From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 11 Feb 2010 12:32:21 +0000 (+0000)
Subject: Fixed safe_mode validation inside tempnam() when the directory path does not end... 
X-Git-Tag: php-5.4.0alpha1~307
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ad9bbf26abda3304f5658b0656d1ef6bc365a28a;p=php

Fixed safe_mode validation inside tempnam() when the directory path does not end with a /).
---

diff --git a/NEWS b/NEWS
index 63ae97d272..f82d1f19f7 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,8 @@ PHP                                                                        NEWS
 - Added stream filter support to mcrypt extension (ported from 
   mcrypt_filter). (Stas)
 
+- Fixed safe_mode validation inside tempnam() when the directory path does
+  not end with a /). (Martin Jansen)
 - Fixed a possible open_basedir/safe_mode bypass in session extension
   identified by Grzegorz Stachowiak. (Ilia)
 - Fixed possible crash when a error/warning is raised during php startup.
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 10f2c7961a..704ef1231f 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -836,7 +836,7 @@ PHP_FUNCTION(tempnam)
 		return;
 	}
 
-	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}