From 3aa751b3060b12891d05a595f198c4cb6f2e6cf4 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 4 Oct 2006 23:20:02 +0000
Subject: [PATCH] MFB: Fixed missing open_basedir check inside chdir()
 function.

---
 NEWS               | 1 +
 ext/standard/dir.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index f4c2b98e35..3bad981dd4 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2006, Version 4.4.5
 - Updated PCRE to version 6.7. (Ilia)
+- Fixed missing open_basedir check inside chdir() function. (Ilia)
 - Fixed bug #38963 (Fixed a possible open_basedir bypass in tempnam()). (Ilia)
 - Fixed bug #38859 (parse_url() fails if passing '@' in passwd). (Tony,Ilia)
 - Fixed bug #38534 (segfault when calling setlocale() in userspace session
diff --git a/ext/standard/dir.c b/ext/standard/dir.c
index 81f05c6b85..e20442bc05 100644
--- a/ext/standard/dir.c
+++ b/ext/standard/dir.c
@@ -275,7 +275,7 @@ PHP_FUNCTION(chdir)
 		RETURN_FALSE;
 	}
 
-	if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+	if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
 	ret = VCWD_CHDIR(str);
-- 
2.50.1