Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:21937
Return-Path: <pollita@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25873 invoked by uid 1010); 19 Feb 2006 03:37:17 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 25858 invoked from network); 19 Feb 2006 03:37:17 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Feb 2006 03:37:17 -0000
X-Host-Fingerprint: 69.12.155.130 69-12-155-130.dsl.static.sonic.net Linux 2.4/2.6
Received: from ([69.12.155.130:1411] helo=pigeon.alphaweb.net)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id BE/92-24075-CE7E7F34 for <internals@lists.php.net>; Sat, 18 Feb 2006 22:37:16 -0500
Received: from localhost ([127.0.0.1] helo=stumpy)
	by pigeon.alphaweb.net with smtp (Exim 4.10)
	id 1FAeRn-0005cq-00; Sat, 18 Feb 2006 18:37:15 -0800
Message-ID: <001a01c63506$330a0b50$7d051fac@stumpy>
To: "Andi Gutmans" <andi@zend.com>
Cc: "Wez Furlong" <wez@thebrainroom.com>,
	"internals" <internals@lists.php.net>
References: <7.0.1.0.2.20060218170026.02a224f8@zend.com> <7.0.1.0.2.20060218171430.02a1c038@zend.com>
Date: Sat, 18 Feb 2006 19:40:15 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Subject: Re: [PHP-DEV] Nuking safe_mode
From: pollita@php.net ("Sara Golemon")

>>I'm nuking safe_mode and I found something odd. In streams, 
>>php_plain_files_unlink() only checks php_check_open_basedir() when 
>>ENFORCE_SAFE_MODE is flagged. I was planning on nuking ENFORCE_SAFE_MODE 
>>completely. Is this a bug? Or should I rename ENFORCE_SAFE_MODE  to 
>>ENFORCE_OPEN_BASEDIR?
>>
>I just saw we have STREAM_DISABLE_OPEN_BASEDIR.
> Should I just check if that is 0 and do the open_basedir check in that 
> case?
>
Agreed.  This slight logic twist got intrduced when unlink was routed 
through wrapper->ops.  It should be:

if (ENFORCE_SAFE_MODE) { /* safe mode check*/ }
if (!DISABLE_OPEN_BASEDIR) { /* do open basedir check */ }

Bad news, I'm probably the one who did that, good news the practical fact of 
the matter is that it'd be uncommon to use both or neither option.  It's 
more "normal" to use one or the other so the logic as-is isn't particularly 
harmful, just.... not-entirely-right.  Looking at a quick grep, the only use 
of wops->unlink() I actually see is the one in 
ext/standard/file.c:PHP_FUNCTION(unlink) anyway.

-Sara