summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Fuhrmannek2014-12-03 13:52:57 +0100
committerBen Fuhrmannek2014-12-03 13:52:57 +0100
commitf08ccc6821dc6d56cf204f04eb988efe6c18c0d2 (patch)
tree1f50dfe7cfabff09f7b0acd478dc47467c26240a
parent5a0d9ff59f2a222259e430076f83ae62421d684e (diff)
parent7ea20b91eaa4d977991ef81bf1000758c9d3b6c6 (diff)
Merge branch 'master' into 0.9.37
Diffstat
-rw-r--r--execute.c8
-rw-r--r--suhosin.c6
-rw-r--r--suhosin.ini7
-rw-r--r--tests/executor/function_whiletist_absmax.phpt (renamed from tests/executor/function_whilelist_absmax.phpt)0
-rw-r--r--tests/executor/function_whitelist.phpt (renamed from tests/executor/function_whilelist.phpt)0
-rw-r--r--tests/executor/function_whitelist_call_user_func.phpt (renamed from tests/executor/function_whilelist_call_user_func.phpt)0
-rw-r--r--tests/executor/function_whitelist_maxabs.phpt (renamed from tests/executor/function_whilelist_maxabs.phpt)0
-rw-r--r--tests/include/include_constant.phpt2
-rw-r--r--tests/include/include_once_constant.phpt2
-rw-r--r--tests/include/include_once_tmpvar.phpt2
-rw-r--r--tests/include/include_once_var.phpt2
-rw-r--r--tests/include/include_tmpvar.phpt2
-rw-r--r--tests/include/include_var.phpt2
-rw-r--r--tests/include/require_constant.phpt2
-rw-r--r--tests/include/require_once_constant.phpt2
-rw-r--r--tests/include/require_once_tmpvar.phpt2
-rw-r--r--tests/include/require_once_var.phpt2
-rw-r--r--tests/include/require_tmpvar.phpt2
-rw-r--r--tests/include/require_var.phpt2
19 files changed, 26 insertions, 19 deletions
diff --git a/execute.c b/execute.c
index fb91284..aa37fb9 100644
--- a/execute.c
+++ b/execute.c
@@ -299,12 +299,12 @@ static zend_bool suhosin_zend_open(const char *filename, zend_file_handle *fh)
299 break; 299 break;
300 300
301 case SUHOSIN_CODE_TYPE_BLACKURL: 301 case SUHOSIN_CODE_TYPE_BLACKURL:
302 suhosin_log(S_INCLUDE, "Include filename ('%s') is an URL that is forbidden by the blacklist", filename); 302 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is forbidden by the blacklist", filename);
303 suhosin_bailout(TSRMLS_C); 303 suhosin_bailout(TSRMLS_C);
304 break; 304 break;
305 305
306 case SUHOSIN_CODE_TYPE_BADURL: 306 case SUHOSIN_CODE_TYPE_BADURL:
307 suhosin_log(S_INCLUDE, "Include filename ('%s') is an URL that is not allowed", filename); 307 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is not allowed", filename);
308 suhosin_bailout(TSRMLS_C); 308 suhosin_bailout(TSRMLS_C);
309 break; 309 break;
310 310
@@ -607,12 +607,12 @@ not_evaled_code:
607 break; 607 break;
608 608
609 case SUHOSIN_CODE_TYPE_BLACKURL: 609 case SUHOSIN_CODE_TYPE_BLACKURL:
610 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is an URL that is forbidden by the blacklist", op_array->filename); 610 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is forbidden by the blacklist", op_array->filename);
611 suhosin_bailout(TSRMLS_C); 611 suhosin_bailout(TSRMLS_C);
612 break; 612 break;
613 613
614 case SUHOSIN_CODE_TYPE_BADURL: 614 case SUHOSIN_CODE_TYPE_BADURL:
615 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is an URL that is not allowed", op_array->filename); 615 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is not allowed", op_array->filename);
616 suhosin_bailout(TSRMLS_C); 616 suhosin_bailout(TSRMLS_C);
617 break; 617 break;
618 618
diff --git a/suhosin.c b/suhosin.c
index b186fbb..8ce279d 100644
--- a/suhosin.c
+++ b/suhosin.c
@@ -211,7 +211,7 @@ static void suhosin_shutdown(zend_extension *extension)
211 211
212static int suhosin_startup_wrapper(zend_extension *ext) 212static int suhosin_startup_wrapper(zend_extension *ext)
213{ 213{
214 int res; 214 int res = SUCCESS;
215 zend_extension *ex = &suhosin_zend_extension_entry; 215 zend_extension *ex = &suhosin_zend_extension_entry;
216 char *new_info; 216 char *new_info;
217 int new_info_length; 217 int new_info_length;
@@ -244,7 +244,9 @@ static int suhosin_startup_wrapper(zend_extension *ext)
244 ze->op_array_dtor = stealth_op_array_dtor; 244 ze->op_array_dtor = stealth_op_array_dtor;
245 /*}*/ 245 /*}*/
246 246
247 res = old_startup(ext); 247 if (old_startup != NULL) {
248 res = old_startup(ext);
249 }
248 250
249/* ex->name = NULL; 251/* ex->name = NULL;
250 ex->author = NULL; 252 ex->author = NULL;
diff --git a/suhosin.ini b/suhosin.ini
index f844b9e..e739dff 100644
--- a/suhosin.ini
+++ b/suhosin.ini
@@ -338,7 +338,12 @@
338; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is 338; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
339; specified, then the blacklist is evaluated. 339; specified, then the blacklist is evaluated.
340; 340;
341; Note: This setting deactivates suhosin.executor.include.blacklist. 341; Notes:
342;
343; * This setting deactivates suhosin.executor.include.blacklist.
344; * If both suhosin.executor.include.whitelist and
345; suhosin.executor.include.blacklist are unset or empty, all URLs will be
346; blocked. This is the default.
342; 347;
343;suhosin.executor.include.whitelist = 348;suhosin.executor.include.whitelist =
344; 349;
diff --git a/tests/executor/function_whilelist_absmax.phpt b/tests/executor/function_whiletist_absmax.phpt
index f240e69..f240e69 100644
--- a/tests/executor/function_whilelist_absmax.phpt
+++ b/tests/executor/function_whiletist_absmax.phpt
diff --git a/tests/executor/function_whilelist.phpt b/tests/executor/function_whitelist.phpt
index 9017ab4..9017ab4 100644
--- a/tests/executor/function_whilelist.phpt
+++ b/tests/executor/function_whitelist.phpt
diff --git a/tests/executor/function_whilelist_call_user_func.phpt b/tests/executor/function_whitelist_call_user_func.phpt
index a54010f..a54010f 100644
--- a/tests/executor/function_whilelist_call_user_func.phpt
+++ b/tests/executor/function_whitelist_call_user_func.phpt
diff --git a/tests/executor/function_whilelist_maxabs.phpt b/tests/executor/function_whitelist_maxabs.phpt
index 88a356e..88a356e 100644
--- a/tests/executor/function_whilelist_maxabs.phpt
+++ b/tests/executor/function_whitelist_maxabs.phpt
diff --git a/tests/include/include_constant.phpt b/tests/include/include_constant.phpt
index 180aa69..9fdb5ac 100644
--- a/tests/include/include_constant.phpt
+++ b/tests/include/include_constant.phpt
@@ -14,4 +14,4 @@ suhosin.executor.include.blacklist=
14 include "http://127.0.0.1/"; 14 include "http://127.0.0.1/";
15?> 15?>
16--EXPECTF-- 16--EXPECTF--
17ALERT - Include filename ('http://127.0.0.1/') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2) 17ALERT - Include filename ('http://127.0.0.1/') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2)
diff --git a/tests/include/include_once_constant.phpt b/tests/include/include_once_constant.phpt
index 3faac33..66823cd 100644
--- a/tests/include/include_once_constant.phpt
+++ b/tests/include/include_once_constant.phpt
@@ -14,4 +14,4 @@ suhosin.executor.include.blacklist=
14 include_once "http://127.0.0.1/"; 14 include_once "http://127.0.0.1/";
15?> 15?>
16--EXPECTF-- 16--EXPECTF--
17ALERT - Include filename ('http://127.0.0.1/') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2) 17ALERT - Include filename ('http://127.0.0.1/') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2)
diff --git a/tests/include/include_once_tmpvar.phpt b/tests/include/include_once_tmpvar.phpt
index 1f94c5a..4206893 100644
--- a/tests/include/include_once_tmpvar.phpt
+++ b/tests/include/include_once_tmpvar.phpt
@@ -16,4 +16,4 @@ suhosin.executor.include.blacklist=
16 include_once $var.$app; 16 include_once $var.$app;
17?> 17?>
18--EXPECTF-- 18--EXPECTF--
19ALERT - Include filename ('http://127.0.0.1/?') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 4) 19ALERT - Include filename ('http://127.0.0.1/?') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 4)
diff --git a/tests/include/include_once_var.phpt b/tests/include/include_once_var.phpt
index bf38377..3ba3ff7 100644
--- a/tests/include/include_once_var.phpt
+++ b/tests/include/include_once_var.phpt
@@ -15,4 +15,4 @@ suhosin.executor.include.blacklist=
15 include_once $var; 15 include_once $var;
16?> 16?>
17--EXPECTF-- 17--EXPECTF--
18ALERT - Include filename ('http://127.0.0.1/') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 3) 18ALERT - Include filename ('http://127.0.0.1/') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 3)
diff --git a/tests/include/include_tmpvar.phpt b/tests/include/include_tmpvar.phpt
index 8ad26d7..31d2f0f 100644
--- a/tests/include/include_tmpvar.phpt
+++ b/tests/include/include_tmpvar.phpt
@@ -16,4 +16,4 @@ suhosin.executor.include.blacklist=
16 include $var.$app; 16 include $var.$app;
17?> 17?>
18--EXPECTF-- 18--EXPECTF--
19ALERT - Include filename ('http://127.0.0.1/?') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 4) 19ALERT - Include filename ('http://127.0.0.1/?') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 4)
diff --git a/tests/include/include_var.phpt b/tests/include/include_var.phpt
index 7431240..598c093 100644
--- a/tests/include/include_var.phpt
+++ b/tests/include/include_var.phpt
@@ -15,4 +15,4 @@ suhosin.executor.include.blacklist=
15 include $var; 15 include $var;
16?> 16?>
17--EXPECTF-- 17--EXPECTF--
18ALERT - Include filename ('http://127.0.0.1/') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 3) 18ALERT - Include filename ('http://127.0.0.1/') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 3)
diff --git a/tests/include/require_constant.phpt b/tests/include/require_constant.phpt
index 6ee79fb..358d69d 100644
--- a/tests/include/require_constant.phpt
+++ b/tests/include/require_constant.phpt
@@ -14,4 +14,4 @@ suhosin.executor.include.blacklist=
14 require "http://127.0.0.1/"; 14 require "http://127.0.0.1/";
15?> 15?>
16--EXPECTF-- 16--EXPECTF--
17ALERT - Include filename ('http://127.0.0.1/') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2) 17ALERT - Include filename ('http://127.0.0.1/') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2)
diff --git a/tests/include/require_once_constant.phpt b/tests/include/require_once_constant.phpt
index 43c69c8..699720a 100644
--- a/tests/include/require_once_constant.phpt
+++ b/tests/include/require_once_constant.phpt
@@ -14,4 +14,4 @@ suhosin.executor.include.blacklist=
14 require_once "http://127.0.0.1/"; 14 require_once "http://127.0.0.1/";
15?> 15?>
16--EXPECTF-- 16--EXPECTF--
17ALERT - Include filename ('http://127.0.0.1/') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2) 17ALERT - Include filename ('http://127.0.0.1/') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2)
diff --git a/tests/include/require_once_tmpvar.phpt b/tests/include/require_once_tmpvar.phpt
index 2be24b2..956b563 100644
--- a/tests/include/require_once_tmpvar.phpt
+++ b/tests/include/require_once_tmpvar.phpt
@@ -16,4 +16,4 @@ suhosin.executor.include.blacklist=
16 require_once $var.$app; 16 require_once $var.$app;
17?> 17?>
18--EXPECTF-- 18--EXPECTF--
19ALERT - Include filename ('http://127.0.0.1/?') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 4) 19ALERT - Include filename ('http://127.0.0.1/?') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 4)
diff --git a/tests/include/require_once_var.phpt b/tests/include/require_once_var.phpt
index b3857f5..7a2e813 100644
--- a/tests/include/require_once_var.phpt
+++ b/tests/include/require_once_var.phpt
@@ -15,4 +15,4 @@ suhosin.executor.include.blacklist=
15 require_once $var; 15 require_once $var;
16?> 16?>
17--EXPECTF-- 17--EXPECTF--
18ALERT - Include filename ('http://127.0.0.1/') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 3) 18ALERT - Include filename ('http://127.0.0.1/') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 3)
diff --git a/tests/include/require_tmpvar.phpt b/tests/include/require_tmpvar.phpt
index d411067..e0b504f 100644
--- a/tests/include/require_tmpvar.phpt
+++ b/tests/include/require_tmpvar.phpt
@@ -16,4 +16,4 @@ suhosin.executor.include.blacklist=
16 require $var.$app; 16 require $var.$app;
17?> 17?>
18--EXPECTF-- 18--EXPECTF--
19ALERT - Include filename ('http://127.0.0.1/?') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 4) 19ALERT - Include filename ('http://127.0.0.1/?') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 4)
diff --git a/tests/include/require_var.phpt b/tests/include/require_var.phpt
index 20468d4..3ff9745 100644
--- a/tests/include/require_var.phpt
+++ b/tests/include/require_var.phpt
@@ -15,4 +15,4 @@ suhosin.executor.include.blacklist=
15 require $var; 15 require $var;
16?> 16?>
17--EXPECTF-- 17--EXPECTF--
18ALERT - Include filename ('http://127.0.0.1/') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 3) 18ALERT - Include filename ('http://127.0.0.1/') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 3)