open_basedir).
- Fixed bug #39067 (getDeclaringClass() and private properties). (Tony)
- Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty
files). (Ilia)
+- Fixed bug #38934 (move_uploaded_file() cannot read uploaded file outside of
+ open_basedir). (Ilia)
- Fixed bug #38649 (uninit'd optional arg in stream_socket_sendto()). (Sara)
- Fixed bug #38198 (possible crash when COM reports an exception). (Ilia)
- Fixed bug #37262 (var_export() does not escape \0 character). (Ilia)
VCWD_UNLINK(Z_STRVAL_PP(new_path));
if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path)) == 0) {
successful = 1;
- } else
- if (php_copy_file(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path) TSRMLS_CC) == SUCCESS) {
+ } else if (php_copy_file_ex(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path), STREAM_DISABLE_OPEN_BASEDIR TSRMLS_CC) == SUCCESS) {
VCWD_UNLINK(Z_STRVAL_PP(path));
successful = 1;
}
}
/* }}} */
+PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC)
+{
+ return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC);
+}
+
/* {{{ php_copy_file
*/
-PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC)
+PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC)
{
php_stream *srcstream = NULL, *deststream = NULL;
int ret = FAILURE;
}
safe_to_copy:
- srcstream = php_stream_open_wrapper(src, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL);
if (!srcstream) {
return ret;