Yeah, what she said ;) But with one additional note: some places in the streams internals make assumptions by comparing the wrapper for the stream with the address of the plain_files_wrapper, so if you do hook it, you'll either need to poke the methods from your extension or patch the PHP sources.
If you're wondering what kinds of assumptions, the biggest one that springs to mind is the (probably now infamous) greedy fread/fgets handling, where the behaviour is greedy for local files, but packet based for everything else. --Wez. On Wed, 21 Jul 2004 13:53:22 -0700, Sara Golemon <[EMAIL PROTECTED]> wrote: > > main/safe_mode.c: php_checkuid() > > > That's one good place as all local file system operations *SHOULD* go > through this point (if we've done our jobs right). But anytime you change > PHP versions you'll need to reapply your patch, possibly rewrite parts of it > if the internals have changed noticably. > > > I have also looked in other files: > > main/fopen_wrappers.c > > main/streams.c > > > The streams layer is the right place to put hooks like this, and lets you > tell one type of file operation (open, read, stat, etc...) but it may be > more than you need. You can do it in a couple of ways: > > 1) You can build your "extended security" thingy as a PHP extension which, > when loaded removes the plainfiles wrapper and replaces it with your own > version (which may passthru to the original version after checks/logging). > This option has the plus of being completely modular from version to version > avoiding the need to create wonky hacks everytime, and can even be quickly > put-in/taken-out on an as-needed basis. (Hint: This is the route I'd go if > I were doing this) > > 2) You could simply override/modify the plainfiles methods in the streams > code. In PHP4 you'll find the plainfiles wrapper in amongst the code in > main/streams.c, in PHP5 it's moved into its own file in the main/streams/ > directory. This route would be easier, but would require re-doing it > everytime you upgrade versions. > > -Sara > > P.S. - All of the above assumes that you're ONLY talking about local > filesystem access and not remote resources (http, ftp, etc...) or stdio > pipes (stdin, stdout, stderr, etc...). If you want to hook ALL streams I/O > then I'd probably recommend replacing php_stream_locate_wrapper() in > streams.c which is called in response to EVERY user generated stream > function (well okay, not socket streams like tcp, udp, unix, those are a bit > "special", but it does still include http://, and ftp:// actions). > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
