diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-10-21 12:09:41 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-10-21 12:09:41 +0000 |
| commit | 2a0e32644822d34416f4633b4c6fc8674870e6d8 (patch) | |
| tree | 72e32a7d4a1bbe07e83bcff6402923e4c1ca9b85 /includes/stream_wrappers.inc | |
| parent | c7e9857de4887d33f8020a4e843ef854848f454e (diff) | |
| download | brdo-2a0e32644822d34416f4633b4c6fc8674870e6d8.tar.gz brdo-2a0e32644822d34416f4633b4c6fc8674870e6d8.tar.bz2 | |
- Patch #942690 by effulgentsia: security harden stream wrappers by defaulting them as remote.
Diffstat (limited to 'includes/stream_wrappers.inc')
| -rw-r--r-- | includes/stream_wrappers.inc | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/includes/stream_wrappers.inc b/includes/stream_wrappers.inc index f49d3bc29..23faf4fc9 100644 --- a/includes/stream_wrappers.inc +++ b/includes/stream_wrappers.inc @@ -22,6 +22,9 @@ /** * Stream wrapper bit flags that are the basis for composite types. + * + * Note that 0x0002 is skipped, because it was the value of a constant that has + * since been removed. */ /** @@ -35,11 +38,6 @@ define('STREAM_WRAPPERS_ALL', 0x0000); define('STREAM_WRAPPERS_LOCAL', 0x0001); /** - * Stream wrapper bit flag -- refers to a remote filesystem location. - */ -define('STREAM_WRAPPERS_REMOTE', 0x0002); - -/** * Stream wrapper bit flag -- wrapper is readable (almost always true). */ define('STREAM_WRAPPERS_READ', 0x0004); @@ -65,6 +63,11 @@ define('STREAM_WRAPPERS_VISIBLE', 0x0010); define('STREAM_WRAPPERS_HIDDEN', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_WRITE); /** + * Stream wrapper type flag -- hidden, readable and writeable using local files. + */ +define('STREAM_WRAPPERS_LOCAL_HIDDEN', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_HIDDEN); + +/** * Stream wrapper type flag -- visible, readable and writeable. */ define('STREAM_WRAPPERS_WRITE_VISIBLE', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_WRITE | STREAM_WRAPPERS_VISIBLE); @@ -75,9 +78,18 @@ define('STREAM_WRAPPERS_WRITE_VISIBLE', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_W define('STREAM_WRAPPERS_READ_VISIBLE', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_VISIBLE); /** + * Stream wrapper type flag -- the default when 'type' is omitted from + * hook_stream_wrappers(). This does not include STREAM_WRAPPERS_LOCAL, + * because PHP grants a greater trust level to local files (for example, they + * can be used in an "include" statement, regardless of the "allow_url_include" + * setting), so stream wrappers need to explicitly opt-in to this. + */ +define('STREAM_WRAPPERS_NORMAL', STREAM_WRAPPERS_WRITE_VISIBLE); + +/** * Stream wrapper type flag -- visible, readable and writeable using local files. */ -define('STREAM_WRAPPERS_NORMAL', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_WRITE_VISIBLE); +define('STREAM_WRAPPERS_LOCAL_NORMAL', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_NORMAL); /** * Generic PHP stream wrapper interface. |