From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 11 Feb 2010 12:32:21 +0000 (+0000)
Subject: Fixed safe_mode validation inside tempnam() when the directory path does not end... 
X-Git-Tag: php-5.2.13RC2~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=76c6534e65f4f2342e20d955c9d9700ca0cbd4fc;p=php

Fixed safe_mode validation inside tempnam() when the directory path does not end with a /).
---

diff --git a/NEWS b/NEWS
index 536fb98669..640ec8324e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? Feb 2010, PHP 5.2.13
+11 Feb 2010, PHP 5.2.13RC2
 - Downgrade bundled PCRE to version 7.9. (Ilia)
+- Fixed safe_mode validation inside tempnam() when the directory path does
+  not end with a /). (Martin Jansen)
 - Fixed a possible open_basedir/safe_mode bypass in session extension
   identified by Grzegorz Stachowiak. (Ilia)
 
diff --git a/ext/standard/file.c b/ext/standard/file.c
index c0bc477832..6fd1a4d960 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -828,7 +828,7 @@ PHP_FUNCTION(tempnam)
 	convert_to_string_ex(arg1);
 	convert_to_string_ex(arg2);
 
-	if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+	if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}