From cb3033080017e05ae7843859f993517252e67e31 Mon Sep 17 00:00:00 2001
From: Kalle Sommer Nielsen <kalle@php.net>
Date: Mon, 26 Apr 2010 23:55:03 +0000
Subject: [PATCH] Merge safe_mode changes into extensions that are in sync in
 both branches

---
 ext/enchant/enchant.c                          |  4 ++++
 ext/fileinfo/fileinfo.c                        | 13 ++++++++++---
 ext/fileinfo/libmagic.patch                    | 18 +++++++++---------
 ext/fileinfo/libmagic/apprentice.c             |  6 +++---
 ext/fileinfo/libmagic/cdf.c                    |  2 +-
 ext/fileinfo/libmagic/cdf.h                    |  2 +-
 ext/fileinfo/libmagic/magic.c                  |  2 +-
 ext/fileinfo/libmagic/readcdf.c                |  2 +-
 ext/mysql/php_mysql.c                          |  4 ++++
 .../mysql_query_load_data_openbasedir.phpt     |  1 -
 ext/mysqli/mysqli_api.c                        |  4 ++++
 ext/mysqlnd/mysqlnd_net.c                      |  4 ++++
 ext/pdo_mysql/mysql_driver.c                   |  2 +-
 ext/phar/phar.c                                |  6 +++---
 ext/phar/phar_object.c                         | 16 ++++++++++------
 ext/phar/util.c                                |  4 ++--
 ext/sqlite3/sqlite3.c                          | 12 +++++++++++-
 ext/sqlite3/tests/sqlite3_21_security.phpt     |  2 +-
 ext/zip/php_zip.c                              | 16 ++++++++--------
 ext/zip/php_zip.h                              |  8 ++++----
 ext/zip/zip_stream.c                           |  4 ++--
 21 files changed, 84 insertions(+), 48 deletions(-)

diff --git a/ext/enchant/enchant.c b/ext/enchant/enchant.c
index e415019b86..04852e1663 100755
--- a/ext/enchant/enchant.c
+++ b/ext/enchant/enchant.c
@@ -587,7 +587,11 @@ PHP_FUNCTION(enchant_broker_request_pwl_dict)
 		RETURN_FALSE;
 	}
 
+#if PHP_API_VERSION < 20100412
 	if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) {
+#else
+	if (php_check_open_basedir(pwl TSRMLS_CC)) {
+#endif
 		RETURN_FALSE;
 	}
 
diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c
index 443129bd91..75862e7e52 100644
--- a/ext/fileinfo/fileinfo.c
+++ b/ext/fileinfo/fileinfo.c
@@ -167,7 +167,7 @@ ZEND_END_ARG_INFO()
 
 /* {{{ finfo_class_functions
  */
-function_entry finfo_class_functions[] = {
+zend_function_entry finfo_class_functions[] = {
 	ZEND_ME_MAPPING(finfo,          finfo_open,     arginfo_finfo_open, ZEND_ACC_PUBLIC)
 	ZEND_ME_MAPPING(set_flags,      finfo_set_flags,arginfo_finfo_method_set_flags, ZEND_ACC_PUBLIC)
 	ZEND_ME_MAPPING(file,           finfo_file,     arginfo_finfo_method_file, ZEND_ACC_PUBLIC)
@@ -201,7 +201,7 @@ void finfo_resource_destructor(zend_rsrc_list_entry *rsrc TSRMLS_DC) /* {{{ */
 
 /* {{{ fileinfo_functions[]
  */
-function_entry fileinfo_functions[] = {
+zend_function_entry fileinfo_functions[] = {
 	PHP_FE(finfo_open,		arginfo_finfo_open)
 	PHP_FE(finfo_close,		arginfo_finfo_close)
 	PHP_FE(finfo_set_flags,	arginfo_finfo_set_flags)
@@ -297,7 +297,11 @@ PHP_FUNCTION(finfo_open)
 		}
 		file = resolved_path;
 
+#if PHP_API_VERSION < 20100412
 		if ((PG(safe_mode) && (!php_checkuid(file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file TSRMLS_CC)) {
+#else
+		if (php_check_open_basedir(file TSRMLS_CC)) {
+#endif
 			RETURN_FALSE;
 		}
 	}
@@ -492,8 +496,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime
 
 			if (wrap) {
 				php_stream_context *context = php_stream_context_from_zval(zcontext, 0);
-
+#if PHP_API_VERSION < 20100412
 				php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+#else
+				php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context);
+#endif
 
 				if (!stream) {
 					RETVAL_FALSE;
diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch
index dc8e03fd17..276bb011c5 100644
--- a/ext/fileinfo/libmagic.patch
+++ b/ext/fileinfo/libmagic.patch
@@ -257,7 +257,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
 +
 +	TSRMLS_FETCH();
 +
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
 +	stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 +#else
 +	stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@@ -490,7 +490,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
  		goto error2;
  
 -	if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1)
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
 +		stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 +#else
 +		stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@@ -647,7 +647,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
  
 -	if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) {
 +/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
 +	stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 +#else
 +	stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL);
@@ -799,7 +799,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c
  			break;
  		case CDF_FILETIME:
  			tp = info[i].pi_tp;
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
++#if defined(PHP_WIN32) && _MSC_VER <= 1500
 +		if (tp < 1000000000000000i64) {
 +#else
  			if (tp < 1000000000000000LL) {
@@ -822,7 +822,7 @@ diff -u libmagic.orig/cdf.h libmagic/cdf.h
  typedef struct {
  	uint64_t	h_magic;
 -#define CDF_MAGIC	0xE11AB1A1E011CFD0LL
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
++#if defined(PHP_WIN32) && _MSC_VER <= 1500
 +# define CDF_MAGIC	0xE11AB1A1E011CFD0i64
 +#else
 +# define CDF_MAGIC	0xE11AB1A1E011CFD0LL
@@ -2019,7 +2019,7 @@ diff -u libmagic.orig/magic.c libmagic/magic.c
 +
 +	if (!stream && inname) {
 +		no_in_stream = 1;
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
 +		stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 +#else
 +		stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL);
@@ -2392,7 +2392,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c
  		case CDF_FILETIME:
  			tp = info[i].pi_tp;
  			if (tp != 0) {
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
++#if defined(PHP_WIN32) && _MSC_VER <= 1500
 +				if (tp < 1000000000000000i64) {
 +#else
  				if (tp < 1000000000000000LL) {
@@ -2773,7 +2773,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
 +		
 +		convert_libmagic_pattern(pattern, options);
 +		
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
 +		if ((pce = pcre_get_compiled_regex_cache(Z_STRVAL_P(pattern), Z_STRLEN_P(pattern) TSRMLS_CC)) == NULL) {
  #else
 -			pmatch[0].rm_so = 0;
@@ -2800,7 +2800,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
 +			haystack = estrndup(ms->search.s, ms->search.s_len);
 +
 +			/* match v = 0, no match v = 1 */
-+#if (PHP_MAJOR_VERSION < 6)
++#if PHP_API_VERSION < 20100412
 +			php_pcre_match_impl(pce, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC);
 +#else			
 +			php_pcre_match_impl(pce, IS_STRING, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC);
diff --git a/ext/fileinfo/libmagic/apprentice.c b/ext/fileinfo/libmagic/apprentice.c
index ffa2cb529c..53fa8d5a14 100644
--- a/ext/fileinfo/libmagic/apprentice.c
+++ b/ext/fileinfo/libmagic/apprentice.c
@@ -597,7 +597,7 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs,
 
 	TSRMLS_FETCH();
 
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 	stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 	stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@@ -2041,7 +2041,7 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
 	if (dbname == NULL)
 		goto error2;
 
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 		stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 		stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@@ -2165,7 +2165,7 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp,
 	}
 
 /* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 	stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 	stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL);
diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c
index a3b4a11fc0..a3f7022085 100644
--- a/ext/fileinfo/libmagic/cdf.c
+++ b/ext/fileinfo/libmagic/cdf.c
@@ -1131,7 +1131,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count)
 			break;
 		case CDF_FILETIME:
 			tp = info[i].pi_tp;
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 		if (tp < 1000000000000000i64) {
 #else
 			if (tp < 1000000000000000LL) {
diff --git a/ext/fileinfo/libmagic/cdf.h b/ext/fileinfo/libmagic/cdf.h
index 1fa69cfebf..c056a82100 100644
--- a/ext/fileinfo/libmagic/cdf.h
+++ b/ext/fileinfo/libmagic/cdf.h
@@ -42,7 +42,7 @@ typedef int32_t cdf_secid_t;
 
 typedef struct {
 	uint64_t	h_magic;
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 # define CDF_MAGIC	0xE11AB1A1E011CFD0i64
 #else
 # define CDF_MAGIC	0xE11AB1A1E011CFD0LL
diff --git a/ext/fileinfo/libmagic/magic.c b/ext/fileinfo/libmagic/magic.c
index 849896bc83..a8bf6d8880 100644
--- a/ext/fileinfo/libmagic/magic.c
+++ b/ext/fileinfo/libmagic/magic.c
@@ -290,7 +290,7 @@ file_or_stream(struct magic_set *ms, const char *inname, php_stream *stream)
 
 	if (!stream && inname) {
 		no_in_stream = 1;
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 		stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 		stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL);
diff --git a/ext/fileinfo/libmagic/readcdf.c b/ext/fileinfo/libmagic/readcdf.c
index 56d6504039..117dc786ff 100644
--- a/ext/fileinfo/libmagic/readcdf.c
+++ b/ext/fileinfo/libmagic/readcdf.c
@@ -110,7 +110,7 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info,
 		case CDF_FILETIME:
 			tp = info[i].pi_tp;
 			if (tp != 0) {
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 				if (tp < 1000000000000000i64) {
 #else
 				if (tp < 1000000000000000LL) {
diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c
index 2c3085fd82..b948fd2158 100644
--- a/ext/mysql/php_mysql.c
+++ b/ext/mysql/php_mysql.c
@@ -664,7 +664,11 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 		}
 
 		/* disable local infile option for open_basedir */
+#if PHP_API_VERSION < 20100412
 		if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
+#else
+		if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') && (client_flags & CLIENT_LOCAL_FILES)) {
+#endif
 			client_flags ^= CLIENT_LOCAL_FILES;
 		}
 
diff --git a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
index a257f5fb81..ff62f4227e 100644
--- a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
+++ b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
@@ -26,7 +26,6 @@ if ($socket == "" && $host != NULL && $host != 'localhost' && $host != '.') {
 }
 ?>
 --INI--
-safe_mode=0
 open_basedir="."
 --FILE--
 <?php
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 556b26690f..bd2cdcb0cf 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -1674,7 +1674,11 @@ PHP_FUNCTION(mysqli_options)
 	}
 	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
 
+#if PHP_API_VERSION < 20100412
 	if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
+#else
+	if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
+#endif
 		if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
 			RETURN_FALSE;
 		}
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index 4ade74b7d5..2859c783ba 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -102,7 +102,11 @@ MYSQLND_METHOD(mysqlnd_net, network_write)(MYSQLND * const conn, const zend_ucha
 static enum_func_status
 MYSQLND_METHOD(mysqlnd_net, connect)(MYSQLND_NET * net, const char * const scheme, size_t scheme_len, zend_bool persistent, char **errstr, int * errcode TSRMLS_DC)
 {
+#if PHP_API_VERSION < 20100412
 	unsigned int streams_options = ENFORCE_SAFE_MODE;
+#else
+	unsigned int streams_options = 0;
+#endif
 	unsigned int streams_flags = STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT;
 	char * hashed_details = NULL;
 	int hashed_details_len = 0;
diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c
index 1bb6d2a74f..be500da886 100755
--- a/ext/pdo_mysql/mysql_driver.c
+++ b/ext/pdo_mysql/mysql_driver.c
@@ -649,7 +649,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 			goto cleanup;
 		}
 
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 		if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
 #else
 		if (PG(open_basedir) && PG(open_basedir)[0] != '\0') 
diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index f76735089a..770f1ceffe 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1327,7 +1327,7 @@ int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int a
 	if (!pphar) {
 		pphar = &mydata;
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		return FAILURE;
 	}
@@ -1491,7 +1491,7 @@ int phar_open_from_filename(char *fname, int fname_len, char *alias, int alias_l
 	} else if (error && *error) {
 		return FAILURE;
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		return FAILURE;
 	}
@@ -2359,7 +2359,7 @@ int phar_open_executed_filename(char *alias, int alias_len, char **error TSRMLS_
 
 	FREE_ZVAL(halt_constant);
 
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		return FAILURE;
 	}
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 41ae46c215..9b534dc25e 100755
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1754,7 +1754,7 @@ phar_spl_fileinfo:
 			return ZEND_HASH_APPLY_STOP;
 		}
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "Iterator %v returned a path \"%s\" that safe mode prevents opening", ce->name, fname);
 
@@ -3943,7 +3943,7 @@ PHP_METHOD(Phar, addFile)
 		return;
 	}
 
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, safe_mode restrictions prevent this", fname);
 		return;
@@ -4187,11 +4187,11 @@ PHP_METHOD(Phar, delMetadata)
 	}
 }
 /* }}} */
-#if (PHP_MAJOR_VERSION < 6)
-#define OPENBASEDIR_CHECKPATH(filename) \
+#if PHP_API_VERSION < 20100412
+#define PHAR_OPENBASEDIR_CHECKPATH(filename) \
 	(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
 #else
-#define OPENBASEDIR_CHECKPATH(filename) \
+#define PHAR_OPENBASEDIR_CHECKPATH(filename) \
 	php_check_open_basedir(filename TSRMLS_CC)
 #endif
 
@@ -4235,7 +4235,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
 		return FAILURE;
 	}
 
-	if (OPENBASEDIR_CHECKPATH(fullpath)) {
+	if (PHAR_OPENBASEDIR_CHECKPATH(fullpath)) {
 		spprintf(error, 4096, "Cannot extract \"%s\" to \"%s\", openbasedir/safe mode restrictions in effect", entry->filename, fullpath);
 		efree(fullpath);
 		return FAILURE;
@@ -4285,7 +4285,11 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
 		return SUCCESS;
 	}
 
+#if PHP_API_VERSION < 20100412
 	fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+#else
+	fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
+#endif
 
 	if (!fp) {
 		spprintf(error, 4096, "Cannot extract \"%s\", could not open for writing \"%s\"", entry->filename, fullpath);
diff --git a/ext/phar/util.c b/ext/phar/util.c
index 0aa2bd7bb9..985d9ac541 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -201,7 +201,7 @@ int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len,
 			entry.tmp = estrndup(filename, filename_len);
 		}
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && !is_phar && (!php_checkuid(entry.tmp, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		efree(entry.tmp);
 		efree(entry.filename);
@@ -850,7 +850,7 @@ int phar_open_archive_fp(phar_archive_data *phar TSRMLS_DC) /* {{{ */
 	if (phar_get_pharfp(phar TSRMLS_CC)) {
 		return SUCCESS;
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(phar->fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		return FAILURE;
 	}
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 7f7bbe9a95..00364b0dd4 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -120,11 +120,13 @@ PHP_METHOD(sqlite3, open)
 			return;
 		}
 
+#if PHP_API_VERSION < 20100412
 		if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "safe_mode prohibits opening %s", fullpath);
 			efree(fullpath);
 			return;
 		}
+#endif
 
 		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 			zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "open_basedir prohibits opening %s", fullpath);
@@ -158,7 +160,11 @@ PHP_METHOD(sqlite3, open)
 	}
 #endif
 
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+#else
+	if (PG(open_basedir) && *PG(open_basedir)) {
+#endif
 		sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL);
 	}
 
@@ -1779,14 +1785,18 @@ static zend_function_entry php_sqlite3_result_class_methods[] = {
 */
 static int php_sqlite3_authorizer(void *autharg, int access_type, const char *arg3, const char *arg4, const char *arg5, const char *arg6)
 {
-	TSRMLS_FETCH();
 	switch (access_type) {
 		case SQLITE_ATTACH:
 		{
 			if (strncmp(arg3, ":memory:", sizeof(":memory:")-1)) {
+				TSRMLS_FETCH();
+
+#if PHP_API_VERSION < 20100412
 				if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 					return SQLITE_DENY;
 				}
+#endif
+
 				if (php_check_open_basedir(arg3 TSRMLS_CC)) {
 					return SQLITE_DENY;
 				}
diff --git a/ext/sqlite3/tests/sqlite3_21_security.phpt b/ext/sqlite3/tests/sqlite3_21_security.phpt
index 5061a595c3..7e83bb23e1 100644
--- a/ext/sqlite3/tests/sqlite3_21_security.phpt
+++ b/ext/sqlite3/tests/sqlite3_21_security.phpt
@@ -1,5 +1,5 @@
 --TEST--
-SQLite3 open_basedir / safe_mode checks
+SQLite3 open_basedir checks
 --SKIPIF--
 <?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
 --INI--
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 6de4f629f6..cbfc0d938f 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -184,7 +184,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 
 		php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
 
-		if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
+		if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
 			efree(file_dirname_fullpath);
 			efree(file_basename);
 			free(new_state.cwd);
@@ -238,7 +238,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 	 * is required, does a file can have a different
 	 * safemode status as its parent folder?
 	 */
-	if (OPENBASEDIR_CHECKPATH(fullpath)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(fullpath)) {
 		efree(fullpath);
 		efree(file_dirname_fullpath);
 		efree(file_basename);
@@ -255,7 +255,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 		return 0;
 	}
 
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
@@ -288,7 +288,7 @@ static int php_zip_add_file(struct zip *za, const char *filename, int filename_l
 	char resolved_path[MAXPATHLEN];
 
 
-	if (OPENBASEDIR_CHECKPATH(filename)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 		return -1;
 	}
 
@@ -530,7 +530,7 @@ int php_zip_glob(char *pattern, int pattern_len, long flags, zval *return_value
 	/* we assume that any glob pattern will match files from one directory only
 	   so checking the dirname of the first match should be sufficient */
 	strncpy(cwd, globbuf.gl_pathv[0], MAXPATHLEN);
-	if (OPENBASEDIR_CHECKPATH(cwd)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(cwd)) {
 		return -1;
 	}
 
@@ -592,7 +592,7 @@ int php_zip_pcre(char *regexp, int regexp_len, char *path, int path_len, zval *r
 	} 
 #endif
 
-	if (OPENBASEDIR_CHECKPATH(path)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(path)) {
 		return -1;
 	}
 
@@ -1148,7 +1148,7 @@ static PHP_NAMED_FUNCTION(zif_zip_open)
 		RETURN_FALSE;
 	}
 
-	if (OPENBASEDIR_CHECKPATH(filename)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 		RETURN_FALSE;
 	}
 
@@ -1437,7 +1437,7 @@ static ZIPARCHIVE_METHOD(open)
 		RETURN_FALSE;
 	}
 
-	if (OPENBASEDIR_CHECKPATH(filename)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 		RETURN_FALSE;
 	}
 
diff --git a/ext/zip/php_zip.h b/ext/zip/php_zip.h
index ac39a9ac85..1d5f9b358a 100644
--- a/ext/zip/php_zip.h
+++ b/ext/zip/php_zip.h
@@ -43,12 +43,12 @@ extern zend_module_entry zip_module_entry;
 # endif
 #endif
 
-/* {{{ OPENBASEDIR_CHECKPATH(filename) */
-#if (PHP_MAJOR_VERSION < 6)
-# define OPENBASEDIR_CHECKPATH(filename) \
+/* {{{ ZIP_OPENBASEDIR_CHECKPATH(filename) */
+#if PHP_API_VERSION < 20100412
+# define ZIP_OPENBASEDIR_CHECKPATH(filename) \
 	(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
 #else
-#define OPENBASEDIR_CHECKPATH(filename) \
+#define ZIP_OPENBASEDIR_CHECKPATH(filename) \
 	php_check_open_basedir(filename TSRMLS_CC)
 #endif
 /* }}} */
diff --git a/ext/zip/zip_stream.c b/ext/zip/zip_stream.c
index bb676efb49..c535dd4f09 100644
--- a/ext/zip/zip_stream.c
+++ b/ext/zip/zip_stream.c
@@ -120,7 +120,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D
 	}
 
 	if (filename) {
-		if (OPENBASEDIR_CHECKPATH(filename)) {
+		if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 			return NULL;
 		}
 
@@ -201,7 +201,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper,
 	php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
 	fragment++;
 
-	if (OPENBASEDIR_CHECKPATH(file_dirname)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname)) {
 		efree(file_basename);
 		return NULL;
 	}
-- 
2.40.0