From: Pierre Joye <pajoye@php.net>
Date: Fri, 9 Oct 2009 14:37:09 +0000 (+0000)
Subject: - Merge: Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak
X-Git-Tag: php-5.3.1RC2~53
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=83d52ff5e9856e9262b364e059c7ac9dde5b7bb6;p=php

- Merge: Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak
---

diff --git a/ext/standard/file.c b/ext/standard/file.c
index a98abce7d0..45fb273043 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -846,6 +846,10 @@ PHP_FUNCTION(tempnam)
 		return;
 	}
 
+	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+		RETURN_FALSE;
+	}
+
 	if (php_check_open_basedir(dir TSRMLS_CC)) {
 		RETURN_FALSE;
 	}