> main/safe_mode.c: php_checkuid() > That's one good place as all local file system operations *SHOULD* go through this point (if we've done our jobs right). But anytime you change PHP versions you'll need to reapply your patch, possibly rewrite parts of it if the internals have changed noticably.
> I have also looked in other files: > main/fopen_wrappers.c > main/streams.c > The streams layer is the right place to put hooks like this, and lets you tell one type of file operation (open, read, stat, etc...) but it may be more than you need. You can do it in a couple of ways: 1) You can build your "extended security" thingy as a PHP extension which, when loaded removes the plainfiles wrapper and replaces it with your own version (which may passthru to the original version after checks/logging). This option has the plus of being completely modular from version to version avoiding the need to create wonky hacks everytime, and can even be quickly put-in/taken-out on an as-needed basis. (Hint: This is the route I'd go if I were doing this) 2) You could simply override/modify the plainfiles methods in the streams code. In PHP4 you'll find the plainfiles wrapper in amongst the code in main/streams.c, in PHP5 it's moved into its own file in the main/streams/ directory. This route would be easier, but would require re-doing it everytime you upgrade versions. -Sara P.S. - All of the above assumes that you're ONLY talking about local filesystem access and not remote resources (http, ftp, etc...) or stdio pipes (stdin, stdout, stderr, etc...). If you want to hook ALL streams I/O then I'd probably recommend replacing php_stream_locate_wrapper() in streams.c which is called in response to EVERY user generated stream function (well okay, not socket streams like tcp, udp, unix, those are a bit "special", but it does still include http://, and ftp:// actions). -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
