From 16fb63384c1da5a132468670f83fbcc8fc7aa99d Mon Sep 17 00:00:00 2001
From: Felipe Pena <felipe@php.net>
Date: Mon, 21 Jul 2008 19:34:45 +0000
Subject: [PATCH] - MFB: Fixed securities issue detailed in CVE-2008-2665 and
 CVE-2008-2666.   (patch by Christian Hoffmann)

---
 NEWS             | 3 +++
 main/safe_mode.c | 8 --------
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/NEWS b/NEWS
index bd6b44deed..8071e64208 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2008, PHP 5.2.7
+- Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666.
+  (Christian Hoffmann)
+
 - Reverted fix for bug #44197 due to change in behaviour in minor version.
   (Felipe)
 
diff --git a/main/safe_mode.c b/main/safe_mode.c
index b791351c3b..d9d1a4f02b 100644
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -73,14 +73,6 @@ PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mod
 			mode = CHECKUID_CHECK_FILE_AND_DIR;
 		}
 	}
-
-	/* 
-	 * If given filepath is a URL, allow - safe mode stuff
-	 * related to URL's is checked in individual functions
-	 */
-	wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
-	if (wrapper != NULL)
-		return 1;
 		
 	/* First we see if the file is owned by the same user...
 	 * If that fails, passthrough and check directory...
-- 
2.50.1