From: [EMAIL PROTECTED] Operating system: Linux(RedHat 7.1) PHP version: 4.0.6 PHP Bug Type: Filesystem function related Bug description: tempnam() bypasses security
tempnam() function bypasses open_basedir directive set by php.ini This can be seen f.e. by following code: $tfile=tempnam("/tmp","foobar"); // this is a success regardless of a open_basedir setting $fp=fopen($tfile,"w") // file is already created but fopen() fails if // open_basedir is set, but not to include /tmp -- Edit bug report at http://bugs.php.net/?id=15547&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=15547&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=15547&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=15547&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=15547&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=15547&r=support Expected behavior: http://bugs.php.net/fix.php?id=15547&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=15547&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=15547&r=submittedtwice