From: Rasmus Lerdorf Date: Tue, 29 Sep 2009 14:14:02 +0000 (+0000) Subject: Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. X-Git-Tag: php-5.2.12RC1~95 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bbd230d119f4d2341da5f68719c797f50f3ad45a;p=php Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. --- diff --git a/NEWS b/NEWS index b39684f1d5..0295fa30a9 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 20??, PHP 5.2.12 +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. + (Rasmus) +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz + Stachowiak. (Rasmus) - Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus) - Fixed bug #49647 (DOMUserData does not exist). (Rob) - Fixed bug #49630 (imap_listscan function missing). (Felipe) diff --git a/ext/standard/file.c b/ext/standard/file.c index c7fc97ce15..9dcb4ca01d 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -838,6 +838,10 @@ PHP_FUNCTION(tempnam) convert_to_string_ex(arg1); convert_to_string_ex(arg2); + if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + RETURN_FALSE; + } + if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) { RETURN_FALSE; }