredentials()
+     */
+    var $username = '';
+
+    /**
+     * A password for accessing the RPC server
+     * @var string
+     * @see XML_RPC_Client::setCredentials()
+     */
+    var $password = '';
+
+    /**
+     * The name of the proxy server to use, if any
+     * @var string
+     */
+    var $proxy = '';
+
+    /**
+     * The protocol to use in contacting the proxy server, if any
+     * @var string
+     */
+    var $proxy_protocol = 'http://';
+
+    /**
+     * The port for connecting to the proxy server
+     *
+     * The default is 8080 for http:// connections
+     * and 443 for https:// and ssl:// connections.
+     *
+     * @var integer
+     */
+    var $proxy_port = 8080;
+
+    /**
+     * A user name for accessing the proxy server
+     * @var string
+     */
+    var $proxy_user = '';
+
+    /**
+     * A password for accessing the proxy server
+     * @var string
+     */
+    var $proxy_pass = '';
+
+    /**
+     * The error number, if any
+     * @var integer
+     */
+    var $errno = 0;
+
+    /**
+     * The error message, if any
+     * @var string
+     */
+    var $errstr = '';
+
+    /**
+     * The current debug mode (1 = on, 0 = off)
+     * @var integer
+     */
+    var $debug = 0;
+
+    /**
+     * The HTTP headers for the current request.
+     * @var string
+     */
+    var $headers = '';
+
+
+    /**
+     * Sets the object's properties
+     *
+     * @param string  $path        the path and name of the RPC server script
+     *                              you want the request to go to
+     * @param string  $server      the URL of the remote server to connect to.
+     *                              If this parameter doesn't specify a
+     *                              protocol and $port is 443, ssl:// is
+     *                              assumed.
+     * @param integer $port        a port for connecting to the remote server.
+     *                              Defaults to 80 for http:// connections and
+     *                              443 for https:// and ssl:// connections.
+     * @param string  $proxy       the URL of the proxy server to use, if any.
+     *                              If this parameter doesn't specify a
+     *                              protocol and $port is 443, ssl:// is
+     *                              assumed.
+     * @param integer $proxy_port  a port for connecting to the remote server.
+     *                              Defaults to 8080 for http:// connections and
+     *                              443 for https:// and ssl:// connections.
+     * @param string  $proxy_user  a user name for accessing the proxy server
+     * @param string  $proxy_pass  a password for accessing the proxy server
+     *
+     * @return void
+     */
+    function XML_RPC_Client($path, $server, $port = 0,
+                            $proxy = '', $proxy_port = 0,
+                            $proxy_user = '', $proxy_pass = '')
+    {
+        $this->path       = $path;
+        $this->proxy_user = $proxy_user;
+        $this->proxy_pass = $proxy_pass;
+
+        preg_match('@^(http://|https://|ssl://)?(.*)$@', $server, $match);
+        if ($match[1] == '') {
+            if ($port == 443) {
+                $this->server   = $match[2];
+                $this->protocol = 'ssl://';
+                $this->port     = 443;
+            } else {
+                $this->server = $match[2];
+                if ($port) {
+                    $this->port = $port;
+                }
+            }
+        } elseif ($match[1] == 'http://') {
+            $this->server = $match[2];
+            if ($port) {
+                $this->port = $port;
+            }
+        } else {
+            $this->server   = $match[2];
+            $this->protocol = 'ssl://';
+            if ($port) {
+                $this->port = $port;
+            } else {
+                $this->port = 443;
+            }
+        }
+
+        if ($proxy) {
+            preg_match('@^(http://|https://|ssl://)?(.*)$@', $proxy, $match);
+            if ($match[1] == '') {
+                if ($proxy_port == 443) {
+                    $this->proxy          = $match[2];
+                    $this->proxy_protocol = 'ssl://';
+                    $this->proxy_port     = 443;
+                } else {
+                    $this->proxy = $match[2];
+                    if ($proxy_port) {
+                        $this->proxy_port = $proxy_port;
+                    }
+                }
+            } elseif ($match[1] == 'http://') {
+                $this->proxy = $match[2];
+                if ($proxy_port) {
+                    $this->proxy_port = $proxy_port;
+                }
+            } else {
+                $this->proxy          = $match[2];
+                $this->proxy_protocol = 'ssl://';
+                if ($proxy_port) {
+                    $this->proxy_port = $proxy_port;
+                } else {
+                    $this->proxy_port = 443;
+                }
+            }
+        }
+    }
+
+    /**
+     * Change the current debug mode
+     *
+     * @param int $in  where 1 = on, 0 = off
+     *
+     * @return void
+     */
+    function setDebug($in)
+    {
+        if ($in) {
+            $this->debug = 1;
+        } else {
+            $this->debug = 0;
+        }
+    }
+
+    /**
+     * Set username and password properties for connecting to the RPC server
+     *
+     * @param string $u  the user name
+     * @param string $p  the password
+     *
+     * @return void
+     *
+     * @see XML_RPC_Client::$username, XML_RPC_Client::$password
+     */
+    function setCredentials($u, $p)
+    {
+        $this->username = $u;
+        $this->password = $p;
+    }
+
+    /**
+     * Transmit the RPC request via HTTP 1.0 protocol
+     *
+     * @param object $msg       the XML_RPC_Message object
+     * @param int    $timeout   how many seconds to wait for the request
+     *
+     * @return object  an XML_RPC_Response object.  0 is returned if any
+     *                  problems happen.
+     *
+     * @see XML_RPC_Message, XML_RPC_Client::XML_RPC_Client(),
+     *      XML_RPC_Client::setCredentials()
+     */
+    function send($msg, $timeout = 0)
+    {
+        if (strtolower(get_class($msg)) != 'xml_rpc_message') {
+            $this->errstr = 'send()\'s $msg parameter must be an'
+                          . ' XML_RPC_Message object.';
+            $this->raiseError($this->errstr, XML_RPC_ERROR_PROGRAMMING);
+            return 0;
+        }
+        $msg->debug = $this->debug;
+        return $this->sendPayloadHTTP10($msg, $this->server, $this->port,
+                                        $timeout, $this->username,
+                                        $this->password);
+    }
+
+    /**
+     * Transmit the RPC request via HTTP 1.0 protocol
+     *
+     * Requests should be sent using XML_RPC_Client send() rather than
+     * calling this method directly.
+     *
+     * @param object $msg       the XML_RPC_Message object
+     * @param string $server    the server to send the request to
+     * @param int    $port      the server port send the request to
+     * @param int    $timeout   how many seconds to wait for the request
+     *                           before giving up
+     * @param string $username  a user name for accessing the RPC server
+     * @param string $password  a password for accessing the RPC server
+     *
+     * @return object  an XML_RPC_Response object.  0 is returned if any
+     *                  problems happen.
+     *
+     * @access protected
+     * @see XML_RPC_Client::send()
+     */
+    function sendPayloadHTTP10($msg, $server, $port, $timeout = 0,
+                               $username = '', $password = '')
+    {
+        /*
+         * If we're using a proxy open a socket to the proxy server
+         * instead to the xml-rpc server
+         */
+        if ($this->proxy) {
+            if ($this->proxy_protocol == 'http://') {
+                $protocol = '';
+            } else {
+                $protocol = $this->proxy_protocol;
+            }
+            if ($timeout > 0) {
+                $fp = @fsockopen($protocol . $this->proxy, $this->proxy_port,
+                                 $this->errno, $this->errstr, $timeout);
+            } else {
+                $fp = @fsockopen($protocol . $this->proxy, $this->proxy_port,
+                                 $this->errno, $this->errstr);
+            }
+        } else {
+            if ($this->protocol == 'http://') {
+                $protocol = '';
+            } else {
+                $protocol = $this->protocol;
+            }
+            if ($timeout > 0) {
+                $fp = @fsockopen($protocol . $server, $port,
+                                 $this->errno, $this->errstr, $timeout);
+            } else {
+                $fp = @fsockopen($protocol . $server, $port,
+                                 $this->errno, $this->errstr);
+            }
+        }
+
+        /*
+         * Just raising the error without returning it is strange,
+         * but keep it here for backwards compatibility.
+         */
+        if (!$fp && $this->proxy) {
+            $this->raiseError('Connection to proxy server '
+                              . $this->proxy . ':' . $this->proxy_port
+                              . ' failed. ' . $this->errstr,
+                              XML_RPC_ERROR_CONNECTION_FAILED);
+            return 0;
+        } elseif (!$fp) {
+            $this->raiseError('Connection to RPC server '
+                              . $server . ':' . $port
+                              . ' failed. ' . $this->errstr,
+                              XML_RPC_ERROR_CONNECTION_FAILED);
+            return 0;
+        }
+
+        if ($timeout) {
+            /*
+             * Using socket_set_timeout() because stream_set_timeout()
+             * was introduced in 4.3.0, but we need to support 4.2.0.
+             */
+            socket_set_timeout($fp, $timeout);
+        }
+
+        // Pre-emptive BC hacks for fools calling sendPayloadHTTP10() directly
+        if ($username != $this->username) {
+            $this->setCredentials($username, $password);
+        }
+
+        // Only create the payload if it was not created previously
+        if (empty($msg->payload)) {
+            $msg->createPayload();
+        }
+        $this->createHeaders($msg);
+
+        $op  = $this->headers . "\r\n\r\n";
+        $op .= $msg->payload;
+
+        if (!fputs($fp, $op, strlen($op))) {
+            $this->errstr = 'Write error';
+            return 0;
+        }
+        $resp = $msg->parseResponseFile($fp);
+
+        $meta = socket_get_status($fp);
+        if ($meta['timed_out']) {
+            fclose($fp);
+            $this->errstr = 'RPC server did not send response before timeout.';
+            $this->raiseError($this->errstr, XML_RPC_ERROR_CONNECTION_FAILED);
+            return 0;
+        }
+
+        fclose($fp);
+        return $resp;
+    }
+
+    /**
+     * Determines the HTTP headers and puts it in the $headers property
+     *
+     * @param object $msg       the XML_RPC_Message object
+     *
+     * @return boolean  TRUE if okay, FALSE if the message payload isn't set.
+     *
+     * @access protected
+     */
+    function createHeaders($msg)
+    {
+        if (empty($msg->payload)) {
+            return false;
+        }
+        if ($this->proxy) {
+            $this->headers = 'POST ' . $this->protocol . $this->server;
+            if ($this->proxy_port) {
+                $this->headers .= ':' . $this->port;
+            }
+        } else {
+           $this->headers = 'POST ';
+        }
+        $this->headers .= $this->path. " HTTP/1.0\r\n";
+
+        $this->headers .= "User-Agent: PEAR XML_RPC\r\n";
+        $this->headers .= 'Host: ' . $this->server . "\r\n";
+
+        if ($this->proxy && $this->proxy_user) {
+            $this->headers .= 'Proxy-Authorization: Basic '
+                     . base64_encode("$this->proxy_user:$this->proxy_pass")
+                     . "\r\n";
+        }
+
+        // thanks to Grant Rauscher  for this
+        if ($this->username) {
+            $this->headers .= 'Authorization: Basic '
+                     . base64_encode("$this->username:$this->password")
+                     . "\r\n";
+        }
+
+        $this->headers .= "Content-Type: text/xml\r\n";
+        $this->headers .= 'Content-Length: ' . strlen($msg->payload);
+        return true;
+    }
+}
+
+/**
+ * The methods and properties for interpreting responses to XML RPC requests
+ *
+ * @category   Web Services
+ * @package    XML_RPC
+ * @author     Edd Dumbill 
+ * @author     Stig Bakken 
+ * @author     Martin Jansen 
+ * @author     Daniel Convissor 
+ * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
+ * @version    Release: 1.4.0
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+class XML_RPC_Response extends XML_RPC_Base
+{
+    var $xv;
+    var $fn;
+    var $fs;
+    var $hdrs;
+
+    /**
+     * @return void
+     */
+    function XML_RPC_Response($val, $fcode = 0, $fstr = '')
+    {
+        if ($fcode != 0) {
+            $this->fn = $fcode;
+            $this->fs = htmlspecialchars($fstr);
+        } else {
+            $this->xv = $val;
+        }
+    }
+
+    /**
+     * @return int  the error code
+     */
+    function faultCode()
+    {
+        if (isset($this->fn)) {
+            return $this->fn;
+        } else {
+            return 0;
+        }
+    }
+
+    /**
+     * @return string  the error string
+     */
+    function faultString()
+    {
+        return $this->fs;
+    }
+
+    /**
+     * @return mixed  the value
+     */
+    function value()
+    {
+        return $this->xv;
+    }
+
+    /**
+     * @return string  the error message in XML format
+     */
+    function serialize()
+    {
+        $rs = "\n";
+        if ($this->fn) {
+            $rs .= "
+  
+    
+      
+        faultCode
+        " . $this->fn . "
+      
+      
+        faultString
+        " . $this->fs . "
+      
+    
+  
+";
+        } else {
+            $rs .= "\n\n" . $this->xv->serialize() .
+        "\n";
+        }
+        $rs .= "\n";
+        return $rs;
+    }
+}
+
+/**
+ * The methods and properties for composing XML RPC messages
+ *
+ * @category   Web Services
+ * @package    XML_RPC
+ * @author     Edd Dumbill 
+ * @author     Stig Bakken 
+ * @author     Martin Jansen 
+ * @author     Daniel Convissor 
+ * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
+ * @version    Release: 1.4.0
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+class XML_RPC_Message extends XML_RPC_Base
+{
+    /**
+     * The current debug mode (1 = on, 0 = off)
+     * @var integer
+     */
+    var $debug = 0;
+
+    /**
+     * The encoding to be used for outgoing messages
+     *
+     * Defaults to the value of $GLOBALS['XML_RPC_defencoding']
+     *
+     * @var string
+     * @see XML_RPC_Message::setSendEncoding(),
+     *      $GLOBALS['XML_RPC_defencoding'], XML_RPC_Message::xml_header()
+     */
+    var $send_encoding = '';
+
+    /**
+     * The method presently being evaluated
+     * @var string
+     */
+    var $methodname = '';
+
+    /**
+     * @var array
+     */
+    var $params = array();
+
+    /**
+     * The XML message being generated
+     * @var string
+     */
+    var $payload = '';
+
+    /**
+     * @return void
+     */
+    function XML_RPC_Message($meth, $pars = 0)
+    {
+        $this->methodname = $meth;
+        if (is_array($pars) && sizeof($pars) > 0) {
+            for ($i = 0; $i < sizeof($pars); $i++) {
+                $this->addParam($pars[$i]);
+            }
+        }
+    }
+
+    /**
+     * Produces the XML declaration including the encoding attribute
+     *
+     * The encoding is determined by this class' $send_encoding
+     * property.  If the $send_encoding property is not set, use
+     * $GLOBALS['XML_RPC_defencoding'].
+     *
+     * @return string  the XML declaration and  element
+     *
+     * @see XML_RPC_Message::setSendEncoding(),
+     *      XML_RPC_Message::$send_encoding, $GLOBALS['XML_RPC_defencoding']
+     */
+    function xml_header()
+    {
+        global $XML_RPC_defencoding;
+        if (!$this->send_encoding) {
+            $this->send_encoding = $XML_RPC_defencoding;
+        }
+        return 'send_encoding . '"?>'
+               . "\n\n";
+    }
+
+    /**
+     * @return string  the closing  tag
+     */
+    function xml_footer()
+    {
+        return "\n";
+    }
+
+    /**
+     * @return void
+     *
+     * @uses XML_RPC_Message::xml_header(), XML_RPC_Message::xml_footer()
+     */
+    function createPayload()
+    {
+        $this->payload = $this->xml_header();
+        $this->payload .= '' . $this->methodname . "\n";
+        $this->payload .= "\n";
+        for ($i = 0; $i < sizeof($this->params); $i++) {
+            $p = $this->params[$i];
+            $this->payload .= "\n" . $p->serialize() . "\n";
+        }
+        $this->payload .= "\n";
+        $this->payload .= $this->xml_footer();
+        $this->payload = ereg_replace("[\r\n]+", "\r\n", $this->payload);
+    }
+
+    /**
+     * @return string  the name of the method
+     */
+    function method($meth = '')
+    {
+        if ($meth != '') {
+            $this->methodname = $meth;
+        }
+        return $this->methodname;
+    }
+
+    /**
+     * @return string  the payload
+     */
+    function serialize()
+    {
+        $this->createPayload();
+        return $this->payload;
+    }
+
+    /**
+     * @return void
+     */
+    function addParam($par)
+    {
+        $this->params[] = $par;
+    }
+
+    /**
+     * Obtains an XML_RPC_Value object for the given parameter
+     *
+     * @param int $i  the index number of the parameter to obtain
+     *
+     * @return object  the XML_RPC_Value object.
+     *                  If the parameter doesn't exist, an XML_RPC_Response object.
+     *
+     * @since Returns XML_RPC_Response object on error since Release 1.3.0
+     */
+    function getParam($i)
+    {
+        global $XML_RPC_err, $XML_RPC_str;
+
+        if (isset($this->params[$i])) {
+            return $this->params[$i];
+        } else {
+            $this->raiseError('The submitted request did not contain this parameter',
+                              XML_RPC_ERROR_INCORRECT_PARAMS);
+            return new XML_RPC_Response(0, $XML_RPC_err['incorrect_params'],
+                                        $XML_RPC_str['incorrect_params']);
+        }
+    }
+
+    /**
+     * @return int  the number of parameters
+     */
+    function getNumParams()
+    {
+        return sizeof($this->params);
+    }
+
+    /**
+     * Sets the XML declaration's encoding attribute
+     *
+     * @param string $type  the encoding type (ISO-8859-1, UTF-8 or US-ASCII)
+     *
+     * @return void
+     *
+     * @see XML_RPC_Message::$send_encoding, XML_RPC_Message::xml_header()
+     * @since Method available since Release 1.2.0
+     */
+    function setSendEncoding($type)
+    {
+        $this->send_encoding = $type;
+    }
+
+    /**
+     * Determine the XML's encoding via the encoding attribute
+     * in the XML declaration
+     *
+     * If the encoding parameter is not set or is not ISO-8859-1, UTF-8
+     * or US-ASCII, $XML_RPC_defencoding will be returned.
+     *
+     * @param string $data  the XML that will be parsed
+     *
+     * @return string  the encoding to be used
+     *
+     * @link   http://php.net/xml_parser_create
+     * @since  Method available since Release 1.2.0
+     */
+    function getEncoding($data)
+    {
+        global $XML_RPC_defencoding;
+
+        if (preg_match('/<\?xml[^>]*\s*encoding\s*=\s*[\'"]([^"\']*)[\'"]/i',
+                       $data, $match))
+        {
+            $match[1] = trim(strtoupper($match[1]));
+            switch ($match[1]) {
+                case 'ISO-8859-1':
+                case 'UTF-8':
+                case 'US-ASCII':
+                    return $match[1];
+                    break;
+
+                default:
+                    return $XML_RPC_defencoding;
+            }
+        } else {
+            return $XML_RPC_defencoding;
+        }
+    }
+
+    /**
+     * @return object  a new XML_RPC_Response object
+     */
+    function parseResponseFile($fp)
+    {
+        $ipd = '';
+        while ($data = @fread($fp, 8192)) {
+            $ipd .= $data;
+        }
+        return $this->parseResponse($ipd);
+    }
+
+    /**
+     * @return object  a new XML_RPC_Response object
+     */
+    function parseResponse($data = '')
+    {
+        global $XML_RPC_xh, $XML_RPC_err, $XML_RPC_str, $XML_RPC_defencoding;
+
+        $encoding = $this->getEncoding($data);
+        $parser_resource = xml_parser_create($encoding);
+        $parser = (int) $parser_resource;
+
+        $XML_RPC_xh = array();
+        $XML_RPC_xh[$parser] = array();
+
+        $XML_RPC_xh[$parser]['cm'] = 0;
+        $XML_RPC_xh[$parser]['isf'] = 0;
+        $XML_RPC_xh[$parser]['ac'] = '';
+        $XML_RPC_xh[$parser]['qt'] = '';
+        $XML_RPC_xh[$parser]['stack'] = array();
+        $XML_RPC_xh[$parser]['valuestack'] = array();
+
+        xml_parser_set_option($parser_resource, XML_OPTION_CASE_FOLDING, true);
+        xml_set_element_handler($parser_resource, 'XML_RPC_se', 'XML_RPC_ee');
+        xml_set_character_data_handler($parser_resource, 'XML_RPC_cd');
+
+        $hdrfnd = 0;
+        if ($this->debug) {
+            print "\n
---GOT---\n";
+            print isset($_SERVER['SERVER_PROTOCOL']) ? htmlspecialchars($data) : $data;
+            print "\n---END---
\n";
+        }
+
+        // See if response is a 200 or a 100 then a 200, else raise error.
+        // But only do this if we're using the HTTP protocol.
+        if (ereg('^HTTP', $data) &&
+            !ereg('^HTTP/[0-9\.]+ 200 ', $data) &&
+            !preg_match('@^HTTP/[0-9\.]+ 10[0-9]([A-Za-z ]+)?[\r\n]+HTTP/[0-9\.]+ 200@', $data))
+        {
+                $errstr = substr($data, 0, strpos($data, "\n") - 1);
+                error_log('HTTP error, got response: ' . $errstr);
+                $r = new XML_RPC_Response(0, $XML_RPC_err['http_error'],
+                                          $XML_RPC_str['http_error'] . ' (' .
+                                          $errstr . ')');
+                xml_parser_free($parser_resource);
+                return $r;
+        }
+
+        // gotta get rid of headers here
+        if (!$hdrfnd && ($brpos = strpos($data,"\r\n\r\n"))) {
+            $XML_RPC_xh[$parser]['ha'] = substr($data, 0, $brpos);
+            $data = substr($data, $brpos + 4);
+            $hdrfnd = 1;
+        }
+
+        /*
+         * be tolerant of junk after methodResponse
+         * (e.g. javascript automatically inserted by free hosts)
+         * thanks to Luca Mariano 
+         */
+        $data = substr($data, 0, strpos($data, "") + 17);
+
+        if (!xml_parse($parser_resource, $data, sizeof($data))) {
+            // thanks to Peter Kocks 
+            if (xml_get_current_line_number($parser_resource) == 1) {
+                $errstr = 'XML error at line 1, check URL';
+            } else {
+                $errstr = sprintf('XML error: %s at line %d',
+                                  xml_error_string(xml_get_error_code($parser_resource)),
+                                  xml_get_current_line_number($parser_resource));
+            }
+            error_log($errstr);
+            $r = new XML_RPC_Response(0, $XML_RPC_err['invalid_return'],
+                                      $XML_RPC_str['invalid_return']);
+            xml_parser_free($parser_resource);
+            return $r;
+        }
+
+        xml_parser_free($parser_resource);
+
+        if ($this->debug) {
+            print "\n
---PARSED---\n";
+            var_dump($XML_RPC_xh[$parser]['value']);
+            print "---END---
\n";
+        }
+
+        if ($XML_RPC_xh[$parser]['isf'] > 1) {
+            $r = new XML_RPC_Response(0, $XML_RPC_err['invalid_return'],
+                                      $XML_RPC_str['invalid_return'].' '.$XML_RPC_xh[$parser]['isf_reason']);
+        } elseif (!is_object($XML_RPC_xh[$parser]['value'])) {
+            // then something odd has happened
+            // and it's time to generate a client side error
+            // indicating something odd went on
+            $r = new XML_RPC_Response(0, $XML_RPC_err['invalid_return'],
+                                      $XML_RPC_str['invalid_return']);
+        } else {
+            $v = $XML_RPC_xh[$parser]['value'];
+            $allOK=1;
+            if ($XML_RPC_xh[$parser]['isf']) {
+                $f = $v->structmem('faultCode');
+                $fs = $v->structmem('faultString');
+                $r = new XML_RPC_Response($v, $f->scalarval(),
+                                          $fs->scalarval());
+            } else {
+                $r = new XML_RPC_Response($v);
+            }
+        }
+        $r->hdrs = split("\r?\n", $XML_RPC_xh[$parser]['ha'][1]);
+        return $r;
+    }
+}
+
+/**
+ * The methods and properties that represent data in XML RPC format
+ *
+ * @category   Web Services
+ * @package    XML_RPC
+ * @author     Edd Dumbill 
+ * @author     Stig Bakken 
+ * @author     Martin Jansen 
+ * @author     Daniel Convissor 
+ * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
+ * @version    Release: 1.4.0
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+class XML_RPC_Value extends XML_RPC_Base
+{
+    var $me = array();
+    var $mytype = 0;
+
+    /**
+     * @return void
+     */
+    function XML_RPC_Value($val = -1, $type = '')
+    {
+        global $XML_RPC_Types;
+        $this->me = array();
+        $this->mytype = 0;
+        if ($val != -1 || $type != '') {
+            if ($type == '') {
+                $type = 'string';
+            }
+            if (!array_key_exists($type, $XML_RPC_Types)) {
+                // XXX
+                // need some way to report this error
+            } elseif ($XML_RPC_Types[$type] == 1) {
+                $this->addScalar($val, $type);
+            } elseif ($XML_RPC_Types[$type] == 2) {
+                $this->addArray($val);
+            } elseif ($XML_RPC_Types[$type] == 3) {
+                $this->addStruct($val);
+            }
+        }
+    }
+
+    /**
+     * @return int  returns 1 if successful or 0 if there are problems
+     */
+    function addScalar($val, $type = 'string')
+    {
+        global $XML_RPC_Types, $XML_RPC_Boolean;
+
+        if ($this->mytype == 1) {
+            $this->raiseError('Scalar can have only one value',
+                              XML_RPC_ERROR_INVALID_TYPE);
+            return 0;
+        }
+        $typeof = $XML_RPC_Types[$type];
+        if ($typeof != 1) {
+            $this->raiseError("Not a scalar type (${typeof})",
+                              XML_RPC_ERROR_INVALID_TYPE);
+            return 0;
+        }
+
+        if ($type == $XML_RPC_Boolean) {
+            if (strcasecmp($val, 'true') == 0
+                || $val == 1
+                || ($val == true && strcasecmp($val, 'false')))
+            {
+                $val = 1;
+            } else {
+                $val = 0;
+            }
+        }
+
+        if ($this->mytype == 2) {
+            // we're adding to an array here
+            $ar = $this->me['array'];
+            $ar[] = new XML_RPC_Value($val, $type);
+            $this->me['array'] = $ar;
+        } else {
+            // a scalar, so set the value and remember we're scalar
+            $this->me[$type] = $val;
+            $this->mytype = $typeof;
+        }
+        return 1;
+    }
+
+    /**
+     * @return int  returns 1 if successful or 0 if there are problems
+     */
+    function addArray($vals)
+    {
+        global $XML_RPC_Types;
+        if ($this->mytype != 0) {
+            $this->raiseError(
+                    'Already initialized as a [' . $this->kindOf() . ']',
+                    XML_RPC_ERROR_ALREADY_INITIALIZED);
+            return 0;
+        }
+        $this->mytype = $XML_RPC_Types['array'];
+        $this->me['array'] = $vals;
+        return 1;
+    }
+
+    /**
+     * @return int  returns 1 if successful or 0 if there are problems
+     */
+    function addStruct($vals)
+    {
+        global $XML_RPC_Types;
+        if ($this->mytype != 0) {
+            $this->raiseError(
+                    'Already initialized as a [' . $this->kindOf() . ']',
+                    XML_RPC_ERROR_ALREADY_INITIALIZED);
+            return 0;
+        }
+        $this->mytype = $XML_RPC_Types['struct'];
+        $this->me['struct'] = $vals;
+        return 1;
+    }
+
+    /**
+     * @return void
+     */
+    function dump($ar)
+    {
+        reset($ar);
+        foreach ($ar as $key => $val) {
+            echo "$key => $val
";
+            if ($key == 'array') {
+                foreach ($val as $key2 => $val2) {
+                    echo "-- $key2 => $val2
";
+                }
+            }
+        }
+    }
+
+    /**
+     * @return string  the data type of the current value
+     */
+    function kindOf()
+    {
+        switch ($this->mytype) {
+        case 3:
+            return 'struct';
+
+        case 2:
+            return 'array';
+
+        case 1:
+            return 'scalar';
+
+        default:
+            return 'undef';
+        }
+    }
+
+    /**
+     * @return string  the data in XML format
+     */
+    function serializedata($typ, $val)
+    {
+        $rs = '';
+        global $XML_RPC_Types, $XML_RPC_Base64, $XML_RPC_String, $XML_RPC_Boolean;
+        if (!array_key_exists($typ, $XML_RPC_Types)) {
+            // XXX
+            // need some way to report this error
+            return;
+        }
+        switch ($XML_RPC_Types[$typ]) {
+        case 3:
+            // struct
+            $rs .= "\n";
+            reset($val);
+            foreach ($val as $key2 => $val2) {
+                $rs .= "${key2}\n";
+                $rs .= $this->serializeval($val2);
+                $rs .= "\n";
+            }
+            $rs .= '';
+            break;
+
+        case 2:
+            // array
+            $rs .= "\n\n";
+            for ($i = 0; $i < sizeof($val); $i++) {
+                $rs .= $this->serializeval($val[$i]);
+            }
+            $rs .= "\n";
+            break;
+
+        case 1:
+            switch ($typ) {
+            case $XML_RPC_Base64:
+                $rs .= "<${typ}>" . base64_encode($val) . "";
+                break;
+            case $XML_RPC_Boolean:
+                $rs .= "<${typ}>" . ($val ? '1' : '0') . "";
+                break;
+            case $XML_RPC_String:
+                $rs .= "<${typ}>" . htmlspecialchars($val). "";
+                break;
+            default:
+                $rs .= "<${typ}>${val}";
+            }
+        }
+        return $rs;
+    }
+
+    /**
+     * @return string  the data in XML format
+     */
+    function serialize()
+    {
+        return $this->serializeval($this);
+    }
+
+    /**
+     * @return string  the data in XML format
+     */
+    function serializeval($o)
+    {
+        if (!is_object($o) || empty($o->me) || !is_array($o->me)) {
+            return '';
+        }
+        $ar = $o->me;
+        reset($ar);
+        list($typ, $val) = each($ar);
+        return '' .  $this->serializedata($typ, $val) .  "\n";
+    }
+
+    /**
+     * @return mixed  the contents of the element requested
+     */
+    function structmem($m)
+    {
+        return $this->me['struct'][$m];
+    }
+
+    /**
+     * @return void
+     */
+    function structreset()
+    {
+        reset($this->me['struct']);
+    }
+
+    /**
+     * @return  the key/value pair of the struct's current element
+     */
+    function structeach()
+    {
+        return each($this->me['struct']);
+    }
+
+    /**
+     * @return mixed  the current value
+     */
+    function getval()
+    {
+        // UNSTABLE
+        global $XML_RPC_BOOLEAN, $XML_RPC_Base64;
+
+        reset($this->me);
+        $b = current($this->me);
+
+        // contributed by I Sofer, 2001-03-24
+        // add support for nested arrays to scalarval
+        // i've created a new method here, so as to
+        // preserve back compatibility
+
+        if (is_array($b)) {
+            foreach ($b as $id => $cont) {
+                $b[$id] = $cont->scalarval();
+            }
+        }
+
+        // add support for structures directly encoding php objects
+        if (is_object($b)) {
+            $t = get_object_vars($b);
+            foreach ($t as $id => $cont) {
+                $t[$id] = $cont->scalarval();
+            }
+            foreach ($t as $id => $cont) {
+                $b->$id = $cont;
+            }
+        }
+
+        // end contrib
+        return $b;
+    }
+
+    /**
+     * @return mixed
+     */
+    function scalarval()
+    {
+        global $XML_RPC_Boolean, $XML_RPC_Base64;
+        reset($this->me);
+        return current($this->me);
+    }
+
+    /**
+     * @return string
+     */
+    function scalartyp()
+    {
+        global $XML_RPC_I4, $XML_RPC_Int;
+        reset($this->me);
+        $a = key($this->me);
+        if ($a == $XML_RPC_I4) {
+            $a = $XML_RPC_Int;
+        }
+        return $a;
+    }
+
+    /**
+     * @return mixed  the struct's current element
+     */
+    function arraymem($m)
+    {
+        return $this->me['array'][$m];
+    }
+
+    /**
+     * @return int  the number of elements in the array
+     */
+    function arraysize()
+    {
+        reset($this->me);
+        list($a, $b) = each($this->me);
+        return sizeof($b);
+    }
+
+    /**
+     * Determines if the item submitted is an XML_RPC_Value object
+     *
+     * @param mixed $val  the variable to be evaluated
+     *
+     * @return bool  TRUE if the item is an XML_RPC_Value object
+     *
+     * @static
+     * @since Method available since Release 1.3.0
+     */
+    function isValue($val)
+    {
+        return (strtolower(get_class($val)) == 'xml_rpc_value');
+    }
+}
+
+/**
+ * Return an ISO8601 encoded string
+ *
+ * While timezones ought to be supported, the XML-RPC spec says:
+ *
+ * "Don't assume a timezone. It should be specified by the server in its
+ * documentation what assumptions it makes about timezones."
+ *
+ * This routine always assumes localtime unless $utc is set to 1, in which
+ * case UTC is assumed and an adjustment for locale is made when encoding.
+ *
+ * @return string  the formatted date
+ */
+function XML_RPC_iso8601_encode($timet, $utc = 0)
+{
+    if (!$utc) {
+        $t = strftime('%Y%m%dT%H:%M:%S', $timet);
+    } else {
+        if (function_exists('gmstrftime')) {
+            // gmstrftime doesn't exist in some versions
+            // of PHP
+            $t = gmstrftime('%Y%m%dT%H:%M:%S', $timet);
+        } else {
+            $t = strftime('%Y%m%dT%H:%M:%S', $timet - date('Z'));
+        }
+    }
+    return $t;
+}
+
+/**
+ * Convert a datetime string into a Unix timestamp
+ *
+ * While timezones ought to be supported, the XML-RPC spec says:
+ *
+ * "Don't assume a timezone. It should be specified by the server in its
+ * documentation what assumptions it makes about timezones."
+ *
+ * This routine always assumes localtime unless $utc is set to 1, in which
+ * case UTC is assumed and an adjustment for locale is made when encoding.
+ *
+ * @return int  the unix timestamp of the date submitted
+ */
+function XML_RPC_iso8601_decode($idate, $utc = 0)
+{
+    $t = 0;
+    if (ereg('([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})', $idate, $regs)) {
+        if ($utc) {
+            $t = gmmktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]);
+        } else {
+            $t = mktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]);
+        }
+    }
+    return $t;
+}
+
+/**
+ * Converts an XML_RPC_Value object into native PHP types
+ *
+ * @param object $XML_RPC_val  the XML_RPC_Value object to decode
+ *
+ * @return mixed  the PHP values
+ */
+function XML_RPC_decode($XML_RPC_val)
+{
+    $kind = $XML_RPC_val->kindOf();
+
+    if ($kind == 'scalar') {
+        return $XML_RPC_val->scalarval();
+
+    } elseif ($kind == 'array') {
+        $size = $XML_RPC_val->arraysize();
+        $arr = array();
+        for ($i = 0; $i < $size; $i++) {
+            $arr[] = XML_RPC_decode($XML_RPC_val->arraymem($i));
+        }
+        return $arr;
+
+    } elseif ($kind == 'struct') {
+        $XML_RPC_val->structreset();
+        $arr = array();
+        while (list($key, $value) = $XML_RPC_val->structeach()) {
+            $arr[$key] = XML_RPC_decode($value);
+        }
+        return $arr;
+    }
+}
+
+/**
+ * Converts native PHP types into an XML_RPC_Value object
+ *
+ * @param mixed $php_val  the PHP value or variable you want encoded
+ *
+ * @return object  the XML_RPC_Value object
+ */
+function XML_RPC_encode($php_val)
+{
+    global $XML_RPC_Boolean, $XML_RPC_Int, $XML_RPC_Double, $XML_RPC_String,
+           $XML_RPC_Array, $XML_RPC_Struct;
+
+    $type = gettype($php_val);
+    $XML_RPC_val = new XML_RPC_Value;
+
+    switch ($type) {
+    case 'array':
+        if (empty($php_val)) {
+            $XML_RPC_val->addArray($php_val);
+            break;
+        }
+        $tmp = array_diff(array_keys($php_val), range(0, count($php_val)-1));
+        if (empty($tmp)) {
+           $arr = array();
+           foreach ($php_val as $k => $v) {
+               $arr[$k] = XML_RPC_encode($v);
+           }
+           $XML_RPC_val->addArray($arr);
+           break;
+        }
+        // fall though if it's not an enumerated array
+
+    case 'object':
+        $arr = array();
+        foreach ($php_val as $k => $v) {
+            $arr[$k] = XML_RPC_encode($v);
+        }
+        $XML_RPC_val->addStruct($arr);
+        break;
+
+    case 'integer':
+        $XML_RPC_val->addScalar($php_val, $XML_RPC_Int);
+        break;
+
+    case 'double':
+        $XML_RPC_val->addScalar($php_val, $XML_RPC_Double);
+        break;
+
+    case 'string':
+    case 'NULL':
+        $XML_RPC_val->addScalar($php_val, $XML_RPC_String);
+        break;
+
+    case 'boolean':
+        // Add support for encoding/decoding of booleans, since they
+        // are supported in PHP
+        // by 
+        $XML_RPC_val->addScalar($php_val, $XML_RPC_Boolean);
+        break;
+
+    case 'unknown type':
+    default:
+        $XML_RPC_val = false;
+    }
+    return $XML_RPC_val;
+}
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * c-hanging-comment-ender-p: nil
+ * End:
+ */
+
+?>
+XML_RPC-1.4.0/Server.php100666      0      0       51010 10277724745   7727 
+ * @author     Stig Bakken 
+ * @author     Martin Jansen 
+ * @author     Daniel Convissor 
+ * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
+ * @version    CVS: $Id: Server.php,v 1.29 2005/08/14 20:25:35 danielc Exp $
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+
+
+/**
+ * Pull in the XML_RPC class
+ */
+require_once 'XML/RPC.php';
+
+
+/**
+ * signature for system.listMethods: return = array,
+ * parameters = a string or nothing
+ * @global array $GLOBALS['XML_RPC_Server_listMethods_sig']
+ */
+$GLOBALS['XML_RPC_Server_listMethods_sig'] = array(
+    array($GLOBALS['XML_RPC_Array'],
+          $GLOBALS['XML_RPC_String']
+    ),
+    array($GLOBALS['XML_RPC_Array'])
+);
+
+/**
+ * docstring for system.listMethods
+ * @global string $GLOBALS['XML_RPC_Server_listMethods_doc']
+ */
+$GLOBALS['XML_RPC_Server_listMethods_doc'] = 'This method lists all the'
+        . ' methods that the XML-RPC server knows how to dispatch';
+
+/**
+ * signature for system.methodSignature: return = array,
+ * parameters = string
+ * @global array $GLOBALS['XML_RPC_Server_methodSignature_sig']
+ */
+$GLOBALS['XML_RPC_Server_methodSignature_sig'] = array(
+    array($GLOBALS['XML_RPC_Array'],
+          $GLOBALS['XML_RPC_String']
+    )
+);
+
+/**
+ * docstring for system.methodSignature
+ * @global string $GLOBALS['XML_RPC_Server_methodSignature_doc']
+ */
+$GLOBALS['XML_RPC_Server_methodSignature_doc'] = 'Returns an array of known'
+        . ' signatures (an array of arrays) for the method name passed. If'
+        . ' no signatures are known, returns a none-array (test for type !='
+        . ' array to detect missing signature)';
+
+/**
+ * signature for system.methodHelp: return = string,
+ * parameters = string
+ * @global array $GLOBALS['XML_RPC_Server_methodHelp_sig']
+ */
+$GLOBALS['XML_RPC_Server_methodHelp_sig'] = array(
+    array($GLOBALS['XML_RPC_String'],
+          $GLOBALS['XML_RPC_String']
+    )
+);
+
+/**
+ * docstring for methodHelp
+ * @global string $GLOBALS['XML_RPC_Server_methodHelp_doc']
+ */
+$GLOBALS['XML_RPC_Server_methodHelp_doc'] = 'Returns help text if defined'
+        . ' for the method passed, otherwise returns an empty string';
+
+/**
+ * dispatch map for the automatically declared XML-RPC methods.
+ * @global array $GLOBALS['XML_RPC_Server_dmap']
+ */
+$GLOBALS['XML_RPC_Server_dmap'] = array(
+    'system.listMethods' => array(
+        'function'  => 'XML_RPC_Server_listMethods',
+        'signature' => $GLOBALS['XML_RPC_Server_listMethods_sig'],
+        'docstring' => $GLOBALS['XML_RPC_Server_listMethods_doc']
+    ),
+    'system.methodHelp' => array(
+        'function'  => 'XML_RPC_Server_methodHelp',
+        'signature' => $GLOBALS['XML_RPC_Server_methodHelp_sig'],
+        'docstring' => $GLOBALS['XML_RPC_Server_methodHelp_doc']
+    ),
+    'system.methodSignature' => array(
+        'function'  => 'XML_RPC_Server_methodSignature',
+        'signature' => $GLOBALS['XML_RPC_Server_methodSignature_sig'],
+        'docstring' => $GLOBALS['XML_RPC_Server_methodSignature_doc']
+    )
+);
+
+/**
+ * @global string $GLOBALS['XML_RPC_Server_debuginfo']
+ */
+$GLOBALS['XML_RPC_Server_debuginfo'] = '';
+
+
+/**
+ * Lists all the methods that the XML-RPC server knows how to dispatch
+ *
+ * @return object  a new XML_RPC_Response object
+ */
+function XML_RPC_Server_listMethods($server, $m)
+{
+    global $XML_RPC_err, $XML_RPC_str, $XML_RPC_Server_dmap;
+
+    $v = new XML_RPC_Value();
+    $outAr = array();
+    foreach ($server->dmap as $key => $val) {
+        $outAr[] = new XML_RPC_Value($key, 'string');
+    }
+    foreach ($XML_RPC_Server_dmap as $key => $val) {
+        $outAr[] = new XML_RPC_Value($key, 'string');
+    }
+    $v->addArray($outAr);
+    return new XML_RPC_Response($v);
+}
+
+/**
+ * Returns an array of known signatures (an array of arrays)
+ * for the given method
+ *
+ * If no signatures are known, returns a none-array
+ * (test for type != array to detect missing signature)
+ *
+ * @return object  a new XML_RPC_Response object
+ */
+function XML_RPC_Server_methodSignature($server, $m)
+{
+    global $XML_RPC_err, $XML_RPC_str, $XML_RPC_Server_dmap;
+
+    $methName = $m->getParam(0);
+    $methName = $methName->scalarval();
+    if (strpos($methName, 'system.') === 0) {
+        $dmap = $XML_RPC_Server_dmap;
+        $sysCall = 1;
+    } else {
+        $dmap = $server->dmap;
+        $sysCall = 0;
+    }
+    //  print "\n";
+    if (isset($dmap[$methName])) {
+        if ($dmap[$methName]['signature']) {
+            $sigs = array();
+            $thesigs = $dmap[$methName]['signature'];
+            for ($i = 0; $i < sizeof($thesigs); $i++) {
+                $cursig = array();
+                $inSig = $thesigs[$i];
+                for ($j = 0; $j < sizeof($inSig); $j++) {
+                    $cursig[] = new XML_RPC_Value($inSig[$j], 'string');
+                }
+                $sigs[] = new XML_RPC_Value($cursig, 'array');
+            }
+            $r = new XML_RPC_Response(new XML_RPC_Value($sigs, 'array'));
+        } else {
+            $r = new XML_RPC_Response(new XML_RPC_Value('undef', 'string'));
+        }
+    } else {
+        $r = new XML_RPC_Response(0, $XML_RPC_err['introspect_unknown'],
+                                  $XML_RPC_str['introspect_unknown']);
+    }
+    return $r;
+}
+
+/**
+ * Returns help text if defined for the method passed, otherwise returns
+ * an empty string
+ *
+ * @return object  a new XML_RPC_Response object
+ */
+function XML_RPC_Server_methodHelp($server, $m)
+{
+    global $XML_RPC_err, $XML_RPC_str, $XML_RPC_Server_dmap;
+
+    $methName = $m->getParam(0);
+    $methName = $methName->scalarval();
+    if (strpos($methName, 'system.') === 0) {
+        $dmap = $XML_RPC_Server_dmap;
+        $sysCall = 1;
+    } else {
+        $dmap = $server->dmap;
+        $sysCall = 0;
+    }
+
+    if (isset($dmap[$methName])) {
+        if ($dmap[$methName]['docstring']) {
+            $r = new XML_RPC_Response(new XML_RPC_Value($dmap[$methName]['docstring']),
+                                                        'string');
+        } else {
+            $r = new XML_RPC_Response(new XML_RPC_Value('', 'string'));
+        }
+    } else {
+        $r = new XML_RPC_Response(0, $XML_RPC_err['introspect_unknown'],
+                                     $XML_RPC_str['introspect_unknown']);
+    }
+    return $r;
+}
+
+/**
+ * @return void
+ */
+function XML_RPC_Server_debugmsg($m)
+{
+    global $XML_RPC_Server_debuginfo;
+    $XML_RPC_Server_debuginfo = $XML_RPC_Server_debuginfo . $m . "\n";
+}
+
+
+/**
+ * A server for receiving and replying to XML RPC requests
+ *
+ * 
+ * $server = new XML_RPC_Server(
+ *     array(
+ *         'isan8' =>
+ *             array(
+ *                 'function' => 'is_8',
+ *                 'signature' =>
+ *                      array(
+ *                          array('boolean', 'int'),
+ *                          array('boolean', 'int', 'boolean'),
+ *                          array('boolean', 'string'),
+ *                          array('boolean', 'string', 'boolean'),
+ *                      ),
+ *                 'docstring' => 'Is the value an 8?'
+ *             ),
+ *     ),
+ *     1,
+ *     0
+ * ); 
+ * 
+ *
+ * @category   Web Services
+ * @package    XML_RPC
+ * @author     Edd Dumbill 
+ * @author     Stig Bakken 
+ * @author     Martin Jansen 
+ * @author     Daniel Convissor 
+ * @copyright  1999-2001 Edd Dumbill, 2001-2005 The PHP Group
+ * @version    Release: 1.4.0
+ * @link       http://pear.php.net/package/XML_RPC
+ */
+class XML_RPC_Server
+{
+    /**
+     * The dispatch map, listing the methods this server provides.
+     * @var array
+     */
+    var $dmap = array();
+
+    /**
+     * The present response's encoding
+     * @var string
+     * @see XML_RPC_Message::getEncoding()
+     */
+    var $encoding = '';
+
+    /**
+     * Debug mode (0 = off, 1 = on)
+     * @var integer
+     */
+    var $debug = 0;
+
+    /**
+     * The response's HTTP headers
+     * @var string
+     */
+    var $server_headers = '';
+
+    /**
+     * The response's XML payload
+     * @var string
+     */
+    var $server_payload = '';
+
+
+    /**
+     * Constructor for the XML_RPC_Server class
+     *
+     * @param array $dispMap   the dispatch map. An associative array
+     *                          explaining each function. The keys of the main
+     *                          array are the procedure names used by the
+     *                          clients. The value is another associative array
+     *                          that contains up to three elements:
+     *                            + The 'function' element's value is the name
+     *                              of the function or method that gets called.
+     *                              To define a class' method: 'class::method'.
+     *                            + The 'signature' element (optional) is an
+     *                              array describing the return values and
+     *                              parameters
+     *                            + The 'docstring' element (optional) is a
+     *                              string describing what the method does
+     * @param int $serviceNow  should the HTTP response be sent now?
+     *                          (1 = yes, 0 = no)
+     * @param int $debug       should debug output be displayed?
+     *                          (1 = yes, 0 = no)
+     *
+     * @return void
+     */
+    function XML_RPC_Server($dispMap, $serviceNow = 1, $debug = 0)
+    {
+        global $HTTP_RAW_POST_DATA;
+
+        if ($debug) {
+            $this->debug = 1;
+        } else {
+            $this->debug = 0;
+        }
+
+        $this->dmap = $dispMap;
+
+        if ($serviceNow) {
+            $this->service();
+        } else {
+            $this->createServerPayload();
+            $this->createServerHeaders();
+        }
+    }
+
+    /**
+     * @return string  the debug information if debug debug mode is on
+     */
+    function serializeDebug()
+    {
+        global $XML_RPC_Server_debuginfo, $HTTP_RAW_POST_DATA;
+
+        if ($this->debug) {
+            XML_RPC_Server_debugmsg('vvv POST DATA RECEIVED BY SERVER vvv' . "\n"
+                                    . $HTTP_RAW_POST_DATA
+                                    . "\n" . '^^^ END POST DATA ^^^');
+        }
+
+        if ($XML_RPC_Server_debuginfo != '') {
+            return "\n";
+        } else {
+            return '';
+        }
+    }
+
+    /**
+     * Sends the response
+     *
+     * The encoding and content-type are determined by
+     * XML_RPC_Message::getEncoding()
+     *
+     * @return void
+     *
+     * @uses XML_RPC_Server::createServerPayload(),
+     *       XML_RPC_Server::createServerHeaders()
+     */
+    function service()
+    {
+        if (!$this->server_payload) {
+            $this->createServerPayload();
+        }
+        if (!$this->server_headers) {
+            $this->createServerHeaders();
+        }
+        header($this->server_headers);
+        print $this->server_payload;
+    }
+
+    /**
+     * Generates the payload and puts it in the $server_payload property
+     *
+     * @return void
+     *
+     * @uses XML_RPC_Server::parseRequest(), XML_RPC_Server::$encoding,
+     *       XML_RPC_Response::serialize(), XML_RPC_Server::serializeDebug()
+     */
+    function createServerPayload()
+    {
+        $r = $this->parseRequest();
+        $this->server_payload = 'encoding . '"?>' . "\n"
+                              . $this->serializeDebug()
+                              . $r->serialize();
+    }
+
+    /**
+     * Determines the HTTP headers and puts them in the $server_headers
+     * property
+     *
+     * @return boolean  TRUE if okay, FALSE if $server_payload isn't set.
+     *
+     * @uses XML_RPC_Server::createServerPayload(),
+     *       XML_RPC_Server::$server_headers
+     */
+    function createServerHeaders()
+    {
+        if (!$this->server_payload) {
+            return false;
+        }
+        $this->server_headers = 'Content-Length: '
+                              . strlen($this->server_payload) . "\r\n"
+                              . 'Content-Type: text/xml;'
+                              . ' charset=' . $this->encoding;
+        return true;
+    }
+
+    /**
+     * @return array
+     */
+    function verifySignature($in, $sig)
+    {
+        for ($i = 0; $i < sizeof($sig); $i++) {
+            // check each possible signature in turn
+            $cursig = $sig[$i];
+            if (sizeof($cursig) == $in->getNumParams() + 1) {
+                $itsOK = 1;
+                for ($n = 0; $n < $in->getNumParams(); $n++) {
+                    $p = $in->getParam($n);
+                    // print "\n";
+                    if ($p->kindOf() == 'scalar') {
+                        $pt = $p->scalartyp();
+                    } else {
+                        $pt = $p->kindOf();
+                    }
+                    // $n+1 as first type of sig is return type
+                    if ($pt != $cursig[$n+1]) {
+                        $itsOK = 0;
+                        $pno = $n+1;
+                        $wanted = $cursig[$n+1];
+                        $got = $pt;
+                        break;
+                    }
+                }
+                if ($itsOK) {
+                    return array(1);
+                }
+            }
+        }
+        if (isset($wanted)) {
+            return array(0, "Wanted ${wanted}, got ${got} at param ${pno}");
+        } else {
+            $allowed = array();
+            foreach ($sig as $val) {
+                end($val);
+                $allowed[] = key($val);
+            }
+            $allowed = array_unique($allowed);
+            $last = count($allowed) - 1;
+            if ($last > 0) {
+                $allowed[$last] = 'or ' . $allowed[$last];
+            }
+            return array(0,
+                         'Signature permits ' . implode(', ', $allowed)
+                                . ' parameters but the request had '
+                                . $in->getNumParams());
+        }
+    }
+
+    /**
+     * @return object  a new XML_RPC_Response object
+     *
+     * @uses XML_RPC_Message::getEncoding(), XML_RPC_Server::$encoding
+     */
+    function parseRequest($data = '')
+    {
+        global $XML_RPC_xh, $HTTP_RAW_POST_DATA,
+                $XML_RPC_err, $XML_RPC_str, $XML_RPC_errxml,
+                $XML_RPC_defencoding, $XML_RPC_Server_dmap;
+
+        if ($data == '') {
+            $data = $HTTP_RAW_POST_DATA;
+        }
+
+        $this->encoding = XML_RPC_Message::getEncoding($data);
+        $parser_resource = xml_parser_create($this->encoding);
+        $parser = (int) $parser_resource;
+
+        $XML_RPC_xh[$parser] = array();
+        $XML_RPC_xh[$parser]['cm']     = 0;
+        $XML_RPC_xh[$parser]['isf']    = 0;
+        $XML_RPC_xh[$parser]['params'] = array();
+        $XML_RPC_xh[$parser]['method'] = '';
+        $XML_RPC_xh[$parser]['stack'] = array();	
+        $XML_RPC_xh[$parser]['valuestack'] = array();	
+
+        $plist = '';
+
+        // decompose incoming XML into request structure
+
+        xml_parser_set_option($parser_resource, XML_OPTION_CASE_FOLDING, true);
+        xml_set_element_handler($parser_resource, 'XML_RPC_se', 'XML_RPC_ee');
+        xml_set_character_data_handler($parser_resource, 'XML_RPC_cd');
+        if (!xml_parse($parser_resource, $data, 1)) {
+            // return XML error as a faultCode
+            $r = new XML_RPC_Response(0,
+                                      $XML_RPC_errxml+xml_get_error_code($parser_resource),
+                                      sprintf('XML error: %s at line %d',
+                                              xml_error_string(xml_get_error_code($parser_resource)),
+                                              xml_get_current_line_number($parser_resource)));
+            xml_parser_free($parser_resource);
+        } elseif ($XML_RPC_xh[$parser]['isf']>1) {
+            $r = new XML_RPC_Response(0,
+                                      $XML_RPC_err['invalid_request'],
+                                      $XML_RPC_str['invalid_request']
+                                      . ': '
+                                      . $XML_RPC_xh[$parser]['isf_reason']);
+            xml_parser_free($parser_resource);
+        } else {
+            xml_parser_free($parser_resource);
+            $m = new XML_RPC_Message($XML_RPC_xh[$parser]['method']);
+            // now add parameters in
+            for ($i = 0; $i < sizeof($XML_RPC_xh[$parser]['params']); $i++) {
+                // print '\n";
+                $plist .= "$i - " . var_export($XML_RPC_xh[$parser]['params'][$i], true) . " \n";
+                $m->addParam($XML_RPC_xh[$parser]['params'][$i]);
+            }
+            XML_RPC_Server_debugmsg($plist);
+
+            // now to deal with the method
+            $methName = $XML_RPC_xh[$parser]['method'];
+            if (strpos($methName, 'system.') === 0) {
+                $dmap = $XML_RPC_Server_dmap;
+                $sysCall = 1;
+            } else {
+                $dmap = $this->dmap;
+                $sysCall = 0;
+            }
+
+            if (isset($dmap[$methName]['function'])
+                && is_string($dmap[$methName]['function'])
+                && strpos($dmap[$methName]['function'], '::') !== false)
+            {
+                $dmap[$methName]['function'] =
+                        explode('::', $dmap[$methName]['function']);
+            }
+
+            if (isset($dmap[$methName]['function'])
+                && is_callable($dmap[$methName]['function']))
+            {
+                // dispatch if exists
+                if (isset($dmap[$methName]['signature'])) {
+                    $sr = $this->verifySignature($m,
+                                                 $dmap[$methName]['signature'] );
+                }
+                if (!isset($dmap[$methName]['signature']) || $sr[0]) {
+                    // if no signature or correct signature
+                    if ($sysCall) {
+                        $r = call_user_func($dmap[$methName]['function'], $this, $m);
+                    } else {
+                        $r = call_user_func($dmap[$methName]['function'], $m);
+                    }
+                    if (!is_a($r, 'XML_RPC_Response')) {
+                        $r = new XML_RPC_Response(0, $XML_RPC_err['not_response_object'],
+                                                  $XML_RPC_str['not_response_object']);
+                    }
+                } else {
+                    $r = new XML_RPC_Response(0, $XML_RPC_err['incorrect_params'],
+                                              $XML_RPC_str['incorrect_params']
+                                              . ': ' . $sr[1]);
+                }
+            } else {
+                // else prepare error response
+                $r = new XML_RPC_Response(0, $XML_RPC_err['unknown_method'],
+                                          $XML_RPC_str['unknown_method']);
+            }
+        }
+        return $r;
+    }
+
+    /**
+     * Echos back the input packet as a string value
+     *
+     * @return void
+     *
+     * Useful for debugging.
+     */
+    function echoInput()
+    {
+        global $HTTP_RAW_POST_DATA;
+
+        $r = new XML_RPC_Response(0);
+        $r->xv = new XML_RPC_Value("'Aha said I: '" . $HTTP_RAW_POST_DATA, 'string');
+        print $r->serialize();
+    }
+}
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * c-hanging-comment-ender-p: nil
+ * End:
+ */
+
+?>
+package.xml100666      0      0       25606 10277724746   6300 
+
+
+ XML_RPC
+ PHP implementation of the XML-RPC protocol
+ A PEAR-ified version of Useful Inc's XML-RPC for PHP.
+
+It has support for HTTP/HTTPS transport, proxies and authentication.
+ 
+ 
+  
+   ssb
+   Stig Bakken
+   stig@php.net
+   lead
+  
+  
+   danielc
+   Daniel Convissor
+   danielc@php.net
+   lead
+  
+  
+ 
+  1.4.0
+  2005-08-14
+  PHP License
+  stable
+  * MAJOR SECURITY FIX: eliminate use of eval().
+* Using socket_get_status() because stream_get_meta_data() was introduced in 4.3.0, but we need to support 4.2.0.  Bug 4805.
+  
+  
+   
+    
+   
+   
+    
+   
+   
+    
+   
+   
+    
+   
+   
+    
+   
+  
+ 
+ 
+   
+    1.3.3
+    2005-07-15
+    stable
+    * Eliminate memory leak by resetting $XML_RPC_xh each time parseResponse() is called.  Bug 4780.
+* Using socket_set_timeout() because stream_set_timeout() was introduced in 4.3.0, but we need to support 4.2.0.  Bug 4805.
+    
+   
+   
+    1.3.2
+    2005-07-07
+    stable
+    * Eliminate path disclosure vulnerabilities by suppressing error messages when eval()'ing.
+* Eliminate path disclosure vulnerability by catching bogus parameters submitted to XML_RPC_Value::serializeval().
+* In XML_RPC_Server::service(), only call createServerPayload() and createServerHeaders() if necessary.  Fixes compatibility issue introduced in Release 1.3.0RC1 for users who set the $serviceNow parameter of XML_RPC_Server() to 0.  Bug 4757.
+* Change "var $errstring" to "var $errstr".  Bug 4582.  Was put into CVS version 1.75 of RPC.php but didn't make it into RELEASE_1_3_1.
+    
+   
+   
+    1.3.1
+    2005-06-29
+    stable
+    * Security fix. Update highly recommended!
+    
+   
+   
+    1.3.0
+    2005-06-13
+    stable
+    * Stable release.  See earlier releases for changes since 1.2.2.
+    
+   
+   
+    1.3.0RC3
+    2005-05-10
+    beta
+    * When verifying requests against function signatures, if the number of parameters don't match, provide an appropriate message.  NOTE: this resolves a path disclosure vulnerability.  (Refines the changes made in the last commit.)  Bug 4231.
+* XML_RPC_Message::getParam() now returns an XML_RPC_Response object upon error.  Changed from Release 1.3.0RC2.
+* Add the XML_RPC_Value::isValue() method. For testing if an item is an XML_RPC_Value object.
+* If XML_RPC_Client::send() is given an incorrect $msg parameter, raise an error with the new XML_RPC_ERROR_PROGRAMMING code and return 0.
+* Improve cross-platform operation by using PEAR::loadExtension() instead of dl().
+* Use <br /> instead of <br> in XML_RPC_Value::dump().
+    
+   
+   
+    1.3.0RC2
+    2005-05-05
+    beta
+    * If XML_RPC_Message::getParam() is given an incorrect parameter, raise an error with the new XML_RPC_ERROR_INCORRECT_PARAMS code and return FALSE.
+* Handle improper requests to XML_RPC_Server::verifySignature().  Bug 4231.
+* Try to allow HTTP 100 responses if followed by a 200 response.  Bug 4116.
+* Help Delphi users by making RPCMETHODNAME an alias for METHODNAME.  Request 4205.
+    
+   
+   
+    1.3.0RC1
+    2005-04-07
+    beta
+    * Improve timeout handling for situations where connection to server is made but no response is not received in time. Accomplished via stream_set_timeout().  Request 3963.
+* Add Fault Code 6: "The requested method didn't return an XML_RPC_Response object."  Request 4032.
+* Add the createServerPayload() and createServerHeaders() methods and the $server_payload and $server_headers properties.  Request 3121.
+* As in earlier versions, if the $serviceNow parameter to XML_RPC_Server() is 0, no data will be returned, but now the new $server_payload and $server_headers properties will be set.
+* Convert the parser handle to an integer before using it as an index for $XML_RPC_xh[$parser].  Reduces E_STRICT notices.  Bug 3782.
+* Add createHeaders() method and $headers property to XML_RPC_Client to make testing easier.
+    
+   
+   
+    1.2.2
+    2005-03-07
+    stable
+    * When using a proxy, add the protocol to the Request-URI, making it an "absoluteURI" as per the HTTP 1.0 spec.  Bug 3679.
+    
+   
+   
+    1.2.1
+    2005-03-01
+    stable
+    * Add isset() check before examining the dispatch map.  Bug 3658.
+    
+   
+   
+    1.2.0
+    2005-02-27
+    stable
+    * Provide the "stable" release.
+* Add package2.xml for compatibility with PEAR 1.4.0.
+* For changes since 1.1.0, see the changelogs for the various RC releases.
+    
+   
+   
+    1.2.0RC7
+    2005-02-22
+    beta
+    * Add the setSendEncoding() method and $send_encoding
+  property to XML_RPC_Message.  Request 3537.
+* Allow class methods to be mapped using either syntax:
+     'function' => 'hello::sayHello',
+     or
+     'function' => array('hello', 'sayhello'),
+  Bug 3363.
+* Use 8192 instead of 32768 for bytes in fread()
+  in parseResponseFile().  Bug 3340.
+    
+   
+   
+    1.2.0RC6
+    2005-01-25
+    beta
+    * Don't put the protocol in the Host field of the POST data.  (danielc)
+    
+   
+   
+    1.2.0RC5
+    2005-01-24
+    beta
+    * If $port is 443 but a protocol isn't specified in $server, assume ssl:// is the protocol.
+    
+   
+   
+    1.2.0RC4
+    2005-01-24
+    beta
+    * When a connection attempt fails, have the method return 0.  (danielc)
+* Move the protocol/port checking/switching and the property settings from sendPayloadHTTP10() to the XML_RPC_Client constructor.  (danielc)
+* Add tests for setting the client properties.  (danielc)
+* Remove $GLOBALS['XML_RPC_twoslash'] since it's not used.  (danielc)
+* Bundle the tests with the package.  (danielc)
+    
+   
+   
+    1.2.0RC3
+    2005-01-19
+    beta
+    * ssl uses port 443, not 445.
+    
+   
+   
+    1.2.0RC2
+    2005-01-11
+    beta
+    * Handle ssl:// in the $server string.  (danielc)
+* Also default to port 445 for ssl:// requests as well.  (danielc)
+* Enhance debugging in the server.  (danielc)
+    
+   
+   
+    1.2.0RC1
+    2004-12-30
+    beta
+    * Make things work with SSL.  Bug 2489.  (nkukard lbsd net)
+* Allow array function callbacks (Matt Kane)
+* Some minor speed-ups (Matt Kane)
+* Add Dump.php to the package (Christian Weiske)
+* Replace all line endings with \r\n.  Had only done replacements on \n.  Bug 2521.  (danielc)
+* Silence fsockopen() errors.  Bug 1714.  (danielc)
+* Encode empty arrays as an array. Bug 1493.  (danielc)
+* Eliminate undefined index notice when submitting empty arrays to XML_RPC_Encode().  Bug 1819.  (danielc)
+* Speed up check for enumerated arrays in XML_RPC_Encode().  (danielc)
+* Prepend "XML_RPC_" to ERROR_NON_NUMERIC_FOUND, eliminating problem when eval()'ing error messages.  (danielc)
+* Use XML_RPC_Base::raiseError() instead of PEAR::raiseError() in XML_RPC_ee() because PEAR.php is lazy loaded.  (danielc)
+* Allow raiseError() to be called statically.  (danielc)
+* Stop double escaping of character entities.  Bug 987.  (danielc)
+  NOTICE: the following have been removed:
+    * XML_RPC_dh()
+    * $GLOBALS['XML_RPC_entities']
+    * XML_RPC_entity_decode()
+    * XML_RPC_lookup_entity()
+* Determine the XML's encoding via the encoding attribute in the XML declaration.  Bug 52.  (danielc)
+    
+   
+   
+    1.1.0
+    2004-03-15
+    stable
+    * Added support for sequential arrays to XML_RPC_encode() (mroch)
+* Cleaned up new XML_RPC_encode() changes a bit (mroch, pierre)
+* Remove "require_once 'PEAR.php'", include only when needed to raise an error
+* Replace echo and error_log() with raiseError() (mroch)
+* Make all classes extend XML_RPC_Base, which will handle common functions  (mroch)
+* be tolerant of junk after methodResponse (Luca Mariano, mroch)
+* Silent notice even in the error log (pierre)
+* fix include of shared xml extension on win32 (pierre)
+    
+   
+   
+    1.0.4
+    2002-10-02
+    stable
+    * added HTTP proxy authorization support (thanks to Arnaud Limbourg)
+    
+   
+   
+    1.0.3
+    2002-05-19
+    stable
+    * fix bug when parsing responses with boolean types
+    
+   
+   
+    1.0.2
+    2002-04-16
+    stable
+    * E_ALL fixes
+* fix HTTP response header parsing
+    
+   
+   
+    1.0.1
+    2001-09-25
+    stable
+    This is a PEAR-ified version of Useful Inc's 1.0.1 release.
+Includes an urgent security fix identified by Dan Libby <dan@libby.com>.
+    
+   
+ 
+
+
\ Kein Zeilenumbruch am Dateiende.
diff -Nura php-4.4.0/php.ini-dist hardening-patch-4.4.0-0.4.2/php.ini-dist
--- php-4.4.0/php.ini-dist	2005-04-28 15:14:45.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/php.ini-dist	2005-09-07 18:40:29.105945520 +0200
@@ -1112,6 +1112,185 @@
 ;exif.decode_jis_motorola = JIS
 ;exif.decode_jis_intel    = JIS
 
+[hardening-patch]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's logging ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;
+; hphp.log.syslog   - Configures level for alerts reported through syslog
+; hphp.log.sapi     - Configures level for alerts reported through SAPI errorlog
+; hphp.log.script   - Configures level for alerts reported through external script
+;
+; hphp.log.syslog, hphp.log.sapi, hphp.log.script are bit-fields.
+; Or each number up to get desired Hardening-Patch's reporting level
+; 
+; S_ALL             - All alerts
+; S_MEMORY          - All canary violations and the safe unlink protection use this class
+; S_VARS            - All variable filters trigger this class
+; S_FILES           - All violation of uploaded files filter use this class
+; S_INCLUDE         - The protection against malicious include filenames use this class
+; S_SQL             - Failed SQL queries in MySQL are logged with this class
+; S_EXECUTOR        - The execution depth protection uses this logging class
+; S_MISC            - All other log messages (f.e. format string protection) use this class
+;
+; Example:
+;
+;   - Report all alerts (except memory alerts) to the SAPI errorlog, 
+;     memory alerts through syslog and SQL+Include alerts fo the script
+;
+;hphp.log.syslog = S_MEMORY
+;hphp.log.sapi   = S_ALL & ~S_MEMORY
+;hphp.log.script = S_INCLUDE | S_SQL
+;
+; Syslog logging:
+; 
+;   - Facility configuration: one of the following facilities
+;
+;        LOG_KERN, LOG_USER, LOG_MAIL, LOG_DAEMON
+;        LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS
+;        LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_LOCAL0
+;        LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4
+;        LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7, LOG_PID
+;        LOG_CONS, LOG_ODELAY, LOG_NDELAY, LOG_NOWAIT
+;        LOG_PERROR
+;
+;   - Priority configuration: one of the followinf priorities
+;
+;        LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_WARNING
+;        LOG_NOTICE, LOG_INFO, LOG_DEBUG, LOG_ERR
+; 
+hphp.log.syslog.priority = LOG_ALERT
+hphp.log.syslog.facility = LOG_USER
+;
+; Script logging:
+;
+;hphp.log.script.name = /home/hphp/log_script
+;
+; Alert configuration:
+;
+;   - Logged IP addresses from X-Forwarded-For instead of REMOTE_ADDR
+;
+;hphp.log.use-x-forwarded-for = On
+;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's Executor options ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Execution depth limit
+;hphp.executor.max_depth = 8000
+
+; White-/blacklist for function calls during normal execution
+;hphp.executor.func.whitelist = ord,chr
+;hphp.executor.func.blacklist = system,shell_exec,popen,proc_open,exec,passthru
+
+; White-/blacklist for function calls during eval() execution
+;hphp.executor.eval.whitelist = ord,chr
+;hphp.executor.eval.blacklist = system,shell_exec,popen,proc_open,exec,passthru
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's REQUEST variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of REQUEST variables
+hphp.request.max_vars = 200
+
+; Limits the length of variable names (without indices)
+hphp.request.max_varname_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.request.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.request.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.request.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.request.max_value_length = 65000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's COOKIE variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of COOKIE variables
+hphp.cookie.max_vars = 100
+
+; Limits the length of variable names (without indices)
+hphp.cookie.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.cookie.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.cookie.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.cookie.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.cookie.max_value_length = 10000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's GET variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of COOKIE variables
+hphp.get.max_vars = 100
+
+; Limits the length of variable names (without indices)
+hphp.get.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.get.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.get.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.get.max_array_depth = 50
+
+; Limits the length of variable values
+hphp.get.max_value_length = 512
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's POST variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of POST variables
+hphp.post.max_vars = 200
+
+; Limits the length of variable names (without indices)
+hphp.post.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.post.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.post.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.post.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.post.max_value_length = 65000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's fileupload variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of uploadable files
+hphp.upload.max_uploads = 25
+
+; Filter out the upload of ELF executables
+hphp.upload.disallow_elf_files = On
+
+; External filterscript for upload verification
+;hphp.upload.verification_script = /home/hphp/verify_script
+
+
 ; Local Variables:
 ; tab-width: 4
 ; End:
diff -Nura php-4.4.0/php.ini-recommended hardening-patch-4.4.0-0.4.2/php.ini-recommended
--- php-4.4.0/php.ini-recommended	2005-04-28 15:14:46.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/php.ini-recommended	2005-09-07 18:40:29.106945368 +0200
@@ -1110,6 +1110,185 @@
 ;exif.decode_jis_motorola = JIS
 ;exif.decode_jis_intel    = JIS
 
+[hardening-patch]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's logging ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;
+; hphp.log.syslog   - Configures level for alerts reported through syslog
+; hphp.log.sapi     - Configures level for alerts reported through SAPI errorlog
+; hphp.log.script   - Configures level for alerts reported through external script
+;
+; hphp.log.syslog, hphp.log.sapi, hphp.log.script are bit-fields.
+; Or each number up to get desired Hardening-Patch's reporting level
+; 
+; S_ALL             - All alerts
+; S_MEMORY          - All canary violations and the safe unlink protection use this class
+; S_VARS            - All variable filters trigger this class
+; S_FILES           - All violation of uploaded files filter use this class
+; S_INCLUDE         - The protection against malicious include filenames use this class
+; S_SQL             - Failed SQL queries in MySQL are logged with this class
+; S_EXECUTOR        - The execution depth protection uses this logging class
+; S_MISC            - All other log messages (f.e. format string protection) use this class
+;
+; Example:
+;
+;   - Report all alerts (except memory alerts) to the SAPI errorlog, 
+;     memory alerts through syslog and SQL+Include alerts fo the script
+;
+;hphp.log.syslog = S_MEMORY
+;hphp.log.sapi   = S_ALL & ~S_MEMORY
+;hphp.log.script = S_INCLUDE | S_SQL
+;
+; Syslog logging:
+; 
+;   - Facility configuration: one of the following facilities
+;
+;        LOG_KERN, LOG_USER, LOG_MAIL, LOG_DAEMON
+;        LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS
+;        LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_LOCAL0
+;        LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4
+;        LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7, LOG_PID
+;        LOG_CONS, LOG_ODELAY, LOG_NDELAY, LOG_NOWAIT
+;        LOG_PERROR
+;
+;   - Priority configuration: one of the followinf priorities
+;
+;        LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_WARNING
+;        LOG_NOTICE, LOG_INFO, LOG_DEBUG, LOG_ERR
+; 
+hphp.log.syslog.priority = LOG_ALERT
+hphp.log.syslog.facility = LOG_USER
+;
+; Script logging:
+;
+;hphp.log.script.name = /home/hphp/log_script
+;
+; Alert configuration:
+;
+;   - Logged IP addresses from X-Forwarded-For instead of REMOTE_ADDR
+;
+;hphp.log.use-x-forwarded-for = On
+;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's Executor options ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Execution depth limit
+;hphp.executor.max_depth = 8000
+
+; White-/blacklist for function calls during normal execution
+;hphp.executor.func.whitelist = ord,chr
+;hphp.executor.func.blacklist = system,shell_exec,popen,proc_open,exec,passthru
+
+; White-/blacklist for function calls during eval() execution
+;hphp.executor.eval.whitelist = ord,chr
+;hphp.executor.eval.blacklist = system,shell_exec,popen,proc_open,exec,passthru
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's REQUEST variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of REQUEST variables
+hphp.request.max_vars = 200
+
+; Limits the length of variable names (without indices)
+hphp.request.max_varname_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.request.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.request.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.request.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.request.max_value_length = 65000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's COOKIE variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of COOKIE variables
+hphp.cookie.max_vars = 100
+
+; Limits the length of variable names (without indices)
+hphp.cookie.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.cookie.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.cookie.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.cookie.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.cookie.max_value_length = 10000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's GET variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of COOKIE variables
+hphp.get.max_vars = 100
+
+; Limits the length of variable names (without indices)
+hphp.get.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.get.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.get.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.get.max_array_depth = 50
+
+; Limits the length of variable values
+hphp.get.max_value_length = 512
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's POST variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of POST variables
+hphp.post.max_vars = 200
+
+; Limits the length of variable names (without indices)
+hphp.post.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.post.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.post.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.post.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.post.max_value_length = 65000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's fileupload variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of uploadable files
+hphp.upload.max_uploads = 25
+
+; Filter out the upload of ELF executables
+hphp.upload.disallow_elf_files = On
+
+; External filterscript for upload verification
+;hphp.upload.verification_script = /home/hphp/verify_script
+
+
 ; Local Variables:
 ; tab-width: 4
 ; End:
diff -Nura php-4.4.0/README.input_filter hardening-patch-4.4.0-0.4.2/README.input_filter
--- php-4.4.0/README.input_filter	1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/README.input_filter	2005-09-07 18:40:29.107945216 +0200
@@ -0,0 +1,193 @@
+Input Filter Support ported from PHP 5
+--------------------------------------
+
+XSS (Cross Site Scripting) hacks are becoming more and more prevalent,
+and can be quite difficult to prevent.  Whenever you accept user data
+and somehow display this data back to users, you are likely vulnerable
+to XSS hacks.
+
+The Input Filter support in PHP 5 is aimed at providing the framework
+through which a company-wide or site-wide security policy can be
+enforced.  It is implemented as a SAPI hook and is called from the
+treat_data and post handler functions.  To implement your own security
+policy you will need to write a standard PHP extension.  
+
+A simple implementation might look like the following.  This stores the
+original raw user data and adds a my_get_raw() function while the normal
+$_POST, $_GET and $_COOKIE arrays are only populated with stripped
+data.  In this simple example all I am doing is calling strip_tags() on
+the data.  If register_globals is turned on, the default globals that
+are created will be stripped ($foo) while a $RAW_foo is created with the
+original user input.
+
+ZEND_BEGIN_MODULE_GLOBALS(my_input_filter)
+        zval *post_array;
+        zval *get_array;
+        zval *cookie_array;
+ZEND_END_MODULE_GLOBALS(my_input_filter)
+
+#ifdef ZTS
+#define IF_G(v) TSRMG(my_input_filter_globals_id, zend_my_input_filter_globals *, v)
+#else
+#define IF_G(v) (my_input_filter_globals.v)
+#endif
+
+ZEND_DECLARE_MODULE_GLOBALS(my_input_filter)
+
+function_entry my_input_filter_functions[] = {
+    PHP_FE(my_get_raw,   NULL)
+    {NULL, NULL, NULL}
+};
+
+zend_module_entry my_input_filter_module_entry = {
+    STANDARD_MODULE_HEADER,
+    "my_input_filter",
+    my_input_filter_functions,
+    PHP_MINIT(my_input_filter),
+    PHP_MSHUTDOWN(my_input_filter),
+    NULL,
+    PHP_RSHUTDOWN(my_input_filter),
+    PHP_MINFO(my_input_filter),
+    "0.1",
+    STANDARD_MODULE_PROPERTIES
+};
+
+PHP_MINIT_FUNCTION(my_input_filter)
+{
+    ZEND_INIT_MODULE_GLOBALS(my_input_filter, php_my_input_filter_init_globals, NULL);
+
+    REGISTER_LONG_CONSTANT("POST", PARSE_POST, CONST_CS | CONST_PERSISTENT);
+    REGISTER_LONG_CONSTANT("GET", PARSE_GET, CONST_CS | CONST_PERSISTENT);
+    REGISTER_LONG_CONSTANT("COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT);
+
+    sapi_register_input_filter(my_sapi_input_filter);
+    return SUCCESS;
+}
+
+PHP_RSHUTDOWN_FUNCTION(my_input_filter)
+{
+    if(IF_G(get_array)) {
+        zval_ptr_dtor(&IF_G(get_array));
+        IF_G(get_array) = NULL;
+    }
+    if(IF_G(post_array)) {
+        zval_ptr_dtor(&IF_G(post_array));
+        IF_G(post_array) = NULL;
+    }
+    if(IF_G(cookie_array)) {
+        zval_ptr_dtor(&IF_G(cookie_array));
+        IF_G(cookie_array) = NULL;
+    }
+    return SUCCESS;
+}
+
+PHP_MINFO_FUNCTION(my_input_filter)
+{
+    php_info_print_table_start();
+    php_info_print_table_row( 2, "My Input Filter Support", "enabled" );
+    php_info_print_table_row( 2, "Revision", "$Revision: 1.1 $");
+    php_info_print_table_end();
+}
+
+/* The filter handler. If you return 1 from it, then PHP also registers the
+ * (modified) variable. Returning 0 prevents PHP from registering the variable;
+ * you can use this if your filter already registers the variable under a
+ * different name, or if you just don't want the variable registered at all. */
+SAPI_INPUT_FILTER_FUNC(my_sapi_input_filter)
+{
+    zval new_var;
+    zval *array_ptr = NULL;
+    char *raw_var;
+    int var_len;
+
+    assert(*val != NULL);
+
+    switch(arg) {
+        case PARSE_GET:
+            if(!IF_G(get_array)) {
+                ALLOC_ZVAL(array_ptr);
+                array_init(array_ptr);
+                INIT_PZVAL(array_ptr);
+            }
+            IF_G(get_array) = array_ptr;
+            break;
+        case PARSE_POST:
+            if(!IF_G(post_array)) {
+                ALLOC_ZVAL(array_ptr);
+                array_init(array_ptr);
+                INIT_PZVAL(array_ptr);
+            }
+            IF_G(post_array) = array_ptr;
+            break;
+        case PARSE_COOKIE:
+            if(!IF_G(cookie_array)) {
+                ALLOC_ZVAL(array_ptr);
+                array_init(array_ptr);
+                INIT_PZVAL(array_ptr);
+            }
+            IF_G(cookie_array) = array_ptr;
+            break;
+    }
+    Z_STRLEN(new_var) = val_len;
+    Z_STRVAL(new_var) = estrndup(*val, val_len);
+    Z_TYPE(new_var) = IS_STRING;
+
+    var_len = strlen(var);
+    raw_var = emalloc(var_len+5);  /* RAW_ and a \0 */
+    strcpy(raw_var, "RAW_");
+    strlcat(raw_var,var,var_len+5);
+
+    php_register_variable_ex(raw_var, &new_var, array_ptr TSRMLS_DC);
+
+    php_strip_tags(*val, val_len, NULL, NULL, 0);
+
+    *new_val_len = strlen(*val);
+    return 1;
+}
+
+PHP_FUNCTION(my_get_raw)
+{
+    long arg;
+    char *var;
+    int var_len;
+    zval **tmp;
+    zval *array_ptr = NULL;
+    HashTable *hash_ptr;
+    char *raw_var;
+
+    if(zend_parse_parameters(2 TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
+        return;
+    }
+
+    switch(arg) {
+        case PARSE_GET:
+            array_ptr = IF_G(get_array);
+            break;
+        case PARSE_POST:
+            array_ptr = IF_G(post_array);
+            break;
+        case PARSE_COOKIE:
+            array_ptr = IF_G(post_array);
+            break;
+    }
+
+    if(!array_ptr) RETURN_FALSE;
+
+    /*
+     * I'm changing the variable name here because when running with register_globals on,
+     * the variable will end up in the global symbol table
+     */
+    raw_var = emalloc(var_len+5);  /* RAW_ and a \0 */
+    strcpy(raw_var, "RAW_");
+    strlcat(raw_var,var,var_len+5);
+    hash_ptr = HASH_OF(array_ptr);
+
+    if(zend_hash_find(hash_ptr, raw_var, var_len+5, (void **)&tmp) == SUCCESS) {
+        *return_value = **tmp;
+        zval_copy_ctor(return_value);
+    } else {
+        RETVAL_FALSE;
+    }
+    efree(raw_var);
+}
+
diff -Nura php-4.4.0/sapi/apache/mod_php4.c hardening-patch-4.4.0-0.4.2/sapi/apache/mod_php4.c
--- php-4.4.0/sapi/apache/mod_php4.c	2005-05-19 18:14:46.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/sapi/apache/mod_php4.c	2005-09-07 18:40:29.107945216 +0200
@@ -452,7 +452,7 @@
 	sapi_apache_get_fd,
 	sapi_apache_force_http_10,
 	sapi_apache_get_target_uid,
-	sapi_apache_get_target_gid
+	sapi_apache_get_target_gid,
 };
 /* }}} */
 
@@ -898,7 +898,11 @@
 	{
 		TSRMLS_FETCH();
 		if (PG(expose_php)) {
+#if HARDENING_PATCH
+			ap_add_version_component("PHP/" PHP_VERSION " with Hardening-Patch");
+#else
 			ap_add_version_component("PHP/" PHP_VERSION);
+#endif			
 		}
 	}
 #endif
diff -Nura php-4.4.0/sapi/apache2filter/sapi_apache2.c hardening-patch-4.4.0-0.4.2/sapi/apache2filter/sapi_apache2.c
--- php-4.4.0/sapi/apache2filter/sapi_apache2.c	2005-04-08 22:35:02.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/sapi/apache2filter/sapi_apache2.c	2005-09-07 18:40:29.108945064 +0200
@@ -556,7 +556,11 @@
 {
 	TSRMLS_FETCH();
 	if (PG(expose_php)) {
+#if HARDENING_PATCH
+		ap_add_version_component(p, "PHP/" PHP_VERSION " with Hardening-Patch");
+#else
 		ap_add_version_component(p, "PHP/" PHP_VERSION);
+#endif
 	}
 }
 
diff -Nura php-4.4.0/sapi/apache2handler/sapi_apache2.c hardening-patch-4.4.0-0.4.2/sapi/apache2handler/sapi_apache2.c
--- php-4.4.0/sapi/apache2handler/sapi_apache2.c	2005-04-08 22:35:02.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/sapi/apache2handler/sapi_apache2.c	2005-09-07 18:40:29.108945064 +0200
@@ -340,7 +340,11 @@
 {
 	TSRMLS_FETCH();
 	if (PG(expose_php)) {
+#if HARDENING_PATCH
+		ap_add_version_component(p, "PHP/" PHP_VERSION " with Hardening-Patch");
+#else
 		ap_add_version_component(p, "PHP/" PHP_VERSION);
+#endif
 	}
 }
 
diff -Nura php-4.4.0/sapi/cgi/cgi_main.c hardening-patch-4.4.0-0.4.2/sapi/cgi/cgi_main.c
--- php-4.4.0/sapi/cgi/cgi_main.c	2005-04-28 16:24:47.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/sapi/cgi/cgi_main.c	2005-09-07 18:40:29.109944912 +0200
@@ -1440,11 +1440,19 @@
 							SG(headers_sent) = 1;
 							SG(request_info).no_headers = 1;
 						}
+#if HARDENING_PATCH
+#if ZEND_DEBUG
+						php_printf("PHP %s with Hardening-Patch %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, HARDENING_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
+						php_printf("PHP %s with Hardening-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, HARDENING_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
+#else
 #if ZEND_DEBUG
 						php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 #else
 						php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 #endif
+#endif
 						php_end_ob_buffers(1 TSRMLS_CC);
 						exit(1);
 						break;
diff -Nura php-4.4.0/sapi/cli/php_cli.c hardening-patch-4.4.0-0.4.2/sapi/cli/php_cli.c
--- php-4.4.0/sapi/cli/php_cli.c	2005-03-22 16:09:36.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/sapi/cli/php_cli.c	2005-09-07 18:40:29.110944760 +0200
@@ -652,11 +652,19 @@
 				if (php_request_startup(TSRMLS_C)==FAILURE) {
 					goto err;
 				}
+#if HARDENING_PATCH
+#if ZEND_DEBUG
+				php_printf("PHP %s with Hardening-Patch %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, HARDENING_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
+				php_printf("PHP %s with Hardening-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, HARDENING_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
+#else
 #if ZEND_DEBUG
 				php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 #else
 				php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 #endif
+#endif
 				php_end_ob_buffers(1 TSRMLS_CC);
 				exit_status=1;
 				goto out;
diff -Nura php-4.4.0/TSRM/TSRM.h hardening-patch-4.4.0-0.4.2/TSRM/TSRM.h
--- php-4.4.0/TSRM/TSRM.h	2005-02-11 04:34:04.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/TSRM/TSRM.h	2005-09-07 18:40:29.111944608 +0200
@@ -33,6 +33,13 @@
 #	define TSRM_API
 #endif
 
+#if HARDENING_PATCH
+# if HAVE_REALPATH
+#  undef realpath
+#  define realpath php_realpath
+# endif
+#endif
+
 /* Only compile multi-threading functions if we're in ZTS mode */
 #ifdef ZTS
 
@@ -90,6 +97,7 @@
 
 #define THREAD_HASH_OF(thr,ts)  (unsigned long)thr%(unsigned long)ts
 
+
 #ifdef __cplusplus
 extern "C" {
 #endif
diff -Nura php-4.4.0/TSRM/tsrm_virtual_cwd.c hardening-patch-4.4.0-0.4.2/TSRM/tsrm_virtual_cwd.c
--- php-4.4.0/TSRM/tsrm_virtual_cwd.c	2005-02-11 04:34:04.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/TSRM/tsrm_virtual_cwd.c	2005-09-07 18:40:29.111944608 +0200
@@ -192,6 +192,165 @@
     return p;
 }
 
+#if HARDENING_PATCH
+CWD_API char *php_realpath(const char *path, char *resolved)
+{
+        struct stat sb;
+        char *p, *q, *s;
+        size_t left_len, resolved_len;
+        unsigned symlinks;
+        int serrno, slen;
+        int is_dir = 1;
+        char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
+
+        serrno = errno;
+        symlinks = 0;
+        if (path[0] == '/') {
+                resolved[0] = '/';
+                resolved[1] = '\0';
+                if (path[1] == '\0')
+                        return (resolved);
+                resolved_len = 1;
+                left_len = strlcpy(left, path + 1, sizeof(left));
+        } else {
+                if (getcwd(resolved, PATH_MAX) == NULL) {
+                        strlcpy(resolved, ".", PATH_MAX);
+                        return (NULL);
+                }
+                resolved_len = strlen(resolved);
+                left_len = strlcpy(left, path, sizeof(left));
+        }
+        if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
+                errno = ENAMETOOLONG;
+                return (NULL);
+        }
+
+        /*
+         * Iterate over path components in `left'.
+         */
+        while (left_len != 0) {
+                /*
+                 * Extract the next path component and adjust `left'
+                 * and its length.
+                 */
+                p = strchr(left, '/');
+                s = p ? p : left + left_len;
+                if (s - left >= sizeof(next_token)) {
+                        errno = ENAMETOOLONG;
+                        return (NULL);
+                }
+                memcpy(next_token, left, s - left);
+                next_token[s - left] = '\0';
+                left_len -= s - left;
+                if (p != NULL)
+                        memmove(left, s + 1, left_len + 1);
+                if (resolved[resolved_len - 1] != '/') {
+                        if (resolved_len + 1 >= PATH_MAX) {
+                                errno = ENAMETOOLONG;
+                                return (NULL);
+                        }
+                        resolved[resolved_len++] = '/';
+                        resolved[resolved_len] = '\0';
+                }
+                if (next_token[0] == '\0')
+                        continue;
+                else if (strcmp(next_token, ".") == 0)
+                        continue;
+                else if (strcmp(next_token, "..") == 0) {
+                        /*
+                         * Strip the last path component except when we have
+                         * single "/"
+                         */
+                        if (!is_dir) {
+                                errno = ENOENT;
+                                return (NULL);
+                        }
+                        if (resolved_len > 1) {
+                                resolved[resolved_len - 1] = '\0';
+                                q = strrchr(resolved, '/');
+                                *q = '\0';
+                                resolved_len = q - resolved;
+                        }
+                        continue;
+                }
+
+                /*
+                 * Append the next path component and lstat() it. If
+                 * lstat() fails we still can return successfully if
+                 * there are no more path components left.
+                 */
+                resolved_len = strlcat(resolved, next_token, PATH_MAX);
+                if (resolved_len >= PATH_MAX) {
+                        errno = ENAMETOOLONG;
+                        return (NULL);
+                }
+                if (lstat(resolved, &sb) != 0) {
+                        if (errno == ENOENT && p == NULL) {
+                                errno = serrno;
+                                return (resolved);
+                        }
+                        return (NULL);
+                }
+                if (S_ISLNK(sb.st_mode)) {
+                        if (symlinks++ > MAXSYMLINKS) {
+                                errno = ELOOP;
+                                return (NULL);
+                        }
+                        slen = readlink(resolved, symlink, sizeof(symlink) - 1);
+                        if (slen < 0)
+                                return (NULL);
+                        symlink[slen] = '\0';
+                        if (symlink[0] == '/') {
+                                resolved[1] = 0;
+                                resolved_len = 1;
+                        } else if (resolved_len > 1) {
+                                /* Strip the last path component. */
+                                resolved[resolved_len - 1] = '\0';
+                                q = strrchr(resolved, '/');
+                                *q = '\0';
+                                resolved_len = q - resolved;
+                        }
+
+                        /*
+                         * If there are any path components left, then
+                         * append them to symlink. The result is placed
+                         * in `left'.
+                         */
+                        if (p != NULL) {
+                                if (symlink[slen - 1] != '/') {
+                                        if (slen + 1 >= sizeof(symlink)) {
+                                                errno = ENAMETOOLONG;
+                                                return (NULL);
+                                        }
+                                        symlink[slen] = '/';
+                                        symlink[slen + 1] = 0;
+                                }
+                                left_len = strlcat(symlink, left, sizeof(left));
+                                if (left_len >= sizeof(left)) {
+                                        errno = ENAMETOOLONG;
+                                        return (NULL);
+                                }
+                        }
+                        left_len = strlcpy(left, symlink, sizeof(left));
+                } else {
+            		if (S_ISDIR(sb.st_mode)) {
+                    		is_dir = 1;
+            		} else {
+                    		is_dir = 0;
+            		}
+		}
+        }
+
+        /*
+         * Remove trailing slash except when the resolved pathname
+         * is a single "/".
+         */
+        if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
+                resolved[resolved_len - 1] = '\0';
+        return (resolved);
+}
+#endif
+
 CWD_API void virtual_cwd_startup(void)
 {
 	char cwd[MAXPATHLEN];
@@ -314,8 +473,7 @@
 				path = resolved_path;
 				path_length = strlen(path);
 			} else {
-				/* disable for now
-				return 1; */
+				return 1;
 			}
 		}
 	} else { /* Concat current directory with relative path and then run realpath() on it */
@@ -341,9 +499,8 @@
 				path = resolved_path;
 				path_length = strlen(path);
 			} else {
-				/* disable for now
 				free(tmp);
-				return 1; */
+				return 1;
 			}
 		}
 		free(tmp);
diff -Nura php-4.4.0/TSRM/tsrm_virtual_cwd.h hardening-patch-4.4.0-0.4.2/TSRM/tsrm_virtual_cwd.h
--- php-4.4.0/TSRM/tsrm_virtual_cwd.h	2005-02-11 04:34:04.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/TSRM/tsrm_virtual_cwd.h	2005-09-07 18:40:29.112944456 +0200
@@ -128,6 +128,22 @@
 
 typedef int (*verify_path_func)(const cwd_state *);
 
+#ifndef HAVE_STRLCPY
+CWD_API size_t php_strlcpy(char *dst, const char *src, size_t siz);
+#undef strlcpy
+#define strlcpy php_strlcpy
+#endif
+
+#ifndef HAVE_STRLCAT
+CWD_API size_t php_strlcat(char *dst, const char *src, size_t siz);
+#undef strlcat
+#define strlcat php_strlcat
+#endif
+
+
+#if HARDENING_PATCH
+CWD_API char *php_realpath(const char *path, char *resolved);
+#endif
 CWD_API void virtual_cwd_startup(void);
 CWD_API void virtual_cwd_shutdown(void);
 CWD_API char *virtual_getcwd_ex(size_t *length TSRMLS_DC);
diff -Nura php-4.4.0/Zend/zend_alloc.c hardening-patch-4.4.0-0.4.2/Zend/zend_alloc.c
--- php-4.4.0/Zend/zend_alloc.c	2005-04-07 22:54:33.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_alloc.c	2005-09-07 18:40:29.113944304 +0200
@@ -56,6 +56,11 @@
 # define END_MAGIC_SIZE 0
 #endif
 
+#if HARDENING_PATCH_MM_PROTECT
+# define CANARY_SIZE sizeof(unsigned int)
+#else
+# define CANARY_SIZE 0
+#endif
 
 # if MEMORY_LIMIT
 #  if ZEND_DEBUG
@@ -95,9 +100,17 @@
 	if (p==AG(head)) {							\
 		AG(head) = p->pNext;					\
 	} else {									\
+		if (p != p->pLast->pNext) {				\
+			zend_security_log(S_MEMORY, "linked list corrupt on efree() - heap corruption detected"); \
+			exit(1);							\
+		}										\
 		p->pLast->pNext = p->pNext;				\
 	}											\
 	if (p->pNext) {								\
+		if (p != p->pNext->pLast) {				\
+			zend_security_log(S_MEMORY, "linked list corrupt on efree() - heap corruption detected"); \
+			exit(1);							\
+		}										\
 		p->pNext->pLast = p->pLast;				\
 	}
 
@@ -129,6 +142,12 @@
 	DECLARE_CACHE_VARS();
 	TSRMLS_FETCH();
 
+#if HARDENING_PATCH_MM_PROTECT
+	if (size > LONG_MAX - sizeof(zend_mem_header) - MEM_HEADER_PADDING - END_MAGIC_SIZE - CANARY_SIZE) {
+		zend_security_log(S_MEMORY, "emalloc() - requested size would result in integer overflow");
+		exit(1);
+	}
+#endif
 	CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size);
 
 	if (!ZEND_DISABLE_MEMORY_CACHE && (CACHE_INDEX < MAX_CACHED_MEMORY) && (AG(cache_count)[CACHE_INDEX] > 0)) {
@@ -146,6 +165,10 @@
 		AG(cache_stats)[CACHE_INDEX][1]++;
 		memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size), &mem_block_end_magic, sizeof(long));
 #endif
+#if HARDENING_PATCH_MM_PROTECT
+		p->canary = HG(canary_1);
+		memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size + END_MAGIC_SIZE), &HG(canary_2), CANARY_SIZE);
+#endif
 		p->cached = 0;
 		p->size = size;
 		return (void *)((char *)p + sizeof(zend_mem_header) + MEM_HEADER_PADDING);
@@ -161,7 +184,7 @@
 			AG(allocated_memory_peak) = AG(allocated_memory);
 		}
 #endif
-		p  = (zend_mem_header *) ZEND_DO_MALLOC(sizeof(zend_mem_header) + MEM_HEADER_PADDING + SIZE + END_MAGIC_SIZE);
+		p  = (zend_mem_header *) ZEND_DO_MALLOC(sizeof(zend_mem_header) + MEM_HEADER_PADDING + SIZE + END_MAGIC_SIZE + CANARY_SIZE);
 	}
 
 	HANDLE_BLOCK_INTERRUPTIONS();
@@ -191,7 +214,10 @@
 # endif
 	memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size), &mem_block_end_magic, sizeof(long));
 #endif
-
+#if HARDENING_PATCH_MM_PROTECT
+ 	p->canary = HG(canary_1);
+ 	memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size + END_MAGIC_SIZE), &HG(canary_2), CANARY_SIZE);
+#endif
 	HANDLE_UNBLOCK_INTERRUPTIONS();
 	return (void *)((char *)p + sizeof(zend_mem_header) + MEM_HEADER_PADDING);
 }
@@ -218,17 +244,36 @@
 			return emalloc_rel(lval + offset);
 		}
 	}
-
+	
+#if HARDENING_PATCH
+	zend_security_log(S_MEMORY, "Possible integer overflow catched by safe_emalloc()");
+#endif
 	zend_error(E_ERROR, "Possible integer overflow in memory allocation (%ld * %ld + %ld)", nmemb, size, offset);
 	return 0;
 }
 
 ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
+#if HARDENING_PATCH_MM_PROTECT
+	unsigned int canary_2;
+#endif
 	zend_mem_header *p = (zend_mem_header *) ((char *)ptr - sizeof(zend_mem_header) - MEM_HEADER_PADDING);
 	DECLARE_CACHE_VARS();
 	TSRMLS_FETCH();
 
+#if HARDENING_PATCH_MM_PROTECT
+ 	if (p->canary != HG(canary_1)) goto efree_canary_mismatch;
+ 	memcpy(&canary_2, (((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + p->size + END_MAGIC_SIZE), CANARY_SIZE);
+ 	if (canary_2 != HG(canary_2)) {
+efree_canary_mismatch:
+		zend_security_log(S_MEMORY, "canary mismatch on efree() - heap overflow or double efree detected");
+		exit(1);
+	}
+	/* to catch double efree()s */
+ 	memset((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + p->size + END_MAGIC_SIZE), 0, CANARY_SIZE);
+ 	p->canary = 0;
+#endif
+
 #if defined(ZTS) && TSRM_DEBUG
 	if (p->thread_id != tsrm_thread_id()) {
 		tsrm_error(TSRM_ERROR_LEVEL_ERROR, "Memory block allocated at %s:(%d) on thread %x freed at %s:(%d) on thread %x, ignoring",
@@ -273,6 +318,9 @@
 	size_t _size = nmemb * size;
     
 	if (nmemb && (_size/nmemb!=size)) {
+#if HARDENING_PATCH
+		zend_security_log(S_MEMORY, "Possible integer overflow catched by ecalloc()");
+#endif
 		fprintf(stderr,"FATAL:  ecalloc():  Unable to allocate %ld * %ld bytes\n", (long) nmemb, (long) size);
 #if ZEND_DEBUG && HAVE_KILL && HAVE_GETPID
 		kill(getpid(), SIGSEGV);
@@ -292,6 +340,9 @@
 
 ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
+#if HARDENING_PATCH_MM_PROTECT
+	unsigned int canary_2;
+#endif
 	zend_mem_header *p;
 	zend_mem_header *orig;
 	DECLARE_CACHE_VARS();
@@ -303,6 +354,16 @@
 
 	p = orig = (zend_mem_header *) ((char *)ptr-sizeof(zend_mem_header)-MEM_HEADER_PADDING);
 
+#if HARDENING_PATCH_MM_PROTECT
+	if (p->canary != HG(canary_1)) goto erealloc_canary_mismatch;
+	memcpy(&canary_2, (((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + p->size + END_MAGIC_SIZE), CANARY_SIZE);
+	if (canary_2 != HG(canary_2)) {
+erealloc_canary_mismatch:
+		zend_security_log(S_MEMORY, "canary mismatch on erealloc() - heap overflow detected");
+		exit(1);
+	}
+#endif
+
 #if defined(ZTS) && TSRM_DEBUG
 	if (p->thread_id != tsrm_thread_id()) {
 		void *new_p;
@@ -326,7 +387,7 @@
 	}
 #endif
 	REMOVE_POINTER_FROM_LIST(p);
-	p = (zend_mem_header *) ZEND_DO_REALLOC(p, sizeof(zend_mem_header)+MEM_HEADER_PADDING+SIZE+END_MAGIC_SIZE);
+	p = (zend_mem_header *) ZEND_DO_REALLOC(p, sizeof(zend_mem_header)+MEM_HEADER_PADDING+SIZE+END_MAGIC_SIZE+CANARY_SIZE);
 	if (!p) {
 		if (!allow_failure) {
 			fprintf(stderr,"FATAL:  erealloc():  Unable to allocate %ld bytes\n", (long) size);
@@ -348,6 +409,9 @@
 	memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size), &mem_block_end_magic, sizeof(long));
 #endif	
 
+#if HARDENING_PATCH_MM_PROTECT
+ 	memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size + END_MAGIC_SIZE), &HG(canary_2), CANARY_SIZE);
+#endif
 	p->size = size;
 
 	HANDLE_UNBLOCK_INTERRUPTIONS();
@@ -422,6 +486,10 @@
 {
 	AG(head) = NULL;
 	
+#if HARDENING_PATCH_MM_PROTECT
+	HG(canary_1) = zend_canary();
+	HG(canary_2) = zend_canary();
+#endif
 #if MEMORY_LIMIT
 	AG(memory_limit) = 1<<30;		/* ridiculous limit, effectively no limit */
 	AG(allocated_memory) = 0;
diff -Nura php-4.4.0/Zend/zend_alloc.h hardening-patch-4.4.0-0.4.2/Zend/zend_alloc.h
--- php-4.4.0/Zend/zend_alloc.h	2005-06-07 15:37:33.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_alloc.h	2005-09-07 18:40:29.113944304 +0200
@@ -32,6 +32,9 @@
 #define MEM_BLOCK_CACHED_MAGIC	0xFB8277DCL
 
 typedef struct _zend_mem_header {
+#if HARDENING_PATCH_MM_PROTECT
+	unsigned int canary;
+#endif
 #if ZEND_DEBUG
 	long magic;
 	char *filename;
diff -Nura php-4.4.0/Zend/zend_builtin_functions.c hardening-patch-4.4.0-0.4.2/Zend/zend_builtin_functions.c
--- php-4.4.0/Zend/zend_builtin_functions.c	2005-06-23 14:20:47.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_builtin_functions.c	2005-09-07 18:40:29.115944000 +0200
@@ -49,6 +49,9 @@
 static ZEND_FUNCTION(crash);
 #endif
 #endif
+#if HARDENING_PATCH_MM_PROTECT_DEBUG
+static ZEND_FUNCTION(heap_overflow);
+#endif
 static ZEND_FUNCTION(get_included_files);
 static ZEND_FUNCTION(is_subclass_of);
 static ZEND_FUNCTION(is_a);
@@ -101,6 +104,9 @@
 	ZEND_FE(crash,				NULL)
 #endif
 #endif
+#if HARDENING_PATCH_MM_PROTECT_DEBUG
+	ZEND_FE(heap_overflow,			NULL)
+#endif
 	ZEND_FE(get_included_files,	NULL)
 	ZEND_FALIAS(get_required_files,	get_included_files,		NULL)
 	ZEND_FE(is_subclass_of,		NULL)
@@ -805,6 +811,19 @@
 
 #endif /* ZEND_DEBUG */
 
+
+#if HARDENING_PATCH_MM_PROTECT_DEBUG
+ZEND_FUNCTION(heap_overflow)
+{
+	char *nowhere = emalloc(10);
+
+	memcpy(nowhere, "something1234567890", sizeof("something1234567890"));
+	
+	efree(nowhere);
+}
+#endif
+
+
 /* {{{ proto array get_included_files(void)
    Returns an array with the file names that were include_once()'d */
 ZEND_FUNCTION(get_included_files)
diff -Nura php-4.4.0/Zend/zend.c hardening-patch-4.4.0-0.4.2/Zend/zend.c
--- php-4.4.0/Zend/zend.c	2005-06-09 12:14:25.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend.c	2005-09-07 18:49:42.847763968 +0200
@@ -53,6 +53,12 @@
 ZEND_API void (*zend_unblock_interruptions)(void);
 ZEND_API void (*zend_ticks_function)(int ticks);
 ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args);
+#if HARDENING_PATCH
+ZEND_API void (*zend_security_log)(int loglevel, char *fmt, ...);
+#endif
+#if HARDENING_PATCH_INC_PROTECT
+ZEND_API int (*zend_is_valid_include)(zval *z);
+#endif
 
 void (*zend_on_timeout)(int seconds TSRMLS_DC);
 
@@ -70,9 +76,289 @@
 	return SUCCESS;
 }
 
+#if HARDENING_PATCH
+static ZEND_INI_MH(OnUpdateHPHP_log_syslog)
+{
+	if (!new_value) {
+		EG(hphp_log_syslog) = S_ALL & ~S_SQL | S_MEMORY | S_INTERNAL;
+	} else {
+		EG(hphp_log_syslog) = atoi(new_value) | S_MEMORY | S_INTERNAL;
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_syslog_facility)
+{
+	if (!new_value) {
+		EG(hphp_log_syslog_facility) = LOG_USER;
+	} else {
+		EG(hphp_log_syslog_facility) = atoi(new_value);
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_syslog_priority)
+{
+	if (!new_value) {
+		EG(hphp_log_syslog_priority) = LOG_ALERT;
+	} else {
+		EG(hphp_log_syslog_priority) = atoi(new_value);
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_sapi)
+{
+	if (!new_value) {
+		EG(hphp_log_sapi) = S_ALL & ~S_SQL | S_INTERNAL;
+	} else {
+		EG(hphp_log_sapi) = atoi(new_value) | S_INTERNAL;
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_script)
+{
+	if (!new_value) {
+		EG(hphp_log_script) = S_ALL & (~S_MEMORY) & (~S_INTERNAL);
+	} else {
+		EG(hphp_log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_scriptname)
+{
+	if (!new_value) {
+		EG(hphp_log_scriptname) = NULL;
+	} else {
+		if (EG(hphp_log_scriptname)) {
+			pefree(EG(hphp_log_scriptname),1);
+		}
+		EG(hphp_log_scriptname) = pestrdup(new_value,1);
+	}
+	return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_eval_whitelist)
+{
+	char *s = NULL, *e, *val;
+	unsigned long dummy = 1;
+
+	if (!new_value) {
+eval_whitelist_destroy:
+		if (HG(eval_whitelist)) {
+			zend_hash_destroy(HG(eval_whitelist));
+			efree(HG(eval_whitelist));
+		}
+		HG(eval_whitelist) = NULL;
+		return SUCCESS;
+	}
+	if (!(*new_value)) {
+		goto eval_whitelist_destroy;
+	}
+	
+	ALLOC_HASHTABLE(HG(eval_whitelist));
+	zend_hash_init(HG(eval_whitelist), 5, NULL, NULL, 0);
+	
+	val = zend_str_tolower_dup(new_value, strlen(new_value));
+	e = val;
+
+	while (*e) {
+		switch (*e) {
+			case ' ':
+			case ',':
+				if (s) {
+					*e = '\0';
+					zend_hash_add(HG(eval_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+					s = NULL;
+				}
+				break;
+			default:
+				if (!s) {
+					s = e;
+				}
+				break;
+		}
+		e++;
+	}
+	if (s) {
+		zend_hash_add(HG(eval_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+	}
+	efree(val);
+	
+	return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_eval_blacklist)
+{
+	char *s = NULL, *e, *val;
+	unsigned long dummy = 1;
+
+	if (!new_value) {
+eval_blacklist_destroy:
+		if (HG(eval_blacklist)) {
+			zend_hash_destroy(HG(eval_blacklist));
+			efree(HG(eval_blacklist));
+		}
+		HG(eval_blacklist) = NULL;
+		return SUCCESS;
+	}
+	if (!(*new_value)) {
+		goto eval_blacklist_destroy;
+	}
+	
+	ALLOC_HASHTABLE(HG(eval_blacklist));
+	zend_hash_init(HG(eval_blacklist), 5, NULL, NULL, 0);
+	
+	val = zend_str_tolower_dup(new_value, strlen(new_value));
+	e = val;
+
+	while (*e) {
+		switch (*e) {
+			case ' ':
+			case ',':
+				if (s) {
+					*e = '\0';
+					zend_hash_add(HG(eval_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+					s = NULL;
+				}
+				break;
+			default:
+				if (!s) {
+					s = e;
+				}
+				break;
+		}
+		e++;
+	}
+	if (s) {
+		zend_hash_add(HG(eval_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+	}
+	efree(val);
+	
+	
+	return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_func_whitelist)
+{
+	char *s = NULL, *e, *val;
+	unsigned long dummy = 1;
+
+	if (!new_value) {
+func_whitelist_destroy:
+		if (HG(func_whitelist)) {
+			zend_hash_destroy(HG(func_whitelist));
+			efree(HG(func_whitelist));
+		}
+		HG(func_whitelist) = NULL;
+		return SUCCESS;
+	}
+	if (!(*new_value)) {
+		goto func_whitelist_destroy;
+	}
+	
+	ALLOC_HASHTABLE(HG(func_whitelist));
+	zend_hash_init(HG(func_whitelist), 5, NULL, NULL, 0);
+	
+	val = zend_str_tolower_dup(new_value, strlen(new_value));
+	e = val;
+
+	while (*e) {
+		switch (*e) {
+			case ' ':
+			case ',':
+				if (s) {
+					*e = '\0';
+					zend_hash_add(HG(func_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+					s = NULL;
+				}
+				break;
+			default:
+				if (!s) {
+					s = e;
+				}
+				break;
+		}
+		e++;
+	}
+	if (s) {
+		zend_hash_add(HG(func_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+	}
+	efree(val);
+	
+	return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_func_blacklist)
+{
+	char *s = NULL, *e, *val;
+	unsigned long dummy = 1;
+
+	if (!new_value) {
+func_blacklist_destroy:
+		if (HG(func_blacklist)) {
+			zend_hash_destroy(HG(func_blacklist));
+			efree(HG(func_blacklist));
+		}
+		HG(func_blacklist) = NULL;
+		return SUCCESS;
+	}
+	if (!(*new_value)) {
+		goto func_blacklist_destroy;
+	}
+	
+	ALLOC_HASHTABLE(HG(func_blacklist));
+	zend_hash_init(HG(func_blacklist), 5, NULL, NULL, 0);
+	
+	val = zend_str_tolower_dup(new_value, strlen(new_value));
+	e = val;
+
+	while (*e) {
+		switch (*e) {
+			case ' ':
+			case ',':
+				if (s) {
+					*e = '\0';
+					zend_hash_add(HG(func_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+					s = NULL;
+				}
+				break;
+			default:
+				if (!s) {
+					s = e;
+				}
+				break;
+		}
+		e++;
+	}
+	if (s) {
+		zend_hash_add(HG(func_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+	}
+	efree(val);
+	
+	
+	return SUCCESS;
+}
+
+#endif
 
 ZEND_INI_BEGIN()
 	ZEND_INI_ENTRY("error_reporting",			NULL,		ZEND_INI_ALL,		OnUpdateErrorReporting)
+#if HARDENING_PATCH
+	ZEND_INI_ENTRY("hphp.log.syslog",			NULL,		ZEND_INI_SYSTEM,	OnUpdateHPHP_log_syslog)
+	ZEND_INI_ENTRY("hphp.log.syslog.facility",		NULL,		ZEND_INI_SYSTEM,	OnUpdateHPHP_log_syslog_facility)
+	ZEND_INI_ENTRY("hphp.log.syslog.priority",		NULL,		ZEND_INI_SYSTEM,	OnUpdateHPHP_log_syslog_priority)
+	ZEND_INI_ENTRY("hphp.log.sapi",				NULL,		ZEND_INI_SYSTEM,	OnUpdateHPHP_log_sapi)
+	ZEND_INI_ENTRY("hphp.log.script",			NULL,		ZEND_INI_SYSTEM,	OnUpdateHPHP_log_script)
+	ZEND_INI_ENTRY("hphp.log.script.name",			NULL,		ZEND_INI_SYSTEM,	OnUpdateHPHP_log_scriptname)
+	STD_ZEND_INI_BOOLEAN("hphp.log.use-x-forwarded-for",	"0",		ZEND_INI_SYSTEM,	OnUpdateBool, hphp_log_use_x_forwarded_for,	zend_executor_globals,	executor_globals)
+
+	ZEND_INI_ENTRY("hphp.executor.eval.whitelist",	NULL,		ZEND_INI_PERDIR|ZEND_INI_SYSTEM,	OnUpdateHPHP_eval_whitelist)
+	ZEND_INI_ENTRY("hphp.executor.eval.blacklist",	NULL,		ZEND_INI_PERDIR|ZEND_INI_SYSTEM,	OnUpdateHPHP_eval_blacklist)
+	ZEND_INI_ENTRY("hphp.executor.func.whitelist",	NULL,		ZEND_INI_PERDIR|ZEND_INI_SYSTEM,	OnUpdateHPHP_func_whitelist)
+	ZEND_INI_ENTRY("hphp.executor.func.blacklist",	NULL,		ZEND_INI_PERDIR|ZEND_INI_SYSTEM,	OnUpdateHPHP_func_blacklist)
+
+	STD_ZEND_INI_ENTRY("hphp.executor.max_depth",		"0",		ZEND_INI_PERDIR|ZEND_INI_SYSTEM,	OnUpdateLong, hphp_executor_max_depth, zend_executor_globals, executor_globals)
+	STD_ZEND_INI_BOOLEAN("hphp.sql.bailout_on_error",	"0",		ZEND_INI_PERDIR|ZEND_INI_SYSTEM,	OnUpdateBool, hphp_sql_bailout_on_error,	hardened_globals_struct,	hardened_globals)
+	STD_ZEND_INI_BOOLEAN("hphp.multiheader",		"0",		ZEND_INI_PERDIR|ZEND_INI_SYSTEM,	OnUpdateBool, hphp_multiheader,	hardened_globals_struct,	hardened_globals)
+#endif
 ZEND_INI_END()
 
 
@@ -354,6 +640,7 @@
 	zend_init_rsrc_plist(TSRMLS_C);
 	EG(lambda_count)=0;
 	EG(user_error_handler) = NULL;
+	EG(in_code_type) = 0;
 	EG(in_execution) = 0;
 	EG(current_execute_data) = NULL;
 }
@@ -420,6 +707,14 @@
 	extern zend_scanner_globals language_scanner_globals;
 #endif
 
+	/* Set up Hardening-Patch utility functions first */
+#if HARDENING_PATCH
+	zend_security_log = utility_functions->security_log_function;
+#endif
+#if HARDENING_PATCH_INC_PROTECT
+	zend_is_valid_include = utility_functions->is_valid_include;
+#endif
+
 #ifdef ZTS
 	ts_allocate_id(&alloc_globals_id, sizeof(zend_alloc_globals), (ts_allocate_ctor) alloc_globals_ctor, (ts_allocate_dtor) alloc_globals_dtor);
 #else
@@ -623,6 +918,7 @@
 	}
 	CG(unclean_shutdown) = 1;
 	CG(in_compilation) = EG(in_execution) = 0;
+	EG(in_code_type) = 0;
 	EG(current_execute_data) = NULL;
 	longjmp(EG(bailout), FAILURE);
 }
diff -Nura php-4.4.0/Zend/zend_canary.c hardening-patch-4.4.0-0.4.2/Zend/zend_canary.c
--- php-4.4.0/Zend/zend_canary.c	1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_canary.c	2005-09-07 18:40:29.116943848 +0200
@@ -0,0 +1,58 @@
+/*
+   +----------------------------------------------------------------------+
+   | Hardening-Patch for PHP                                              |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2005 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser                        |
+   +----------------------------------------------------------------------+
+ */
+/* $Id: zend_canary.c,v 1.1 2004/11/26 12:45:41 ionic Exp $ */
+
+#include "zend.h"
+
+#include 
+#include 
+
+
+#if HARDENING_PATCH_MM_PROTECT || HARDENING_PATCH_LL_PROTECT || HARDENING_PATCH_HASH_PROTECT
+
+/* will be replaced later with more compatible method */
+ZEND_API unsigned int zend_canary()
+{
+	time_t t;
+	unsigned int canary;
+	int fd;
+	
+	fd = open("/dev/urandom", 0);
+	if (fd != -1) {
+		int r = read(fd, &canary, sizeof(canary));
+		close(fd);
+		if (r == sizeof(canary)) {
+			return (canary);
+		}
+	}
+	/* not good but we never want to do this */
+	time(&t);
+	canary = *(unsigned int *)&t + getpid() << 16;
+	return (canary);
+}
+#endif
+
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: sw=4 ts=4 fdm=marker
+ * vim<600: sw=4 ts=4
+ */
diff -Nura php-4.4.0/Zend/zend_compile.c hardening-patch-4.4.0-0.4.2/Zend/zend_compile.c
--- php-4.4.0/Zend/zend_compile.c	2005-06-24 13:48:30.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_compile.c	2005-09-07 18:40:29.118943544 +0200
@@ -763,6 +763,13 @@
 	op_array.function_name = name;
 	op_array.arg_types = NULL;
 	op_array.return_reference = return_reference;
+#if HARDENING_PATCH
+	if (EG(in_code_type)==ZEND_EVAL_CODE) {
+		op_array.created_by_eval = 1;
+	} else {
+		op_array.created_by_eval = 0;
+	}
+#endif
 
 	if (is_method) {
 		if (zend_hash_add(&CG(active_class_entry)->function_table, name, name_len+1, &op_array, sizeof(zend_op_array), (void **) &CG(active_op_array)) == FAILURE) {
diff -Nura php-4.4.0/Zend/zend_compile.h hardening-patch-4.4.0-0.4.2/Zend/zend_compile.h
--- php-4.4.0/Zend/zend_compile.h	2005-06-06 11:30:09.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_compile.h	2005-09-07 18:40:29.118943544 +0200
@@ -106,6 +106,9 @@
 	char *filename;
 
 	void *reserved[ZEND_MAX_RESERVED_RESOURCES];
+#if HARDENING_PATCH
+	zend_bool created_by_eval;
+#endif	
 };
 
 
@@ -549,6 +552,7 @@
 #define ZEND_USER_FUNCTION			2
 #define ZEND_OVERLOADED_FUNCTION	3
 #define	ZEND_EVAL_CODE				4
+#define ZEND_SANDBOX_CODE			6
 
 #define ZEND_INTERNAL_CLASS		1
 #define ZEND_USER_CLASS			2
diff -Nura php-4.4.0/Zend/zend_constants.c hardening-patch-4.4.0-0.4.2/Zend/zend_constants.c
--- php-4.4.0/Zend/zend_constants.c	2004-07-13 21:29:45.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_constants.c	2005-09-07 18:48:20.315310808 +0200
@@ -111,6 +111,73 @@
 	REGISTER_MAIN_LONG_CONSTANT("E_USER_NOTICE", E_USER_NOTICE, CONST_PERSISTENT | CONST_CS);
 
 	REGISTER_MAIN_LONG_CONSTANT("E_ALL", E_ALL, CONST_PERSISTENT | CONST_CS);
+#if HARDENING_PATCH
+	REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
+
+	/* error levels */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT); 
+	REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT);
+	/* facility: type of program logging the message */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT);
+#ifdef LOG_NEWS
+	/* No LOG_NEWS on HP-UX */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */
+#endif
+#ifdef LOG_UUCP
+	/* No LOG_UUCP on HP-UX */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_CRON
+	/* apparently some systems don't have this one */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_AUTHPRIV
+	/* AIX doesn't have LOG_AUTHPRIV */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT);
+#endif
+#if !defined(PHP_WIN32) && !defined(NETWARE)
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT);
+#endif
+	/* options */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT);
+#ifdef LOG_NOWAIT
+	REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_PERROR
+	/* AIX doesn't have LOG_PERROR */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
+#endif
+#endif
 
 	/* true/false constants */
 	{
diff -Nura php-4.4.0/Zend/zend_errors.h hardening-patch-4.4.0-0.4.2/Zend/zend_errors.h
--- php-4.4.0/Zend/zend_errors.h	2002-12-31 17:22:59.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_errors.h	2005-09-07 18:42:19.580150888 +0200
@@ -36,5 +36,17 @@
 #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE)
 #define E_CORE (E_CORE_ERROR | E_CORE_WARNING)
 
+#if HARDENING_PATCH
+#define S_MEMORY			(1<<0L)
+#define S_VARS				(1<<1L)
+#define S_FILES				(1<<2L)
+#define S_INCLUDE			(1<<3L)
+#define S_SQL				(1<<4L)
+#define S_EXECUTOR			(1<<5L)
+#define S_MISC				(1<<30L)
+#define S_INTERNAL			(1<<29L)
+#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MISC | S_SQL | S_EXECUTOR)
+#endif
+
 #endif /* ZEND_ERRORS_H */
 
diff -Nura php-4.4.0/Zend/zend_execute_API.c hardening-patch-4.4.0-0.4.2/Zend/zend_execute_API.c
--- php-4.4.0/Zend/zend_execute_API.c	2005-05-18 19:58:09.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_execute_API.c	2005-09-07 18:40:29.120943240 +0200
@@ -142,6 +142,7 @@
 	EG(class_table) = CG(class_table);
 
 	EG(in_execution) = 0;
+	EG(in_code_type) = 0;
 
 	zend_ptr_stack_init(&EG(argument_stack));
 
@@ -431,12 +432,14 @@
 	zend_execute_data execute_data;
 
 	/* Initialize execute_data */
+	memset(&execute_data, 0, sizeof(execute_data));
 	EX(fbc) = NULL;
 	EX(object).ptr = NULL;
 	EX(ce) = NULL;
 	EX(Ts) = NULL;
 	EX(op_array) = NULL;
 	EX(opline) = NULL;
+	EX(execute_depth) = 0;
 
 	*retval_ptr_ptr = NULL;
 
@@ -494,6 +497,39 @@
 		zval_dtor(&function_name_copy);
 		return FAILURE;
 	}
+#if HARDENING_PATCH	
+	if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION) {
+		if (EG(in_code_type) == ZEND_EVAL_CODE) {
+			if (HG(eval_whitelist) != NULL) {
+				if (!zend_hash_exists(HG(eval_whitelist), function_name_copy.value.str.val, function_name_copy.value.str.len+1)) {
+					zend_security_log(S_EXECUTOR, "function outside of eval whitelist called: %s()", function_name_copy.value.str.val);
+					zval_dtor(&function_name_copy);
+					zend_bailout();
+				}
+			} else if (HG(eval_blacklist) != NULL) {
+				if (zend_hash_exists(HG(eval_blacklist), function_name_copy.value.str.val, function_name_copy.value.str.len+1)) {
+					zend_security_log(S_EXECUTOR, "function within eval blacklist called: %s()", function_name_copy.value.str.val);
+					zval_dtor(&function_name_copy);
+					zend_bailout();
+				}
+			}
+		}
+				
+		if (HG(func_whitelist) != NULL) {
+			if (!zend_hash_exists(HG(func_whitelist), function_name_copy.value.str.val, function_name_copy.value.str.len+1)) {
+				zend_security_log(S_EXECUTOR, "function outside of whitelist called: %s()", function_name_copy.value.str.val);
+				zval_dtor(&function_name_copy);
+				zend_bailout();
+			}
+		} else if (HG(func_blacklist) != NULL) {
+			if (zend_hash_exists(HG(func_blacklist), function_name_copy.value.str.val, function_name_copy.value.str.len+1)) {
+				zend_security_log(S_EXECUTOR, "function within blacklist called: %s()", function_name_copy.value.str.val);
+				zval_dtor(&function_name_copy);
+				zend_bailout();
+			}
+		}
+	}
+#endif	
 	zval_dtor(&function_name_copy);
 
 	for (i=0; itype = type;
 		EG(return_value_ptr_ptr) = &local_retval_ptr;
 		EG(active_op_array) = new_op_array;
 		EG(no_extensions)=1;
@@ -673,6 +709,10 @@
 	return retval;
 }
 
+ZEND_API int zend_eval_string(char *str, zval *retval_ptr, char *string_name TSRMLS_DC)
+{
+	return (zend_eval_string_ex(str, retval_ptr, string_name, ZEND_EVAL_CODE TSRMLS_CC));
+}
 
 void execute_new_code(TSRMLS_D)
 {
diff -Nura php-4.4.0/Zend/zend_execute.c hardening-patch-4.4.0-0.4.2/Zend/zend_execute.c
--- php-4.4.0/Zend/zend_execute.c	2005-06-27 08:15:48.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_execute.c	2005-09-07 18:40:29.122942936 +0200
@@ -1042,6 +1042,7 @@
 	zend_execute_data execute_data;
 
 	/* Initialize execute_data */
+	memset(&execute_data, 0, sizeof(execute_data));
 	EX(fbc) = NULL;
 	EX(ce) = NULL;
 	EX(object).ptr = NULL;
@@ -1053,9 +1054,21 @@
  	}
 	EX(prev_execute_data) = EG(current_execute_data);
 	EX(original_in_execution)=EG(in_execution);
+	EX(original_in_code_type)=EG(in_code_type);
 
 	EG(current_execute_data) = &execute_data;
 
+#if HARDENING_PATCH
+	EX(execute_depth) = 0;
+	
+	if ((op_array->type == ZEND_EVAL_CODE || op_array->created_by_eval) && EG(in_code_type) != ZEND_SANDBOX_CODE) {
+		EG(in_code_type) = ZEND_EVAL_CODE;
+	} else if (op_array->type == ZEND_SANDBOX_CODE) {
+		EG(in_code_type) = ZEND_SANDBOX_CODE;
+		op_array->type = ZEND_EVAL_CODE;
+	}
+#endif
+
 	EG(in_execution) = 1;
 	if (op_array->start_op) {
 		EX(opline) = op_array->start_op;
@@ -1087,6 +1100,19 @@
 		}
 	}
 
+#if HARDENING_PATCH	
+	if (EX(prev_execute_data) == NULL) {
+		EX(execute_depth) = 0;
+	} else {
+		EX(execute_depth) = EX(prev_execute_data)->execute_depth + 1;
+	}
+
+	if (EG(hphp_executor_max_depth) > 0 && EX(execute_depth) > EG(hphp_executor_max_depth)) {
+		zend_security_log(S_EXECUTOR, "Maximum execution depth of %u violated", EG(hphp_executor_max_depth));
+		zend_bailout();
+	}
+#endif
+
 	while (1) {
 #ifdef ZEND_WIN32
 		if (EG(timed_out)) {
@@ -1631,6 +1657,36 @@
 					if (zend_hash_find(active_function_table, function_name->value.str.val, function_name->value.str.len+1, (void **) &function)==FAILURE) {
 						zend_error(E_ERROR, "Call to undefined function:  %s()", function_name->value.str.val);
 					}
+#if HARDENING_PATCH	
+					if (active_function_table == EG(function_table)) {
+						if (EG(in_code_type) == ZEND_EVAL_CODE) {
+							if (HG(eval_whitelist) != NULL) {
+								if (!zend_hash_exists(HG(eval_whitelist), function_name->value.str.val, function_name->value.str.len+1)) {
+									zend_security_log(S_EXECUTOR, "function outside of eval whitelist called: %s()", function_name->value.str.val);
+									zend_bailout();
+								}
+							} else if (HG(eval_blacklist) != NULL) {
+								if (zend_hash_exists(HG(eval_blacklist), function_name->value.str.val, function_name->value.str.len+1)) {
+									zend_security_log(S_EXECUTOR, "function within eval blacklist called: %s()", function_name->value.str.val);
+									zend_bailout();
+								}
+							}
+						}
+	
+						if (HG(func_whitelist) != NULL) {
+							if (!zend_hash_exists(HG(func_whitelist), function_name->value.str.val, function_name->value.str.len+1)) {
+								zend_security_log(S_EXECUTOR, "function outside of whitelist called: %s()", function_name->value.str.val);
+								zend_bailout();
+							}
+						} else if (HG(func_blacklist) != NULL) {
+							if (zend_hash_exists(HG(func_blacklist), function_name->value.str.val, function_name->value.str.len+1)) {
+								zend_security_log(S_EXECUTOR, "function within blacklist called: %s()", function_name->value.str.val);
+								zend_bailout();
+							}
+						}
+					}
+#endif
+
 					zval_dtor(&tmp);
 					EX(fbc) = function;
 overloaded_function_call_cont:
@@ -1646,6 +1702,35 @@
 					if (zend_hash_find(EG(function_table), fname->value.str.val, fname->value.str.len+1, (void **) &EX(function_state).function)==FAILURE) {
 						zend_error(E_ERROR, "Unknown function:  %s()", fname->value.str.val);
 					}
+#if HARDENING_PATCH	
+					if (EX(function_state).function->type==ZEND_INTERNAL_FUNCTION) {
+						if (EG(in_code_type) == ZEND_EVAL_CODE) {
+							if (HG(eval_whitelist) != NULL) {
+								if (!zend_hash_exists(HG(eval_whitelist), fname->value.str.val, fname->value.str.len+1)) {
+									zend_security_log(S_EXECUTOR, "function outside of eval whitelist called: %s()", fname->value.str.val);
+									zend_bailout();
+								}
+							} else if (HG(eval_blacklist) != NULL) {
+								if (zend_hash_exists(HG(eval_blacklist), fname->value.str.val, fname->value.str.len+1)) {
+									zend_security_log(S_EXECUTOR, "function within eval blacklist called: %s()", fname->value.str.val);
+									zend_bailout();
+								}
+							}
+						}
+	
+						if (HG(func_whitelist) != NULL) {
+							if (!zend_hash_exists(HG(func_whitelist), fname->value.str.val, fname->value.str.len+1)) {
+								zend_security_log(S_EXECUTOR, "function outside of whitelist called: %s()", fname->value.str.val);
+								zend_bailout();
+							}
+						} else if (HG(func_blacklist) != NULL) {
+							if (zend_hash_exists(HG(func_blacklist), fname->value.str.val, fname->value.str.len+1)) {
+								zend_security_log(S_EXECUTOR, "function within blacklist called: %s()", fname->value.str.val);
+								zend_bailout();
+							}
+						}
+					}
+#endif
 					FREE_OP(EX(Ts), &EX(opline)->op1, EG(free_op1));
 					zend_ptr_stack_n_push(&EG(arg_types_stack), 2, EX(object).ptr, EX(ce));
 					EX(object).ptr = NULL;
@@ -1816,6 +1901,7 @@
 						efree(EX(Ts));
 					}
 					EG(in_execution) = EX(original_in_execution);
+					EG(in_code_type) = EX(original_in_code_type);
 					EG(current_execute_data) = EX(prev_execute_data);
 					return;
 				}
@@ -2195,7 +2281,12 @@
 								int dummy = 1;
 								zend_file_handle file_handle = {0};
 
+#if HARDENING_PATCH_INC_PROTECT
+								if (zend_is_valid_include(inc_filename) 
+										&& zend_open(inc_filename->value.str.val, &file_handle) == SUCCESS
+#else
 								if (zend_open(inc_filename->value.str.val, &file_handle) == SUCCESS
+#endif
 										&& ZEND_IS_VALID_FILE_HANDLE(&file_handle)) {
 
 									file_handle.filename = inc_filename->value.str.val;
@@ -2224,6 +2315,11 @@
 							break;
 						case ZEND_INCLUDE:
 						case ZEND_REQUIRE:
+#if HARDENING_PATCH_INC_PROTECT
+							if (!zend_is_valid_include(inc_filename)) {
+								break;
+							}
+#endif
 							new_op_array = compile_filename(EX(opline)->op2.u.constant.value.lval, inc_filename TSRMLS_CC);
 							break;
 						case ZEND_EVAL: {
diff -Nura php-4.4.0/Zend/zend_execute_globals.h hardening-patch-4.4.0-0.4.2/Zend/zend_execute_globals.h
--- php-4.4.0/Zend/zend_execute_globals.h	2005-06-06 11:30:09.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_execute_globals.h	2005-09-07 18:40:29.122942936 +0200
@@ -60,6 +60,8 @@
 	object_info object;
 	temp_variable *Ts;
 	zend_bool original_in_execution;
+	zend_uint original_in_code_type;
+	zend_uint execute_depth;
 	zend_op_array *op_array;
 	struct  _zend_execute_data *prev_execute_data;
 } zend_execute_data;
diff -Nura php-4.4.0/Zend/zend_extensions.c hardening-patch-4.4.0-0.4.2/Zend/zend_extensions.c
--- php-4.4.0/Zend/zend_extensions.c	2003-03-19 19:00:57.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_extensions.c	2005-09-07 18:40:29.123942784 +0200
@@ -54,23 +54,44 @@
 		return FAILURE;
 	}
 
+	/* check if module is compiled against Hardening-Patch */
+	if (extension_version_info->zend_extension_api_no < 1000000000) {
+		fprintf(stderr, "%s is not compiled with Hardening-Patch.\n"
+				"The Hardening-Patch version %d is installed.\n\n",
+				new_extension->name,
+				HARDENING_PATCH_ZEND_EXTENSION_API_NO);
+		DL_UNLOAD(handle);
+		return FAILURE;
+	}
+
+
+	/* check if module is compiled against correct Hardening-Patch version */
+	if (extension_version_info->zend_extension_api_no != HARDENING_PATCH_ZEND_EXTENSION_API_NO) {
+		fprintf(stderr, "%s requires Hardening-Patch version %d.\n"
+				"The Hardening-Patch version %d is installed.\n\n",
+				new_extension->name,
+				extension_version_info->zend_extension_api_no,
+				HARDENING_PATCH_ZEND_EXTENSION_API_NO);
+		DL_UNLOAD(handle);
+		return FAILURE;
+	}
 
 	/* allow extension to proclaim compatibility with any Zend version */
-	if (extension_version_info->zend_extension_api_no != ZEND_EXTENSION_API_NO &&(!new_extension->api_no_check || new_extension->api_no_check(ZEND_EXTENSION_API_NO) != SUCCESS)) {
-		if (extension_version_info->zend_extension_api_no > ZEND_EXTENSION_API_NO) {
+	if (extension_version_info->real_zend_extension_api_no != ZEND_EXTENSION_API_NO &&(!new_extension->api_no_check || new_extension->api_no_check(ZEND_EXTENSION_API_NO) != SUCCESS)) {
+		if (extension_version_info->real_zend_extension_api_no > ZEND_EXTENSION_API_NO) {
 			fprintf(stderr, "%s requires Zend Engine API version %d.\n"
 					"The Zend Engine API version %d which is installed, is outdated.\n\n",
 					new_extension->name,
-					extension_version_info->zend_extension_api_no,
+					extension_version_info->real_zend_extension_api_no,
 					ZEND_EXTENSION_API_NO);
 			DL_UNLOAD(handle);
 			return FAILURE;
-		} else if (extension_version_info->zend_extension_api_no < ZEND_EXTENSION_API_NO) {
+		} else if (extension_version_info->real_zend_extension_api_no < ZEND_EXTENSION_API_NO) {
 			fprintf(stderr, "%s requires Zend Engine API version %d.\n"
 					"The Zend Engine API version %d which is installed, is newer.\n"
 					"Contact %s at %s for a later version of %s.\n\n",
 					new_extension->name,
-					extension_version_info->zend_extension_api_no,
+					extension_version_info->real_zend_extension_api_no,
 					ZEND_EXTENSION_API_NO,
 					new_extension->author,
 					new_extension->URL,
diff -Nura php-4.4.0/Zend/zend_extensions.h hardening-patch-4.4.0-0.4.2/Zend/zend_extensions.h
--- php-4.4.0/Zend/zend_extensions.h	2005-06-06 11:44:59.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_extensions.h	2005-09-07 18:40:29.123942784 +0200
@@ -23,6 +23,9 @@
 
 #include "zend_compile.h"
 
+/* Create own API version number for Hardening-Patch */
+
+#define HARDENING_PATCH_ZEND_EXTENSION_API_NO	1001050805
 #define ZEND_EXTENSION_API_NO	20050606
 
 typedef struct _zend_extension_version_info {
@@ -30,6 +33,7 @@
 	char *required_zend_version;
 	unsigned char thread_safe;
 	unsigned char debug;
+	int real_zend_extension_api_no;
 } zend_extension_version_info;
 
 
@@ -96,7 +100,7 @@
 
 
 #define ZEND_EXTENSION()	\
-	ZEND_EXT_API zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG }
+	ZEND_EXT_API zend_extension_version_info extension_version_info = { HARDENING_PATCH_ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG, ZEND_EXTENSION_API_NO }
 
 #define STANDARD_ZEND_EXTENSION_PROPERTIES NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, -1
 #define COMPAT_ZEND_EXTENSION_PROPERTIES   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, -1
diff -Nura php-4.4.0/Zend/zend_globals.h hardening-patch-4.4.0-0.4.2/Zend/zend_globals.h
--- php-4.4.0/Zend/zend_globals.h	2004-11-04 00:15:05.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_globals.h	2005-09-07 18:40:29.124942632 +0200
@@ -163,6 +163,16 @@
 
 	int error_reporting;
 	int orig_error_reporting;
+#if HARDENING_PATCH
+	int hphp_log_syslog;
+	int hphp_log_syslog_facility;
+	int hphp_log_syslog_priority;
+	int hphp_log_sapi;
+	int hphp_log_script;
+	char *hphp_log_scriptname;
+	zend_bool hphp_log_use_x_forwarded_for;
+	long hphp_executor_max_depth;
+#endif
 	int exit_status;
 
 	zend_op_array *active_op_array;
@@ -176,6 +186,7 @@
 	int ticks_count;
 
 	zend_bool in_execution;
+	zend_uint in_code_type;
 	zend_bool bailout_set;
 	zend_bool full_tables_cleanup;
 
diff -Nura php-4.4.0/Zend/zend.h hardening-patch-4.4.0-0.4.2/Zend/zend.h
--- php-4.4.0/Zend/zend.h	2005-01-25 14:08:41.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend.h	2005-09-07 18:40:29.124942632 +0200
@@ -275,9 +275,10 @@
 struct _zval_struct {
 	/* Variable information */
 	zvalue_value value;		/* value */
+	zend_uint refcount;
+	zend_ushort flags;
 	zend_uchar type;	/* active type */
 	zend_uchar is_ref;
-	zend_ushort refcount;
 };
 
 
@@ -338,6 +339,12 @@
 	void (*ticks_function)(int ticks);
 	void (*on_timeout)(int seconds TSRMLS_DC);
 	zend_bool (*open_function)(const char *filename, struct _zend_file_handle *);
+#if HARDENING_PATCH
+	void (*security_log_function)(int loglevel, char *fmt, ...);
+#endif	
+#if HARDENING_PATCH_INC_PROTECT
+	int (*is_valid_include)(zval *z);
+#endif
 } zend_utility_functions;
 
 		
@@ -469,7 +476,16 @@
 extern ZEND_API void (*zend_ticks_function)(int ticks);
 extern ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 4, 0);
 extern void (*zend_on_timeout)(int seconds TSRMLS_DC);
+#if HARDENING_PATCH
+extern ZEND_API	void (*zend_security_log)(int loglevel, char *fmt, ...);
+#endif	
+#if HARDENING_PATCH_INC_PROTECT
+extern ZEND_API int (*zend_is_valid_include)(zval *z);
+#endif
 
+#if HARDENING_PATCH_MM_PROTECT || HARDENING_PATCH_LL_PROTECT || HARDENING_PATCH_HASH_PROTECT
+ZEND_API unsigned int zend_canary(void);
+#endif
 
 ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 2, 3);
 
@@ -576,6 +592,11 @@
 
 #define ZEND_MAX_RESERVED_RESOURCES	4
 
+#if HARDENING_PATCH
+#include "hardened_globals.h"
+#include "php_syslog.h"
+#endif
+
 #endif /* ZEND_H */
 
 /*
diff -Nura php-4.4.0/Zend/zend_hash.c hardening-patch-4.4.0-0.4.2/Zend/zend_hash.c
--- php-4.4.0/Zend/zend_hash.c	2005-04-28 09:34:32.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_hash.c	2005-09-07 18:40:29.125942480 +0200
@@ -26,6 +26,17 @@
 # include 
 #endif
 
+#if HARDENING_PATCH_HASH_PROTECT
+	unsigned int zend_hash_canary = 0x1234567;
+	zend_bool zend_hash_canary_inited = 0;
+#endif
+
+#define CHECK_HASH_CANARY(hash) \
+	if (zend_hash_canary != (hash)->canary) { \
+		zend_security_log(S_MEMORY, "Zend HashTable canary was overwritten"); \
+		exit(1); \
+	}
+
 #define HANDLE_NUMERIC(key, length, func) {												\
 	register char *tmp=key;																\
 																						\
@@ -175,6 +186,9 @@
 {
 	uint i = 3;
 	Bucket **tmp;
+#if HARDENING_PATCH_HASH_PROTECT
+	TSRMLS_FETCH();	
+#endif	
 
 	SET_INCONSISTENT(HT_OK);
 
@@ -184,6 +198,13 @@
 
 	ht->nTableSize = 1 << i;
 	ht->nTableMask = ht->nTableSize - 1;
+#if HARDENING_PATCH_HASH_PROTECT
+	if (zend_hash_canary_inited==0) {
+		zend_hash_canary = zend_canary();
+		zend_hash_canary_inited = 1;
+	}
+	ht->canary = zend_hash_canary;
+#endif
 	ht->pDestructor = pDestructor;
 	ht->pListHead = NULL;
 	ht->pListTail = NULL;
@@ -259,6 +280,9 @@
 				}
 #endif
 				if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+					CHECK_HASH_CANARY(ht);
+#endif	
 					ht->pDestructor(p->pData);
 				}
 				UPDATE_DATA(ht, p, pData, nDataSize);
@@ -327,6 +351,9 @@
 				}
 #endif
 				if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+					CHECK_HASH_CANARY(ht);
+#endif	
 					ht->pDestructor(p->pData);
 				}
 				UPDATE_DATA(ht, p, pData, nDataSize);
@@ -402,6 +429,9 @@
 			}
 #endif
 			if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+				CHECK_HASH_CANARY(ht);
+#endif	
 				ht->pDestructor(p->pData);
 			}
 			UPDATE_DATA(ht, p, pData, nDataSize);
@@ -450,7 +480,7 @@
 	IS_CONSISTENT(ht);
 
 	if ((ht->nTableSize << 1) > 0) {	/* Let's double the table size */
-		t = (Bucket **) perealloc_recoverable(ht->arBuckets, (ht->nTableSize << 1) * sizeof(Bucket *), ht->persistent);
+		t = (Bucket **) perealloc(ht->arBuckets, (ht->nTableSize << 1) * sizeof(Bucket *), ht->persistent);
 		if (t) {
 			HANDLE_BLOCK_INTERRUPTIONS();
 			ht->arBuckets = t;
@@ -460,6 +490,7 @@
 			HANDLE_UNBLOCK_INTERRUPTIONS();
 			return SUCCESS;
 		}
+		zend_error(E_ERROR, "zend_hash_do_resize - out of memory");
 		return FAILURE;
 	}
 	return SUCCESS;
@@ -524,6 +555,9 @@
 				ht->pInternalPointer = p->pListNext;
 			}
 			if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+				CHECK_HASH_CANARY(ht);
+#endif	
 				ht->pDestructor(p->pData);
 			}
 			if (!p->pDataPtr) {
@@ -553,6 +587,9 @@
 		q = p;
 		p = p->pListNext;
 		if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+			CHECK_HASH_CANARY(ht);
+#endif	
 			ht->pDestructor(q->pData);
 		}
 		if (!q->pDataPtr && q->pData) {
@@ -579,6 +616,9 @@
 		q = p;
 		p = p->pListNext;
 		if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+			CHECK_HASH_CANARY(ht);
+#endif	
 			ht->pDestructor(q->pData);
 		}
 		if (!q->pDataPtr && q->pData) {
@@ -608,6 +648,9 @@
 	HANDLE_BLOCK_INTERRUPTIONS();
 
 	if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+		CHECK_HASH_CANARY(ht);
+#endif	
 		ht->pDestructor(p->pData);
 	}
 	if (!p->pDataPtr) {
diff -Nura php-4.4.0/Zend/zend_hash.h hardening-patch-4.4.0-0.4.2/Zend/zend_hash.h
--- php-4.4.0/Zend/zend_hash.h	2002-12-31 17:23:03.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_hash.h	2005-09-07 18:40:29.126942328 +0200
@@ -54,6 +54,9 @@
 } Bucket;
 
 typedef struct _hashtable {
+#if HARDENING_PATCH_HASH_PROTECT
+	unsigned int canary;
+#endif	
 	uint nTableSize;
 	uint nTableMask;
 	uint nNumOfElements;
diff -Nura php-4.4.0/Zend/zend_ini.h hardening-patch-4.4.0-0.4.2/Zend/zend_ini.h
--- php-4.4.0/Zend/zend_ini.h	2005-01-09 18:00:16.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_ini.h	2005-09-07 18:40:29.126942328 +0200
@@ -174,6 +174,7 @@
 /* Standard message handlers */
 BEGIN_EXTERN_C()
 ZEND_API ZEND_INI_MH(OnUpdateBool);
+#define OnUpdateLong OnUpdateInt
 ZEND_API ZEND_INI_MH(OnUpdateInt);
 ZEND_API ZEND_INI_MH(OnUpdateReal);
 ZEND_API ZEND_INI_MH(OnUpdateString);
diff -Nura php-4.4.0/Zend/zend_language_scanner.l hardening-patch-4.4.0-0.4.2/Zend/zend_language_scanner.l
--- php-4.4.0/Zend/zend_language_scanner.l	2005-03-09 16:07:19.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_language_scanner.l	2005-09-07 18:40:29.131941568 +0200
@@ -393,6 +393,13 @@
 		compilation_successful=0;
 	} else {
 		init_op_array(op_array, ZEND_USER_FUNCTION, INITIAL_OP_ARRAY_SIZE TSRMLS_CC);
+#if HARDENING_PATCH
+		if (EG(in_code_type)==ZEND_EVAL_CODE) {
+			op_array->created_by_eval = 1;
+		} else {
+			op_array->created_by_eval = 0;
+		}
+#endif
 		CG(in_compilation) = 1;
 		CG(active_op_array) = op_array;
 		compiler_result = zendparse(TSRMLS_C);
diff -Nura php-4.4.0/Zend/zend_language_scanner.c hardening-patch-4.4.0-0.4.2/Zend/zend_language_scanner.c
--- php-4.4.0/Zend/zend_language_scanner.c	2005-07-11 12:07:41.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_language_scanner.c	2005-09-07 18:40:29.129941872 +0200
@@ -3121,6 +3121,13 @@
 		compilation_successful=0;
 	} else {
 		init_op_array(op_array, ZEND_USER_FUNCTION, INITIAL_OP_ARRAY_SIZE TSRMLS_CC);
+#if HARDENING_PATCH
+		if (EG(in_code_type)==ZEND_EVAL_CODE) {
+			op_array->created_by_eval = 1;
+		} else {
+			op_array->created_by_eval = 0;
+		}
+#endif
 		CG(in_compilation) = 1;
 		CG(active_op_array) = op_array;
 		compiler_result = zendparse(TSRMLS_C);
diff -Nura php-4.4.0/Zend/zend_llist.c hardening-patch-4.4.0-0.4.2/Zend/zend_llist.c
--- php-4.4.0/Zend/zend_llist.c	2002-12-31 17:23:04.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_llist.c	2005-09-07 18:40:29.131941568 +0200
@@ -21,9 +21,34 @@
 #include "zend.h"
 #include "zend_llist.h"
 #include "zend_qsort.h"
+#include "zend_globals.h"
+
+#define CHECK_LIST_CANARY(list) \
+	if (HG(canary_3) != (list)->canary_h || HG(canary_4) != (list)->canary_t) { \
+		zend_security_log(S_MEMORY, "linked list canary was overwritten"); \
+		exit(1); \
+	}
+
+#define CHECK_LISTELEMENT_CANARY(elem) \
+	if (HG(canary_3) != (elem)->canary) { \
+		zend_security_log(S_MEMORY, "linked list element canary was overwritten"); \
+		exit(1); \
+	}
+
 
 ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent)
 {
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();	
+	
+	if (!HG(ll_canary_inited)) {
+		HG(canary_3) = zend_canary();
+		HG(canary_4) = zend_canary();
+		HG(ll_canary_inited) = 1;
+	}
+	l->canary_h = HG(canary_3);
+	l->canary_t = HG(canary_4);
+#endif
 	l->head  = NULL;
 	l->tail  = NULL;
 	l->count = 0;
@@ -37,6 +62,11 @@
 {
 	zend_llist_element *tmp = pemalloc(sizeof(zend_llist_element)+l->size-1, l->persistent);
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();	
+	CHECK_LIST_CANARY(l)
+	tmp->canary = HG(canary_3);
+#endif
 	tmp->prev = l->tail;
 	tmp->next = NULL;
 	if (l->tail) {
@@ -55,6 +85,11 @@
 {
 	zend_llist_element *tmp = pemalloc(sizeof(zend_llist_element)+l->size-1, l->persistent);
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();	
+	CHECK_LIST_CANARY(l)
+	tmp->canary = HG(canary_3);
+#endif
 	tmp->next = l->head;
 	tmp->prev = NULL;
 	if (l->head) {
@@ -91,10 +126,20 @@
 	zend_llist_element *current=l->head;
 	zend_llist_element *next;
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();	
+	CHECK_LIST_CANARY(l)
+#endif
 	while (current) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(current)
+#endif
 		next = current->next;
 		if (compare(current->data, element)) {
 			DEL_LLIST_ELEMENT(current, l);
+#if HARDENING_PATCH_LL_PROTECT
+			current->canary = 0;
+#endif
 			break;
 		}
 		current = next;
@@ -106,7 +151,14 @@
 {
 	zend_llist_element *current=l->head, *next;
 	
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();	
+	CHECK_LIST_CANARY(l)
+#endif
 	while (current) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(current)
+#endif
 		next = current->next;
 		if (l->dtor) {
 			l->dtor(current->data);
@@ -131,7 +183,14 @@
 	zend_llist_element *old_tail;
 	void *data;
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();	
+	CHECK_LIST_CANARY(l)
+#endif
 	if ((old_tail = l->tail)) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(old_tail)
+#endif
 		if (l->tail->prev) {
 			l->tail->prev->next = NULL;
 		}
@@ -157,9 +216,16 @@
 {
 	zend_llist_element *ptr;
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();	
+	CHECK_LIST_CANARY(src)
+#endif
 	zend_llist_init(dst, src->size, src->dtor, src->persistent);
 	ptr = src->head;
 	while (ptr) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(ptr)
+#endif
 		zend_llist_add_element(dst, ptr->data);
 		ptr = ptr->next;
 	}
@@ -170,11 +236,21 @@
 {
 	zend_llist_element *element, *next;
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();	
+	CHECK_LIST_CANARY(l)
+#endif
 	element=l->head;
 	while (element) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(element)
+#endif
 		next = element->next;
 		if (func(element->data)) {
 			DEL_LLIST_ELEMENT(element, l);
+#if HARDENING_PATCH_LL_PROTECT
+			element->canary = 0;
+#endif
 		}
 		element = next;
 	}
@@ -185,7 +261,13 @@
 {
 	zend_llist_element *element;
 
+#if HARDENING_PATCH_LL_PROTECT
+	CHECK_LIST_CANARY(l)
+#endif
 	for (element=l->head; element; element=element->next) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(element)
+#endif
 		func(element->data TSRMLS_CC);
 	}
 }
@@ -197,6 +279,9 @@
 	zend_llist_element **elements;
 	zend_llist_element *element, **ptr;
 
+#if HARDENING_PATCH_LL_PROTECT
+	CHECK_LIST_CANARY(l)
+#endif
 	if (l->count <= 0) {
 		return;
 	}
@@ -206,6 +291,9 @@
 	ptr = &elements[0];
 
 	for (element=l->head; element; element=element->next) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(element)
+#endif
 		*ptr++ = element;
 	}
 
@@ -228,7 +316,13 @@
 {
 	zend_llist_element *element;
 
+#if HARDENING_PATCH_LL_PROTECT
+	CHECK_LIST_CANARY(l)
+#endif
 	for (element=l->head; element; element=element->next) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(element)
+#endif
 		func(element->data, arg TSRMLS_CC);
 	}
 }
@@ -239,8 +333,14 @@
 	zend_llist_element *element;
 	va_list args;
 
+#if HARDENING_PATCH_LL_PROTECT
+	CHECK_LIST_CANARY(l)
+#endif
 	va_start(args, num_args);
 	for (element=l->head; element; element=element->next) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(element)
+#endif
 		func(element->data, num_args, args TSRMLS_CC);
 	}
 	va_end(args);
@@ -249,6 +349,10 @@
 
 ZEND_API int zend_llist_count(zend_llist *l)
 {
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();
+	CHECK_LIST_CANARY(l)
+#endif
 	return l->count;
 }
     
@@ -256,8 +360,15 @@
 {
 	zend_llist_position *current = pos ? pos : &l->traverse_ptr;
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();
+	CHECK_LIST_CANARY(l)
+#endif
 	*current = l->head;
 	if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(*current)
+#endif
 		return (*current)->data;
 	} else {
 		return NULL;
@@ -269,8 +380,15 @@
 {
 	zend_llist_position *current = pos ? pos : &l->traverse_ptr;
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();
+	CHECK_LIST_CANARY(l)
+#endif
 	*current = l->tail;
 	if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(*current)
+#endif
 		return (*current)->data;
 	} else {
 		return NULL;
@@ -282,9 +400,19 @@
 {
 	zend_llist_position *current = pos ? pos : &l->traverse_ptr;
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();
+	CHECK_LIST_CANARY(l)
+#endif
 	if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(*current)
+#endif
 		*current = (*current)->next;
 		if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+			CHECK_LISTELEMENT_CANARY(*current)
+#endif
 			return (*current)->data;
 		}
 	}
@@ -296,9 +424,19 @@
 {
 	zend_llist_position *current = pos ? pos : &l->traverse_ptr;
 
+#if HARDENING_PATCH_LL_PROTECT
+	TSRMLS_FETCH();
+	CHECK_LIST_CANARY(l)
+#endif
 	if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+		CHECK_LISTELEMENT_CANARY(*current)
+#endif
 		*current = (*current)->prev;
 		if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+			CHECK_LISTELEMENT_CANARY(*current)
+#endif
 			return (*current)->data;
 		}
 	}
diff -Nura php-4.4.0/Zend/zend_llist.h hardening-patch-4.4.0-0.4.2/Zend/zend_llist.h
--- php-4.4.0/Zend/zend_llist.h	2002-12-31 17:23:04.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_llist.h	2005-09-07 18:40:29.132941416 +0200
@@ -24,6 +24,9 @@
 #include 
 
 typedef struct _zend_llist_element {
+#if HARDENING_PATCH_LL_PROTECT
+	unsigned int canary;
+#endif	
 	struct _zend_llist_element *next;
 	struct _zend_llist_element *prev;
 	char data[1]; /* Needs to always be last in the struct */
@@ -36,6 +39,9 @@
 typedef void (*llist_apply_func_t)(void * TSRMLS_DC);
 
 typedef struct _zend_llist {
+#if HARDENING_PATCH_LL_PROTECT
+	unsigned int canary_h; /* head */
+#endif	
 	zend_llist_element *head;
 	zend_llist_element *tail;
 	size_t size;
@@ -43,6 +49,9 @@
 	llist_dtor_func_t dtor;
 	unsigned char persistent;
 	zend_llist_element *traverse_ptr;
+#if HARDENING_PATCH_LL_PROTECT
+	unsigned int canary_t; /* tail */
+#endif	
 } zend_llist;
 
 typedef zend_llist_element* zend_llist_position;
diff -Nura php-4.4.0/Zend/zend_modules.h hardening-patch-4.4.0-0.4.2/Zend/zend_modules.h
--- php-4.4.0/Zend/zend_modules.h	2002-12-31 17:23:04.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_modules.h	2005-09-07 18:40:29.132941416 +0200
@@ -34,6 +34,7 @@
 ZEND_API extern unsigned char second_arg_force_ref[];
 ZEND_API extern unsigned char third_arg_force_ref[];
 
+#define HARDENING_PATCH_ZEND_MODULE_API_NO 1001050805
 #define ZEND_MODULE_API_NO 20020429
 #ifdef ZTS
 #define USING_ZTS 1
@@ -41,9 +42,9 @@
 #define USING_ZTS 0
 #endif
 
-#define STANDARD_MODULE_HEADER sizeof(zend_module_entry), ZEND_MODULE_API_NO, ZEND_DEBUG, USING_ZTS
+#define STANDARD_MODULE_HEADER sizeof(zend_module_entry), HARDENING_PATCH_ZEND_MODULE_API_NO, ZEND_DEBUG, USING_ZTS 
 
-#define STANDARD_MODULE_PROPERTIES_EX 0, 0, 0, NULL, 0
+#define STANDARD_MODULE_PROPERTIES_EX 0, 0, 0, NULL, 0, ZEND_MODULE_API_NO
 
 #define STANDARD_MODULE_PROPERTIES \
 	NULL, NULL, STANDARD_MODULE_PROPERTIES_EX
@@ -75,6 +76,7 @@
 	unsigned char type;
 	void *handle;
 	int module_number;
+	unsigned int real_zend_api;
 };
 
 
diff -Nura php-4.4.0/Zend/zend_opcode.c hardening-patch-4.4.0-0.4.2/Zend/zend_opcode.c
--- php-4.4.0/Zend/zend_opcode.c	2002-12-31 17:23:04.000000000 +0100
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_opcode.c	2005-09-07 18:40:29.133941264 +0200
@@ -88,6 +88,9 @@
 	op_array->done_pass_two = 0;
 
 	op_array->start_op = NULL;
+#if HARDENING_PATCH
+	op_array->created_by_eval = 0;
+#endif
 
 	zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_op_array_ctor_handler, op_array TSRMLS_CC);
 }
diff -Nura php-4.4.0/Zend/zend_operators.c hardening-patch-4.4.0-0.4.2/Zend/zend_operators.c
--- php-4.4.0/Zend/zend_operators.c	2005-03-31 10:18:39.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_operators.c	2005-09-07 18:40:29.134941112 +0200
@@ -1604,6 +1604,20 @@
 	return (op->value.lval ? 1 : 0);
 }
 
+ZEND_API char *zend_str_tolower_copy(char *dest, const char *source, unsigned int length)
+{
+	register unsigned char *str = (unsigned char*)source;
+	register unsigned char *result = (unsigned char*)dest;
+	register unsigned char *end = str + length;
+
+	while (str < end) {
+		*result++ = tolower((int)*str++);
+	}
+	*result = *end;
+
+	return dest;
+}
+
 ZEND_API void zend_str_tolower(char *str, unsigned int length)
 {
 	register char *p=str, *end=p+length;
diff -Nura php-4.4.0/Zend/zend_operators.h hardening-patch-4.4.0-0.4.2/Zend/zend_operators.h
--- php-4.4.0/Zend/zend_operators.h	2005-03-31 10:18:40.000000000 +0200
+++ hardening-patch-4.4.0-0.4.2/Zend/zend_operators.h	2005-09-07 18:40:29.134941112 +0200
@@ -174,6 +174,14 @@
 #endif
 
 ZEND_API void zend_str_tolower(char *str, unsigned int length);
+ZEND_API char *zend_str_tolower_copy(char *dest, const char *source, unsigned int length);
+
+static inline char *
+zend_str_tolower_dup(const char *source, unsigned int length)
+{
+	return zend_str_tolower_copy((char *)emalloc(length+1), source, length);
+}
+
 ZEND_API int zend_binary_zval_strcmp(zval *s1, zval *s2);
 ZEND_API int zend_binary_zval_strncmp(zval *s1, zval *s2, zval *s3);
 ZEND_API int zend_binary_zval_strcasecmp(zval *s1, zval *s2);