From: Thies C. Arntzen Date: Tue, 9 Jan 2001 11:58:57 +0000 (+0000) Subject: @- Allow access to uploaded files in safe_mode. Beware that you can only X-Git-Tag: php-4.0.5RC1~653 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0719e7e0061068e60d54d77088bdc9aff9bd170c;p=php @- Allow access to uploaded files in safe_mode. Beware that you can only @ read the file. If you copy it to new location the copy will not have the @ right UID and you script won't be able to access that copy. (Thies) --- diff --git a/main/safe_mode.c b/main/safe_mode.c index d8ae18fa12..d677a48977 100644 --- a/main/safe_mode.c +++ b/main/safe_mode.c @@ -121,6 +121,14 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) if (duid == (uid=php_getuid())) { return 1; } else { + SLS_FETCH(); + + if (SG(rfc1867_uploaded_files)) { + if (zend_hash_exists(SG(rfc1867_uploaded_files),filename,strlen(filename)+1)) { + return 1; + } + } + php_error(E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", uid, filename, duid); return 0; }