diff --git a/.htaccess b/.htaccess index ce89e17..6ae43ba 100644 --- a/.htaccess +++ b/.htaccess @@ -25,9 +25,6 @@ DirectoryIndex index.php index.html index.htm # PHP 5, Apache 1 and 2. - php_flag magic_quotes_gpc off - php_flag magic_quotes_sybase off - php_flag register_globals off php_flag session.auto_start off php_value mbstring.http_input pass php_value mbstring.http_output pass diff --git a/core/INSTALL.txt b/core/INSTALL.txt index b753f3a..ef2dbd0 100644 --- a/core/INSTALL.txt +++ b/core/INSTALL.txt @@ -18,7 +18,7 @@ Drupal requires: - A web server with PHP support, for example: - Apache 2.0 (or greater) (http://httpd.apache.org/). - Nginx 1.1 (or greater) (http://www.nginx.com/). -- PHP 5.3.10 (or greater) (http://www.php.net/). +- PHP 5.4.2 (or greater) (http://www.php.net/). - One of the following databases: - MySQL 5.0.15 (or greater) (http://www.mysql.com/). - MariaDB 5.1.44 (or greater) (http://mariadb.org/). MariaDB is a fully diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc index d071bc4..53e81f8 100644 --- a/core/includes/bootstrap.inc +++ b/core/includes/bootstrap.inc @@ -31,7 +31,7 @@ /** * Minimum supported version of PHP. */ -const DRUPAL_MINIMUM_PHP = '5.3.10'; +const DRUPAL_MINIMUM_PHP = '5.4.2'; /** * Minimum recommended value of PHP memory_limit. @@ -533,13 +533,6 @@ function drupal_environment_initialize() { // sites/default/default.settings.php contains more runtime settings. // The .htaccess file contains settings that cannot be changed at runtime. - // Deny execution with enabled "magic quotes" (both GPC and runtime). - if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) { - header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error'); - print "PHP's 'magic_quotes_gpc' and 'magic_quotes_runtime' settings are not supported and must be disabled."; - exit; - } - // Use session cookies, not transparent sessions that puts the session id in // the query string. ini_set('session.use_cookies', '1'); diff --git a/core/includes/file.inc b/core/includes/file.inc index 028df9c..0a46882 100644 --- a/core/includes/file.inc +++ b/core/includes/file.inc @@ -605,7 +605,7 @@ function file_valid_uri($uri) { * will rename the file until the $destination is unique. * - Provides a fallback using realpaths if the move fails using stream * wrappers. This can occur because PHP's copy() function does not properly - * support streams if safe_mode or open_basedir are enabled. See + * support streams if open_basedir is enabled. See * https://bugs.php.net/bug.php?id=60456 * * @param $source @@ -1026,8 +1026,8 @@ function file_unmanaged_delete_recursive($path, $callback = NULL) { /** * Moves an uploaded file to a new location. * - * PHP's move_uploaded_file() does not properly support streams if safe_mode - * or open_basedir are enabled, so this function fills that gap. + * PHP's move_uploaded_file() does not properly support streams if open_basedir + * is enabled, so this function fills that gap. * * Compatibility: normal paths and stream wrappers. * @@ -1045,9 +1045,9 @@ function file_unmanaged_delete_recursive($path, $callback = NULL) { */ function drupal_move_uploaded_file($filename, $uri) { $result = @move_uploaded_file($filename, $uri); - // PHP's move_uploaded_file() does not properly support streams if safe_mode - // or open_basedir are enabled so if the move failed, try finding a real path - // and retry the move operation. + // PHP's move_uploaded_file() does not properly support streams if + // open_basedir is enabled so if the move failed, try finding a real path and + // retry the move operation. if (!$result) { if ($realpath = drupal_realpath($uri)) { $result = move_uploaded_file($filename, $realpath); diff --git a/core/includes/install.inc b/core/includes/install.inc index 4e70be4..26e2a5a 100644 --- a/core/includes/install.inc +++ b/core/includes/install.inc @@ -846,8 +846,6 @@ function drupal_install_fix_file($file, $mask, $message = TRUE) { } // chmod() will work if the web server is running as owner of the file. - // If PHP safe_mode is enabled the currently executing script must also - // have the same owner. if (@chmod($file, $mod)) { return TRUE; } diff --git a/core/install.php b/core/install.php index b12947a..231850e 100644 --- a/core/install.php +++ b/core/install.php @@ -23,16 +23,8 @@ // The minimum version is specified explicitly, as DRUPAL_MINIMUM_PHP is not // yet available. It is defined in bootstrap.inc, but it is not possible to // load that file yet as it would cause a fatal error on older versions of PHP. -if (version_compare(PHP_VERSION, '5.3.10') < 0) { - print 'Your PHP installation is too old. Drupal requires at least PHP 5.3.10. See the system requirements page for more information.'; - exit; -} - -// Exit early if the PHP option safe_mode is enabled to avoid fatal errors. -// @todo Remove this check once we require PHP > 5.4 as safe mode is deprecated -// in PHP 5.3 and completely removed in PHP 5.4. -if (ini_get('safe_mode')) { - print 'Your PHP installation has safe_mode enabled. Drupal requires the safe_mode option to be turned off. See the system requirements page for more information.'; +if (version_compare(PHP_VERSION, '5.4.2') < 0) { + print 'Your PHP installation is too old. Drupal requires at least PHP 5.4.2. See the system requirements page for more information.'; exit; } diff --git a/core/lib/Drupal/Core/Mail/PhpMail.php b/core/lib/Drupal/Core/Mail/PhpMail.php index d82d770..df3cf77 100644 --- a/core/lib/Drupal/Core/Mail/PhpMail.php +++ b/core/lib/Drupal/Core/Mail/PhpMail.php @@ -47,8 +47,7 @@ public function format(array $message) { public function mail(array $message) { // If 'Return-Path' isn't already set in php.ini, we pass it separately // as an additional parameter instead of in the header. - // However, if PHP's 'safe_mode' is on, this is not allowed. - if (isset($message['headers']['Return-Path']) && !ini_get('safe_mode')) { + if (isset($message['headers']['Return-Path'])) { $return_path_set = strpos(ini_get('sendmail_path'), ' -f'); if (!$return_path_set) { $message['Return-Path'] = $message['headers']['Return-Path']; @@ -77,29 +76,17 @@ public function mail(array $message) { // hosts. The return value of this method will still indicate whether mail // was sent successfully. if (!$request->server->has('WINDIR') && strpos($request->server->get('SERVER_SOFTWARE'), 'Win32') === FALSE) { - if (isset($message['Return-Path']) && !ini_get('safe_mode')) { - // On most non-Windows systems, the "-f" option to the sendmail command - // is used to set the Return-Path. There is no space between -f and - // the value of the return path. - $mail_result = @mail( - $message['to'], - $mail_subject, - $mail_body, - $mail_headers, - '-f' . $message['Return-Path'] - ); - } - else { - // The optional $additional_parameters argument to mail() is not - // allowed if safe_mode is enabled. Passing any value throws a PHP - // warning and makes mail() return FALSE. - $mail_result = @mail( - $message['to'], - $mail_subject, - $mail_body, - $mail_headers - ); - } + // On most non-Windows systems, the "-f" option to the sendmail command + // is used to set the Return-Path. There is no space between -f and + // the value of the return path. + $additional_headers = isset($message['Return-Path']) ? '-f' . $message['Return-Path'] : ''; + $mail_result = @mail( + $message['to'], + $mail_subject, + $mail_body, + $mail_headers, + $additional_headers + ); } else { // On Windows, PHP will use the value of sendmail_from for the diff --git a/core/modules/system/system.install b/core/modules/system/system.install index 0d2dbeb..3ffa17e 100644 --- a/core/modules/system/system.install +++ b/core/modules/system/system.install @@ -74,25 +74,6 @@ function system_requirements($phase) { return $requirements; } - // Test PHP register_globals setting. - $requirements['php_register_globals'] = array( - 'title' => t('PHP register globals'), - ); - $register_globals = trim(ini_get('register_globals')); - // Unfortunately, ini_get() may return many different values, and we can't - // be certain which values mean 'on', so we instead check for 'not off' - // since we never want to tell the user that their site is secure - // (register_globals off), when it is in fact on. We can only guarantee - // register_globals is off if the value returned is 'off', '', or 0. - if (!empty($register_globals) && strtolower($register_globals) != 'off') { - $requirements['php_register_globals']['description'] = t('register_globals is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when register_globals is enabled. The PHP manual has instructions for how to change configuration settings.', array('@url' => 'http://php.net/configuration.changes')); - $requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR; - $requirements['php_register_globals']['value'] = t("Enabled ('@value')", array('@value' => $register_globals)); - } - else { - $requirements['php_register_globals']['value'] = t('Disabled'); - } - // Test for PHP extensions. $requirements['php_extensions'] = array( 'title' => t('PHP extensions'), diff --git a/core/update.php b/core/update.php index 7abd566..c8aaaac 100644 --- a/core/update.php +++ b/core/update.php @@ -28,8 +28,8 @@ // The minimum version is specified explicitly, as DRUPAL_MINIMUM_PHP is not // yet available. It is defined in bootstrap.inc, but it is not possible to // load that file yet as it would cause a fatal error on older versions of PHP. -if (version_compare(PHP_VERSION, '5.3.10') < 0) { - print 'Your PHP installation is too old. Drupal requires at least PHP 5.3.10. See the system requirements page for more information.'; +if (version_compare(PHP_VERSION, '5.4.2') < 0) { + print 'Your PHP installation is too old. Drupal requires at least PHP 5.4.2. See the system requirements page for more information.'; exit; }