[PHP-CVS] svn: /php/php-src/branches/PHP_5_3_1/ext/standard/ file.c

[Pierre-Alain Joye]

pajoye                                   Fri, 09 Oct 2009 14:37:09 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=289421

Log:
- Merge: Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak

Changed paths:
    U   php/php-src/branches/PHP_5_3_1/ext/standard/file.c

Modified: php/php-src/branches/PHP_5_3_1/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_3_1/ext/standard/file.c  2009-10-09 14:34:18 UTC 
(rev 289420)
+++ php/php-src/branches/PHP_5_3_1/ext/standard/file.c  2009-10-09 14:37:09 UTC 
(rev 289421)
@@ -846,6 +846,10 @@
                return;
        }

+       if (PG(safe_mode) &&(!php_checkuid(dir, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+               RETURN_FALSE;
+       }
+
        if (php_check_open_basedir(dir TSRMLS_CC)) {
                RETURN_FALSE;
        }


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php