From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 21 Jan 2004 02:33:22 +0000 (+0000)
Subject: MFH: Fixed bug #26974 (rename() doesn't check the destination file against
X-Git-Tag: php-4.3.5RC2~56
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bfc284dfb58c2ae4b2d4de8686e14c78f01951b2;p=php

MFH: Fixed bug #26974 (rename() doesn't check the destination file against
safe_mode/open_basedir).
---

diff --git a/NEWS b/NEWS
index 62b40a2a7f..817fbdda3f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Jan 2004, Version 4.3.5
+- Fixed bug #26974 (rename() doesn't check the destination file against 
+  safe_mode/open_basedir). (Ilia)
 - Fixed bug #26969 (--with-openssl=shared build fails). (Jani)
 - Fixed bug #26949 (rand(min,max) always returns min when ZTS enabled). (Jani)
 - Fixed bug #26937 (Warning in xml.c). (Jani)
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 067d0cc78e..a8f660fcd0 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1899,11 +1899,12 @@ PHP_FUNCTION(rename)
 	old_name = Z_STRVAL_PP(old_arg);
 	new_name = Z_STRVAL_PP(new_arg);
 
-	if (PG(safe_mode) &&(!php_checkuid(old_name, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+	if (PG(safe_mode) && (!php_checkuid(old_name, NULL, CHECKUID_CHECK_FILE_AND_DIR) ||
+				!php_checkuid(new_name, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 
-	if (php_check_open_basedir(old_name TSRMLS_CC)) {
+	if (php_check_open_basedir(old_name TSRMLS_CC) || php_check_open_basedir(new_name TSRMLS_CC)) {
 		RETURN_FALSE;
 	}