From 122d3583eebde1291b1295d4ed47bbc47ad41e7c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Johannes=20Schl=C3=BCter?= <johannes@php.net>
Date: Thu, 11 Feb 2010 18:03:57 +0000
Subject: [PATCH] Merge 294882: Fixed safe_mode validation inside tempnam()
 when the directory path does not end (iliaa)

---
 NEWS                | 2 ++
 ext/standard/file.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 48b1a80510..fc0077d410 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@ PHP                                                                        NEWS
   (Ilia)
 - Added stream_resolve_include_path(). (Mikko)
 
+- Fixed safe_mode validation inside tempnam() when the directory path does
+  not end with a /). (Martin Jansen)
 - Fixed a possible open_basedir/safe_mode bypass in session extension
   identified by Grzegorz Stachowiak. (Ilia)
 - Fixed possible crash when a error/warning is raised during php startup.
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 10f2c7961a..704ef1231f 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -836,7 +836,7 @@ PHP_FUNCTION(tempnam)
 		return;
 	}
 
-	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 
-- 
2.40.0