MFB: Fixed bug #43276 (Incomplete fix for bug #42739, mkdir() under

safe_mode).

diff --git a/NEWS b/NEWS
index cfccaeef36da50f898361a2b76cbb5803eac1ca4..142edb032beeaf8ed638df1d7204e7a93bd236df 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ PHP                                                                        NEWS
 - Fixed bug #43293 (Multiple segfaults in getopt()). (Hannes)
 - Fixed bug #43279 (pg_send_query_params() converts all elements in 'params' 
   to strings). (Ilia)
+- Fixed bug #43276 (Incomplete fix for bug #42739, mkdir() under safe_mode).
+  (Ilia)
 - Fixed bug #43248 (backward compatibility break in realpath()). (Dmitry)
 - Fixed bug #43221 (SimpleXML adding default namespace in addAttribute). (Rob)
 - Fixed bug #43216 (stream_is_local() returns false on "file://"). (Dmitry)

diff --git a/main/safe_mode.c b/main/safe_mode.c
index 97c7613ddef8e5e3fe847ffc1e3dfccdcf7304ce..e14ba189f99156368915451bfa901c886465644c 100644 (file)
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -122,10 +122,17 @@ PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mod
 
                /* Trim off filename */
                if ((s = strrchr(path, DEFAULT_SLASH))) {
-                       if (s == path)
-                               path[1] = '\0';
-                       else
+                       if (*(s + 1) == '\0' && s != path) { /* make sure that the / is not the last character */
                                *s = '\0';
+                               s = strrchr(path, DEFAULT_SLASH);
+                       }
+                       if (s) {
+                               if (s == path) {
+                                       path[1] = '\0';
+                               } else {
+                                       *s = '\0';
+                               }
+                       }
                }
        } else { /* CHECKUID_ALLOW_ONLY_DIR */
                s = strrchr(filename, DEFAULT_SLASH);