From: Dmitry Stogov <dmitry@php.net>
Date: Mon, 22 Oct 2007 07:37:20 +0000 (+0000)
Subject: Fixed move_uploaded_file() to always set file permissions of resulting file according... 
X-Git-Tag: php-5.2.5RC2~36
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=992673660559f44e46729ed4b2782cb713eef7d3;p=php

Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK (Andrew Sitnikov)
---

diff --git a/NEWS b/NEWS
index fa0ae400ad..6da4bb742a 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,8 @@ PHP                                                                        NEWS
   array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and
   array_udiff_assoc(). (Dmitry)
 
+- Fixed move_uploaded_file() to set file permissions of resulting file
+  according to UMASK (Andrew Sitnikov)
 - Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)
 - Fixed regression in glob() when enforcing safe_mode/open_basedir checks on
   paths containing '*'. (Ilia)
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index 4eb5a923aa..e58e8d51eb 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -50,6 +50,11 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE;
 #include <time.h>
 #include <stdio.h>
 
+#ifndef PHP_WIN32 
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+
 #ifdef NETWARE
 #include <netinet/in.h>
 #endif
@@ -6075,6 +6080,10 @@ PHP_FUNCTION(move_uploaded_file)
 	zval **path, **new_path;
 	zend_bool successful = 0;
 
+#ifndef PHP_WIN32
+	int oldmask; int ret;
+#endif
+
 	if (!SG(rfc1867_uploaded_files)) {
 		RETURN_FALSE;
 	}
@@ -6100,6 +6109,16 @@ PHP_FUNCTION(move_uploaded_file)
 	VCWD_UNLINK(Z_STRVAL_PP(new_path));
 	if (VCWD_RENAME(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path)) == 0) {
 		successful = 1;
+#ifndef PHP_WIN32
+		oldmask = umask(077);
+		umask(oldmask);
+
+		ret = VCWD_CHMOD(Z_STRVAL_PP(new_path), 0666 & ~oldmask);
+
+		if (ret == -1) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", strerror(errno));
+		}
+#endif
 	} else if (php_copy_file_ex(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path), STREAM_DISABLE_OPEN_BASEDIR TSRMLS_CC) == SUCCESS) {
 		VCWD_UNLINK(Z_STRVAL_PP(path));
 		successful = 1;