archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed safe_mode validation inside tempnam() when the directory path does not end with a /).

Browse source
This commit is contained in:
Ilia Alshanetsky 2010-02-11 12:32:21 +00:00
parent e2b9a01e70
commit ad9bbf26ab
2 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -15,6 +15,8 @@ PHP NEWS
- Added stream filter support to mcrypt extension (ported from
mcrypt_filter). (Stas)
- Fixed safe_mode validation inside tempnam() when the directory path does
not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
- Fixed possible crash when a error/warning is raised during php startup.

2
ext/standard/file.c
View file

@ -836,7 +836,7 @@ PHP_FUNCTION(tempnam)
return;
}
if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}