Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.

author: Rasmus Lerdorf <rasmus@php.net> 2009-09-29 14:14:02 +0000
committer: Rasmus Lerdorf <rasmus@php.net> 2009-09-29 14:14:02 +0000
commit: 80bdbc8f66134c206d441edb765b5eb86234f135 (patch)
tree: 8909eef5e9cb0139dcc8ecfa3f54f5ab9a37df25
parent: 8c15aa23147b432491c98e00e4488cb057ceecf2 (diff)
download: php-git-80bdbc8f66134c206d441edb765b5eb86234f135.tar.gz
2 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e5101fa953..dec1150d5e 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,10 @@
 - Implemented FR #49253 (added support for libcurl's CERTINFO option).
   (Linus Nielsen Feltzing <linus@haxx.se>)
   
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.  
+  (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz 
+  Stachowiak.  (Rasmus)
 - Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
 - Fixed bug #49647 (DOMUserData does not exist). (Rob)
 - Fixed bug #49630 (imap_listscan function missing). (Felipe)
diff --git a/ext/standard/file.c b/ext/standard/file.c
index afaae796da..387bbc3220 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -846,6 +846,10 @@ PHP_FUNCTION(tempnam)
 		return;
 	}
 
+	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+		RETURN_FALSE;
+	}
+
 	if (php_check_open_basedir(dir TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
author	Rasmus Lerdorf <rasmus@php.net>	2009-09-29 14:14:02 +0000
committer	Rasmus Lerdorf <rasmus@php.net>	2009-09-29 14:14:02 +0000
commit	80bdbc8f66134c206d441edb765b5eb86234f135 (patch)
tree	8909eef5e9cb0139dcc8ecfa3f54f5ab9a37df25
parent	8c15aa23147b432491c98e00e4488cb057ceecf2 (diff)
download	php-git-80bdbc8f66134c206d441edb765b5eb86234f135.tar.gz