@- Allow access to uploaded files in safe_mode. Beware that you can only

@  read the file. If you copy it to new location the copy will not have the
@  right UID and you script won't be able to access that copy. (Thies)

diff --git a/main/safe_mode.c b/main/safe_mode.c
index d8ae18fa12c06b0501782e8103aa711425b7882d..d677a4897703474ed9e1e0ffde17e87df014ff82 100644 (file)
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -121,6 +121,14 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
        if (duid == (uid=php_getuid())) {
                return 1;
        } else {
+               SLS_FETCH();
+
+               if (SG(rfc1867_uploaded_files)) {
+                       if (zend_hash_exists(SG(rfc1867_uploaded_files),filename,strlen(filename)+1)) {
+                               return 1;
+                       }
+               }
+
                php_error(E_WARNING, "SAFE MODE Restriction in effect.  The script whose uid is %ld is not allowed to access %s owned by uid %ld", uid, filename, duid);
                return 0;
        }