- Merge: Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak

diff --git a/ext/standard/file.c b/ext/standard/file.c
index a98abce7d08c83b8d97a2a68f2b54cf71d9afc87..45fb2730435f686f59a12dd3f5b5eaca84ae1903 100644 (file)
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -846,6 +846,10 @@ PHP_FUNCTION(tempnam)
                return;
        }
 
+       if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+               RETURN_FALSE;
+       }
+
        if (php_check_open_basedir(dir TSRMLS_CC)) {
                RETURN_FALSE;
        }