Removed safe_mode

* Removed ini options, safe_mode* * Removed --enable-safe-mode --with-exec-dir configure options on Unix * Updated extensions, SAPI's and core * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
2025-08-15 21:48:51 +02:00 · 2010-04-26 23:53:30 +00:00 · 2010-04-26 23:53:30 +00:00 · dd8e59da8f
commit dd8e59da8f
parent 3c78ad763e
123 changed files with 418 additions and 1461 deletions
--- a/8
+++ b/8
@ -1584,15 +1584,11 @@ Running PHP as an Apache module
   Example 6-2. Apache configuration example
 <IfModule mod_php5.c>
  php_value include_path ".:/usr/local/lib/php"
-  php_admin_flag safe_mode on
+  php_admin_flag engine on
 </IfModule>
 <IfModule mod_php4.c>
  php_value include_path ".:/usr/local/lib/php"
-  php_admin_flag safe_mode on
+  php_admin_flag engine on
 </IfModule>
 <IfModule mod_php3.c>
  php3_include_path ".:/usr/local/lib/php"
  php3_safe_mode on
 </IfModule>
   Caution
--- a/Makefile.gcov
+++ b/Makefile.gcov
@ -13,13 +13,13 @@ lcov-test: all
 		TEST_PHP_EXECUTABLE=$(PHP_EXECUTABLE) \
 		TEST_PHP_SRCDIR=$(top_srcdir) \
 		CC="$(CC)" \
-			$(PHP_EXECUTABLE) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \
+			$(PHP_EXECUTABLE) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php -d 'extension_dir=modules/' -d `( . $(PHP_MODULES) ; echo extension=$$dlname)` tests/; \
 	elif test ! -z "$(SAPI_CLI_PATH)" && test -x "$(SAPI_CLI_PATH)"; then \
 		NO_INTERACTION=1 \
 		TEST_PHP_EXECUTABLE=$(top_builddir)/$(SAPI_CLI_PATH) \
 		TEST_PHP_SRCDIR=$(top_srcdir) \
 		CC="$(CC)" \
-			$(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'safe_mode=0' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \
+			$(top_builddir)/$(SAPI_CLI_PATH) -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' $(top_srcdir)/run-tests.php $(TESTS); \
 	else \
 		echo "ERROR: Cannot run tests without CLI sapi."; \
 	fi
--- a/Makefile.global
+++ b/Makefile.global
@ -79,7 +79,7 @@ PHP_TEST_SHARED_EXTENSIONS =  ` \
 			. $$i; $(top_srcdir)/build/shtool echo -n -- " -d $(ZEND_EXT_TYPE)=$(top_builddir)/modules/$$dlname"; \
 		done; \
 	fi`
-PHP_DEPRECATED_DIRECTIVES_REGEX = '^(safe_mode|magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*='
+PHP_DEPRECATED_DIRECTIVES_REGEX = '^(magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*='
 test: all
 	-@if test ! -z "$(PHP_EXECUTABLE)" && test -x "$(PHP_EXECUTABLE)"; then \
--- a/3
+++ b/3
@ -35,12 +35,13 @@
  is present at compile time. (Rasmus)
 - Removed legacy features:
  . allow_call_time_pass_reference. (Pierrick)
  . define_syslog_variables ini option and its associated function. (Kalle)
  . highlight.bg ini option. (Kalle)
  . import_request_variables(). (Kalle)
  . register_globals. (Kalle)
  . allow_call_time_pass_reference. (Pierrick)
  . register_long_arrays ini option. (Kalle)
  . Safe mode. (Kalle)
  . Session bug compatibility mode (session.bug_compat42 and 
    session.bug_compat_warn ini options). (Kalle)
  . session_is_registered(), session_register() and session_unregister() 
--- a/configure.in
+++ b/configure.in
@ -820,28 +820,6 @@ AC_MSG_RESULT([$PHP_CONFIG_FILE_SCAN_DIR])
 test -n "$DEBUG_CFLAGS" && CFLAGS="$CFLAGS $DEBUG_CFLAGS"
 PHP_ARG_ENABLE(safe-mode, whether to enable safe mode by default,
 [  --enable-safe-mode      Enable safe mode by default], no, no)
 if test "$PHP_SAFE_MODE" = "yes"; then
  AC_DEFINE(PHP_SAFE_MODE,1,[ ])
 else
  AC_DEFINE(PHP_SAFE_MODE,0,[ ])
 fi
 AC_MSG_CHECKING([for safe mode exec dir])
 PHP_ARG_WITH(exec-dir,,
 [  --with-exec-dir[=DIR]   Only allow executables in DIR under safe-mode
                          [/usr/local/php/bin]], no, no)
 if test "$PHP_EXEC_DIR" != "no" && test "$PHP_EXEC_DIR" != "yes" ; then
  AC_DEFINE_UNQUOTED(PHP_SAFE_MODE_EXEC_DIR, "$PHP_EXEC_DIR", [ ])
  AC_MSG_RESULT([$PHP_EXEC_DIR])
 else
  AC_DEFINE(PHP_SAFE_MODE_EXEC_DIR, "/usr/local/php/bin", [ ])
  AC_MSG_RESULT([/usr/local/php/bin])
 fi
 PHP_ARG_ENABLE(sigchild, whether to enable PHP's own SIGCHLD handler,
 [  --enable-sigchild       Enable PHP's own SIGCHLD handler], no, no)
@ -1410,7 +1388,7 @@ PHP_INSTALL_HEADERS([Zend/ TSRM/ include/ main/ main/streams/])
 PHP_ADD_SOURCES(TSRM, TSRM.c tsrm_strtok_r.c tsrm_virtual_cwd.c)
 PHP_ADD_SOURCES(main, main.c snprintf.c spprintf.c php_sprintf.c \
-       safe_mode.c fopen_wrappers.c alloca.c  php_scandir.c \
+       fopen_wrappers.c alloca.c  php_scandir.c \
       php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
       strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
       network.c php_open_temporary_file.c php_logos.c \
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@ -219,7 +219,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
 	path_copy = path;
 #endif  
-	if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) {
+	if (php_check_open_basedir(path_copy TSRMLS_CC)) {
 		return NULL;
 	}
@ -233,7 +233,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
 	if (bz_file == NULL) {
 		/* that didn't work, so try and get something from the network/wrapper */
-		stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
+		stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
 		if (stream) {
 			int fd;
@ -386,7 +386,7 @@ static PHP_FUNCTION(bzopen)
 		stream = php_stream_bz2open(NULL,
 									Z_STRVAL_PP(file), 
 									mode, 
-									ENFORCE_SAFE_MODE | REPORT_ERRORS, 
+									REPORT_ERRORS, 
 									NULL);
 	} else if (Z_TYPE_PP(file) == IS_RESOURCE) {
 		/* If it is a resource, than its a stream resource */
--- a/ext/com_dotnet/com_persist.c
+++ b/ext/com_dotnet/com_persist.c
@ -386,8 +386,7 @@ CPH_METHOD(SaveToFile)
 				RETURN_FALSE;
 			}
-			if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || 
+			if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 					php_check_open_basedir(fullpath TSRMLS_CC)) {
 				efree(fullpath);
 				RETURN_FALSE;
 			}
@ -449,8 +448,7 @@ CPH_METHOD(LoadFromFile)
 			RETURN_FALSE;
 		}
-		if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
+		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 				php_check_open_basedir(fullpath TSRMLS_CC)) {
 			efree(fullpath);
 			RETURN_FALSE;
 		}
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@ -10,7 +10,7 @@
   | http://www.php.net/license/3_01.txt                                  |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
-   | license@php.net so we can mail you a copy immediately.               |
+   | license@php.net so we can mail you 6 copy immediately.               |
   +----------------------------------------------------------------------+
   | Author: Sterling Hughes <sterling@php.net>                           |
   +----------------------------------------------------------------------+
@ -169,8 +169,8 @@ static int php_curl_option_url(php_curl *ch, const char *url, const int len TSRM
 #if LIBCURL_VERSION_NUM < 0x071100
 	char *copystr = NULL;
 #endif
-	/* Disable file:// if open_basedir or safe_mode are used */
+	/* Disable file:// if open_basedir are used */
-	if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+	if (PG(open_basedir) && *PG(open_basedir)) {
 #if LIBCURL_VERSION_NUM >= 0x071304
 		error = curl_easy_setopt(ch->cp, CURLOPT_PROTOCOLS, CURLPROTO_ALL & ~CURLPROTO_FILE);
 #else
@ -1664,8 +1664,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 			convert_to_long_ex(zvalue);
 #if LIBCURL_VERSION_NUM >= 0x71304
 			if ((option == CURLOPT_PROTOCOLS || option == CURLOPT_REDIR_PROTOCOLS) &&
-				((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) {
+				(PG(open_basedir) && *PG(open_basedir)) && (Z_LVAL_PP(zvalue) & CURLPROTO_FILE)) {
-					php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when in safe_mode or an open_basedir is set");
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLPROTO_FILE cannot be activated when an open_basedir is set");
 					RETVAL_FALSE;
 					return 1;
 			}
@ -1674,9 +1674,9 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 			break;
 		case CURLOPT_FOLLOWLOCATION:
 			convert_to_long_ex(zvalue);
-			if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+			if (PG(open_basedir) && *PG(open_basedir)) {
 				if (Z_LVAL_PP(zvalue) != 0) {
-					php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set");
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set");
 					RETVAL_FALSE;
 					return 1;
 				}
@ -1728,7 +1728,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 				option == CURLOPT_SSH_PUBLIC_KEYFILE || option == CURLOPT_SSH_PRIVATE_KEYFILE
 			) {
-				if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+				if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
 					RETVAL_FALSE;
 					return 1;
 				}
@ -1938,8 +1938,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 						if ((filename = php_memnstr(postval, ";filename=", sizeof(";filename=") - 1, postval + Z_STRLEN_PP(current)))) {
 							*filename = '\0';
 						}
-						/* safe_mode / open_basedir check */
+						/* open_basedir check */
-						if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+						if (php_check_open_basedir(postval TSRMLS_CC)) {
 							RETVAL_FALSE;
 							return 1;
 						}
@ -2028,8 +2028,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 			break;
 		}
-		/* the following options deal with files, therefor safe_mode & open_basedir checks
+		/* the following options deal with files, therefore the open_basedir check
-		 * are required.
+		 * is required.
 		 */
 		case CURLOPT_COOKIEJAR:
 		case CURLOPT_SSLCERT:
@ -2041,7 +2041,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 			convert_to_string_ex(zvalue);
-			if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+			if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
 				RETVAL_FALSE;
 				return 1;
 			}
--- a/ext/curl/streams.c
+++ b/ext/curl/streams.c
@ -395,7 +395,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
 				}
 			}
 			if (mr > 1) {
-				if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+				if (PG(open_basedir) && *PG(open_basedir)) {
 					curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
 				} else {
 					curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
@ -403,7 +403,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
 				curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS, mr);
 			}
 		} else {
-			if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+			if (PG(open_basedir) && *PG(open_basedir)) {
 				curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
 			} else {
 				curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
--- a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt
+++ b/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt
@ -1,5 +1,5 @@
 --TEST--
-CURLOPT_FOLLOWLOCATION case check safe_mode and open_basedir
+CURLOPT_FOLLOWLOCATION case check open_basedir
 --CREDITS--
 WHITE new media architects - Dennis
 --INI--
@ -17,6 +17,6 @@ curl_close($ch);
 var_dump($succes);
 ?>
 --EXPECTF--
-Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when %r(safe_mode is enabled or an )?%ropen_basedir is set in %s.php on line %d
+Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s.php on line %d
 bool(false)
--- a/ext/curl/tests/curl_setopt_basic001.phpt
+++ b/ext/curl/tests/curl_setopt_basic001.phpt
@ -6,7 +6,7 @@ Paul Sohier
 --INI--
 safe_mode=On
 --SKIPIF--
-<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER')) print "skip"; ?>
+<?php if (!extension_loaded("curl") || false === getenv('PHP_CURL_HTTP_REMOTE_SERVER') || PHP_VERSION_ID < 503099) print "skip"; ?>
 --FILE--
 <?php
--- a/ext/dba/dba.c
+++ b/ext/dba/dba.c
@ -838,7 +838,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 				/* when in read only mode try to use existing .lck file first */
 				/* do not log errors for .lck file while in read ony mode on .lck file */
 				lock_file_mode = "rb";
-				info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path);
+				info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|IGNORE_PATH|persistent_flag, &opened_path);
 			}
 			if (!info->lock.fp) {
 				/* when not in read mode or failed to open .lck file read only. now try again in create(write) mode and log errors */
@ -853,7 +853,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 			}
 		}
 		if (!info->lock.fp) {
-			info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, &opened_path);
+			info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, &opened_path);
 			if (info->lock.fp) {
 				if (lock_dbf) {
 					/* replace the path info with the real path of the opened file */
@ -891,7 +891,7 @@ static void php_dba_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 		if (info->lock.fp && lock_dbf) {
 			info->fp = info->lock.fp; /* use the same stream for locking and database access */
 		} else {
-			info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE|persistent_flag, NULL);
+			info->fp = php_stream_open_wrapper(info->path, file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, NULL);
 		}
 		if (!info->fp) {
 			dba_close(info TSRMLS_CC);
--- a/ext/dba/libflatfile/flatfile.c
+++ b/ext/dba/libflatfile/flatfile.c
@ -27,7 +27,6 @@
 #include "php.h"
 #include "php_globals.h"
 #include "safe_mode.h"
 #include <stdlib.h>
 #include <string.h>
--- a/ext/dba/libinifile/inifile.c
+++ b/ext/dba/libinifile/inifile.c
@ -24,7 +24,6 @@
 #include "php.h"
 #include "php_globals.h"
 #include "safe_mode.h"
 #include <stdlib.h>
 #include <string.h>
--- a/ext/enchant/enchant.c
+++ b/ext/enchant/enchant.c
@ -587,7 +587,11 @@ PHP_FUNCTION(enchant_broker_request_pwl_dict)
 		RETURN_FALSE;
 	}
 #if PHP_API_VERSION < 20100412
 	if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) {
 #else
 	if (php_check_open_basedir(pwl TSRMLS_CC)) {
 #endif
 		RETURN_FALSE;
 	}
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@ -3861,7 +3861,7 @@ static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_t
 	ImageInfo->motorola_intel = -1; /* flag as unknown */
-	ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL);
+	ImageInfo->infile = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK|IGNORE_PATH, NULL);
 	if (!ImageInfo->infile) {
 		exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Unable to open file");
 		return FALSE;
@ -4166,7 +4166,7 @@ PHP_FUNCTION(exif_imagetype)
 		return;
 	}
-	stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+	stream = php_stream_open_wrapper(imagefile, "rb", IGNORE_PATH|REPORT_ERRORS, NULL);
 	if (stream == NULL) {
 		RETURN_FALSE;
--- a/ext/fileinfo/fileinfo.c
+++ b/ext/fileinfo/fileinfo.c
@ -297,7 +297,11 @@ PHP_FUNCTION(finfo_open)
 		}
 		file = resolved_path;
 #if PHP_API_VERSION < 20100412
 		if ((PG(safe_mode) && (!php_checkuid(file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file TSRMLS_CC)) {
 #else
 		if (php_check_open_basedir(file TSRMLS_CC)) {
 #endif
 			RETURN_FALSE;
 		}
 	}
@ -492,8 +496,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime
 			if (wrap) {
 				php_stream_context *context = php_stream_context_from_zval(zcontext, 0);
-
+#if PHP_API_VERSION < 20100412
 				php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
 #else
 				php_stream *stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context);
 #endif
 				if (!stream) {
 					RETVAL_FALSE;
--- a/ext/fileinfo/libmagic.patch
+++ b/ext/fileinfo/libmagic.patch
@ -257,7 +257,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
 +
 +	TSRMLS_FETCH();
 +
-+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 +	stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 +#else
 +	stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@ -490,7 +490,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
 		goto error2;
 -	if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1)
-+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 +		stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 +#else
 +		stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@ -647,7 +647,7 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
 -	if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) {
 +/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */
-+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 +	stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 +#else
 +	stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL);
@ -799,7 +799,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c
 			break;
 		case CDF_FILETIME:
 			tp = info[i].pi_tp;
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 +		if (tp < 1000000000000000i64) {
 +#else
 			if (tp < 1000000000000000LL) {
@ -822,7 +822,7 @@ diff -u libmagic.orig/cdf.h libmagic/cdf.h
 typedef struct {
 	uint64_t	h_magic;
 -#define CDF_MAGIC	0xE11AB1A1E011CFD0LL
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 +# define CDF_MAGIC	0xE11AB1A1E011CFD0i64
 +#else
 +# define CDF_MAGIC	0xE11AB1A1E011CFD0LL
@ -2019,7 +2019,7 @@ diff -u libmagic.orig/magic.c libmagic/magic.c
 +
 +	if (!stream && inname) {
 +		no_in_stream = 1;
-+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 +		stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 +#else
 +		stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL);
@ -2392,7 +2392,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c
 		case CDF_FILETIME:
 			tp = info[i].pi_tp;
 			if (tp != 0) {
-+#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 +				if (tp < 1000000000000000i64) {
 +#else
 				if (tp < 1000000000000000LL) {
@ -2773,7 +2773,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
 +		
 +		convert_libmagic_pattern(pattern, options);
 +		
-+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 +		if ((pce = pcre_get_compiled_regex_cache(Z_STRVAL_P(pattern), Z_STRLEN_P(pattern) TSRMLS_CC)) == NULL) {
 #else
 -			pmatch[0].rm_so = 0;
@ -2800,7 +2800,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
 +			haystack = estrndup(ms->search.s, ms->search.s_len);
 +
 +			/* match v = 0, no match v = 1 */
-+#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 +			php_pcre_match_impl(pce, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC);
 +#else			
 +			php_pcre_match_impl(pce, IS_STRING, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC);
--- a/ext/fileinfo/libmagic/apprentice.c
+++ b/ext/fileinfo/libmagic/apprentice.c
@ -597,7 +597,7 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs,
 	TSRMLS_FETCH();
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 	stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 	stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@ -2041,7 +2041,7 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
 	if (dbname == NULL)
 		goto error2;
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 		stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 		stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL);
@ -2165,7 +2165,7 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp,
 	}
 /* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 	stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 	stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL);
--- a/ext/fileinfo/libmagic/cdf.c
+++ b/ext/fileinfo/libmagic/cdf.c
@ -1131,7 +1131,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count)
 			break;
 		case CDF_FILETIME:
 			tp = info[i].pi_tp;
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 		if (tp < 1000000000000000i64) {
 #else
 			if (tp < 1000000000000000LL) {
--- a/ext/fileinfo/libmagic/cdf.h
+++ b/ext/fileinfo/libmagic/cdf.h
@ -42,7 +42,7 @@ typedef int32_t cdf_secid_t;
 typedef struct {
 	uint64_t	h_magic;
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 # define CDF_MAGIC	0xE11AB1A1E011CFD0i64
 #else
 # define CDF_MAGIC	0xE11AB1A1E011CFD0LL
--- a/ext/fileinfo/libmagic/magic.c
+++ b/ext/fileinfo/libmagic/magic.c
@ -290,7 +290,7 @@ file_or_stream(struct magic_set *ms, const char *inname, php_stream *stream)
 	if (!stream && inname) {
 		no_in_stream = 1;
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 		stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 		stream = php_stream_open_wrapper(inname, "rb", REPORT_ERRORS, NULL);
--- a/ext/fileinfo/libmagic/readcdf.c
+++ b/ext/fileinfo/libmagic/readcdf.c
@ -110,7 +110,7 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info,
 		case CDF_FILETIME:
 			tp = info[i].pi_tp;
 			if (tp != 0) {
-#if defined(PHP_WIN32 ) && _MSC_VER <= 1500
+#if defined(PHP_WIN32) && _MSC_VER <= 1500
 				if (tp < 1000000000000000i64) {
 #else
 				if (tp < 1000000000000000LL) {
--- a/ext/ftp/php_ftp.c
+++ b/ext/ftp/php_ftp.c
@ -41,7 +41,7 @@
 #include "php_ftp.h"
 #include "ftp.h"
-static int	le_ftpbuf;
+static int le_ftpbuf;
 #define le_ftpbuf_name "FTP Buffer"
 /* {{{ arginfo */
@ -874,9 +874,9 @@ PHP_FUNCTION(ftp_get)
 #endif
 	if (ftp->autoseek && resumepos) {
-		outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+		outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL);
 		if (outstream == NULL) {
-			outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+			outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
 		}
 		if (outstream != NULL) {
 			/* if autoresume is wanted seek to end */
@ -888,7 +888,7 @@ PHP_FUNCTION(ftp_get)
 			}
 		}
 	} else {
-		outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+		outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
 	}
 	if (outstream == NULL)	{
@ -935,9 +935,9 @@ PHP_FUNCTION(ftp_nb_get)
 	mode = FTPTYPE_IMAGE;
 #endif
 	if (ftp->autoseek && resumepos) {
-		outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+		outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt+" : "rb+", REPORT_ERRORS, NULL);
 		if (outstream == NULL) {
-			outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+			outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
 		}
 		if (outstream != NULL) {
 			/* if autoresume is wanted seek to end */
@ -949,7 +949,7 @@ PHP_FUNCTION(ftp_nb_get)
 			}
 		}
 	} else {
-		outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+		outstream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "wt" : "wb", REPORT_ERRORS, NULL);
 	}
 	if (outstream == NULL)	{
@ -1131,7 +1131,7 @@ PHP_FUNCTION(ftp_put)
 	ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
 	XTYPE(xtype, mode);
-	if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) {
+	if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) {
 		RETURN_FALSE;
 	}
@ -1184,7 +1184,7 @@ PHP_FUNCTION(ftp_nb_put)
 	ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
 	XTYPE(xtype, mode);
-	if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL))) {
+	if (!(instream = php_stream_open_wrapper(local, mode == FTPTYPE_ASCII ? "rt" : "rb", REPORT_ERRORS, NULL))) {
 		RETURN_FALSE;
 	}
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@ -1470,7 +1470,7 @@ PHP_FUNCTION(imageloadfont)
 		return;
 	}
-	stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
+	stream = php_stream_open_wrapper(file, "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
 	if (stream == NULL) {
 		RETURN_FALSE;
 	}
@ -2422,7 +2422,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type,
 		}
 	}
-	stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+	stream = php_stream_open_wrapper(file, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
 	if (stream == NULL)	{
 		RETURN_FALSE;
 	}
--- a/ext/gd/php_gd.h
+++ b/ext/gd/php_gd.h
@ -33,12 +33,10 @@
 #if HAVE_LIBGD
 /* open_basedir and safe_mode checks */
-#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg)                                   \
+#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg)                       \
-	if (!filename || php_check_open_basedir(filename TSRMLS_CC) ||                      \
+	if (!filename || php_check_open_basedir(filename TSRMLS_CC)) {      \
-		(PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))   \
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg);      \
-	) {                                                                                 \
+		RETURN_FALSE;                                               \
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg);                          \
 		RETURN_FALSE;                                                                   \
 	}
 #define PHP_GDIMG_TYPE_GIF      1
--- a/ext/hash/hash.c
+++ b/ext/hash/hash.c
@ -141,7 +141,7 @@ static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_
 		RETURN_FALSE;
 	}
 	if (isfilename) {
-		stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT);
+		stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT);
 		if (!stream) {
 			/* Stream will report errors opening file */
 			RETURN_FALSE;
@ -219,7 +219,7 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename,
 		RETURN_FALSE;
 	}
 	if (isfilename) {
-		stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT);
+		stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT);
 		if (!stream) {
 			/* Stream will report errors opening file */
 			RETURN_FALSE;
@ -453,7 +453,7 @@ PHP_FUNCTION(hash_update_file)
 	ZEND_FETCH_RESOURCE(hash, php_hash_data*, &zhash, -1, PHP_HASH_RESNAME, php_hash_le_hash);
 	context = php_stream_context_from_zval(zcontext, 0);
-	stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, context);
+	stream = php_stream_open_wrapper_ex(filename, "rb", REPORT_ERRORS, NULL, context);
 	if (!stream) {
 		/* Stream will report errors opening file */
 		RETURN_FALSE;
--- a/ext/hash/hash_md.c
+++ b/ext/hash/hash_md.c
@ -148,7 +148,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file)
 		return;
 	}
-	stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
+	stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
 	if (!stream) {
 		RETURN_FALSE;
 	}
--- a/ext/hash/hash_sha.c
+++ b/ext/hash/hash_sha.c
@ -132,7 +132,7 @@ PHP_FUNCTION(sha1_file)
 		return;
 	}
-	stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
+	stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
 	if (!stream) {
 		RETURN_FALSE;
 	}
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@ -1215,10 +1215,8 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 		efree(IMAPG(imap_password));
 	}
-	/* local filename, need to perform open_basedir and safe_mode checks */
+	/* local filename, need to perform open_basedir check */
-	if (mailbox[0] != '{' &&
+	if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) {
 			(php_check_open_basedir(mailbox TSRMLS_CC) ||
 			(PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
 		RETURN_FALSE;
 	}
@ -1292,10 +1290,8 @@ PHP_FUNCTION(imap_reopen)
 		mail_parameters(NIL, SET_MAXLOGINTRIALS, (void *) retries);
 	}
 #endif
-	/* local filename, need to perform open_basedir and safe_mode checks */
+	/* local filename, need to perform open_basedir check */
-	if (mailbox[0] != '{' &&
+	if (mailbox[0] != '{' && php_check_open_basedir(mailbox TSRMLS_CC)) {
 			(php_check_open_basedir(mailbox TSRMLS_CC) ||
 			(PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
 		RETURN_FALSE;
 	}
@ -2394,7 +2390,7 @@ PHP_FUNCTION(imap_savebody)
 		default:
 			convert_to_string_ex(out);
-			writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+			writer = php_stream_open_wrapper(Z_STRVAL_PP(out), "wb", REPORT_ERRORS, NULL);
 		break;
 	}
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@ -300,7 +300,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char
 	   that the streams layer puts out at times, but for libxml we
 	   may try to open files that don't exist, but it is not a failure
 	   in xml processing (eg. DTD files)  */
-	wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC);
+	wrapper = php_stream_locate_url_wrapper(resolved_path, &path_to_open, 0 TSRMLS_CC);
 	if (wrapper && read_only && wrapper->wops->url_stat) {
 		if (wrapper->wops->url_stat(wrapper, path_to_open, PHP_STREAM_URL_STAT_QUIET, &ssbuf, NULL TSRMLS_CC) == -1) {
 			if (isescaped) {
@ -314,7 +314,7 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char
 		context = zend_fetch_resource(&LIBXML(stream_context) TSRMLS_CC, -1, "Stream-Context", NULL, 1, php_le_stream_context());
 	}
-	ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, context);
+	ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, REPORT_ERRORS, NULL, context);
 	if (isescaped) {
 		xmlFree(resolved_path);
 	}
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@ -3862,11 +3862,6 @@ PHP_FUNCTION(mb_send_mail)
 	extern void mbfl_memory_device_unput(mbfl_memory_device *device);
 	char *pp, *ee;
 	if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect.  The fifth parameter is disabled in SAFE MODE.");
 		RETURN_FALSE;
 	}
 	/* initialize */
 	mbfl_memory_device_init(&device, 0, 0);
 	mbfl_string_init(&orig_str);
--- a/ext/mysql/php_mysql.c
+++ b/ext/mysql/php_mysql.c
@ -664,7 +664,11 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 		}
 		/* disable local infile option for open_basedir */
 #if PHP_API_VERSION < 20100412
 		if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
 #else
 		if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') && (client_flags & CLIENT_LOCAL_FILES)) {
 #endif
 			client_flags ^= CLIENT_LOCAL_FILES;
 		}
--- a/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
+++ b/ext/mysql/tests/mysql_query_load_data_openbasedir.phpt
@ -26,7 +26,6 @@ if ($socket == "" && $host != NULL && $host != 'localhost' && $host != '.') {
 }
 ?>
 --INI--
 safe_mode=0
 open_basedir="."
 --FILE--
 <?php
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@ -1674,7 +1674,11 @@ PHP_FUNCTION(mysqli_options)
 	}
 	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
 #if PHP_API_VERSION < 20100412
 	if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
 #else
 	if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
 #endif
 		if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
 			RETURN_FALSE;
 		}
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@ -102,7 +102,11 @@ MYSQLND_METHOD(mysqlnd_net, network_write)(MYSQLND * const conn, const zend_ucha
 static enum_func_status
 MYSQLND_METHOD(mysqlnd_net, connect)(MYSQLND_NET * net, const char * const scheme, size_t scheme_len, zend_bool persistent, char **errstr, int * errcode TSRMLS_DC)
 {
 #if PHP_API_VERSION < 20100412
 	unsigned int streams_options = ENFORCE_SAFE_MODE;
 #else
 	unsigned int streams_options = 0;
 #endif
 	unsigned int streams_flags = STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT;
 	char * hashed_details = NULL;
 	int hashed_details_len = 0;
--- a/ext/oci8/oci8.c
+++ b/ext/oci8/oci8.c
@ -1741,13 +1741,6 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled. Enable oci8.privileged_connect to be able to connect as SYSOPER or SYSDBA");
 				return NULL;
 			}
 			/*	Disable privileged connections in Safe Mode (N.b. safe mode has been removed in PHP
 			 *	6 anyway)
 			 */
 			if (PG(safe_mode)) {
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Privileged connect is disabled in Safe Mode");
 				return NULL;
 			}
 		}
 	}
--- a/ext/oci8/oci8_interface.c
+++ b/ext/oci8/oci8_interface.c
@ -919,15 +919,11 @@ PHP_FUNCTION(oci_lob_export)
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
-	stream = php_stream_open_wrapper_ex(filename, "w", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL);
+	stream = php_stream_open_wrapper_ex(filename, "w", REPORT_ERRORS, NULL, NULL);
 	block_length = PHP_OCI_LOB_BUFFER_SIZE;
 	if (block_length > length) {
@ -1871,12 +1867,6 @@ PHP_FUNCTION(oci_password_change)
 	int user_len, pass_old_len, pass_new_len, dbname_len;
 	php_oci_connection *connection;
 	/*	Disable in Safe Mode  */
 	if (PG(safe_mode)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "is disabled in Safe Mode");
 		RETURN_FALSE;
 	}
 	if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &z_connection, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) {
 		PHP_OCI_ZVAL_TO_CONNECTION(z_connection, connection);
--- a/ext/oci8/oci8_lob.c
+++ b/ext/oci8/oci8_lob.c
@ -724,7 +724,7 @@ int php_oci_lob_import (php_oci_descriptor *descriptor, char *filename TSRMLS_DC
 	char buf[8192];
 	ub4 offset = 1;
-	if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) {
+	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		return 1;
 	}
--- a/ext/oci8/tests/oci8safemode.phpt
+++ b/ext/oci8/tests/oci8safemode.phpt
@ -1,7 +1,7 @@
 --TEST--
 Test functionality disabled in safe mode
 --SKIPIF--
-<?php if (!extension_loaded('oci8')) die("skip no oci8 extension"); ?>
+<?php if (!extension_loaded('oci8')){ die("skip no oci8 extension"); } if (PHP_VERSION_ID < 503099){ die("skip: safe_mode no longer available"); }  ?>
 --INI--
 safe_mode=On
 oci8.privileged_connect=On
--- a/ext/odbc/php_odbc.c
+++ b/ext/odbc/php_odbc.c
@ -1296,13 +1296,6 @@ PHP_FUNCTION(odbc_execute)
 				filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2);
 				filename[strlen(filename)] = '\0';
 				/* Check for safe mode. */
 				if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 					efree(filename);
 					efree(params);
 					RETURN_FALSE;
 				}
 				/* Check the basedir */
 				if (php_check_open_basedir(filename TSRMLS_CC)) {
 					efree(filename);
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@ -489,12 +489,9 @@ static void php_csr_free(zend_rsrc_list_entry *rsrc TSRMLS_DC)
 }
 /* }}} */
-/* {{{ openssl safe_mode & open_basedir checks */
+/* {{{ openssl open_basedir check */
-inline static int php_openssl_safe_mode_chk(char *filename TSRMLS_DC)
+inline static int php_openssl_open_base_dir_chk(char *filename TSRMLS_DC)
 {
 	if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		return -1;
 	}
 	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		return -1;
 	}
@ -774,7 +771,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
 	/* read in the oids */
 	str = CONF_get_string(req->req_config, NULL, "oid_file");
-	if (str && !php_openssl_safe_mode_chk(str TSRMLS_CC)) {
+	if (str && !php_openssl_open_base_dir_chk(str TSRMLS_CC)) {
 		BIO *oid_bio = BIO_new_file(str, "r");
 		if (oid_bio) {
 			OBJ_create_objects(oid_bio);
@ -1163,7 +1160,7 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, long * r
 		/* read cert from the named file */
 		BIO *in;
-		if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) {
+		if (php_openssl_open_base_dir_chk(Z_STRVAL_PP(val) + (sizeof("file://") - 1) TSRMLS_CC)) {
 			return NULL;
 		}
@ -1219,7 +1216,7 @@ PHP_FUNCTION(openssl_x509_export_to_file)
 		return;
 	}
-	if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
 		return;
 	}
@ -1449,7 +1446,7 @@ static STACK_OF(X509) * load_all_certs_from_file(char *certfile)
 		goto end;
 	}
-	if (php_openssl_safe_mode_chk(certfile TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(certfile TSRMLS_CC)) {
 		sk_X509_free(stack);
 		goto end;
 	}
@ -1776,7 +1773,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "private key does not correspond to cert");
 		goto cleanup;
 	}
-	if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
 		goto cleanup;
 	}
@ -2178,7 +2175,7 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long
 		filename = Z_STRVAL_PP(val) + (sizeof("file://") - 1);
 	}
 	if (filename) {
-		if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+		if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
 			return NULL;
 		}
 		in = BIO_new_file(filename, "r");
@ -2214,7 +2211,7 @@ PHP_FUNCTION(openssl_csr_export_to_file)
 		return;
 	}
-	if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
 		return;
 	}
@ -2692,7 +2689,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char *
 			BIO *in;
 			if (filename) {
-				if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+				if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
 					TMP_CLEAN;
 				}
 				in = BIO_new_file(filename, "r");
@ -2999,7 +2996,7 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 		RETURN_FALSE;
 	}
-	if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -3287,7 +3284,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 	if (!store) {
 		goto clean_exit;
 	}
-	if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(filename TSRMLS_CC)) {
 		goto clean_exit;
 	}
@ -3305,7 +3302,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 	if (datafilename) {
-		if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) {
+		if (php_openssl_open_base_dir_chk(datafilename TSRMLS_CC)) {
 			goto clean_exit;
 		}
@ -3325,7 +3322,7 @@ PHP_FUNCTION(openssl_pkcs7_verify)
 		if (signersfilename) {
 			BIO *certout;
-			if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) {
+			if (php_openssl_open_base_dir_chk(signersfilename TSRMLS_CC)) {
 				goto clean_exit;
 			}
@ -3385,7 +3382,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 		return;
-	if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
 		return;
 	}
@ -3544,7 +3541,7 @@ PHP_FUNCTION(openssl_pkcs7_sign)
 		goto clean_exit;
 	}
-	if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
 		goto clean_exit;
 	}
@ -3639,7 +3636,7 @@ PHP_FUNCTION(openssl_pkcs7_decrypt)
 		goto clean_exit;
 	}
-	if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+	if (php_openssl_open_base_dir_chk(infilename TSRMLS_CC) || php_openssl_open_base_dir_chk(outfilename TSRMLS_CC)) {
 		goto clean_exit;
 	}
--- a/ext/pdo/pdo_dbh.c
+++ b/ext/pdo/pdo_dbh.c
@ -187,7 +187,7 @@ static char *dsn_from_uri(char *uri, char *buf, size_t buflen TSRMLS_DC) /* {{{
 	php_stream *stream;
 	char *dsn = NULL;
-	stream = php_stream_open_wrapper(uri, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+	stream = php_stream_open_wrapper(uri, "rb", REPORT_ERRORS, NULL);
 	if (stream) {
 		dsn = php_stream_get_line(stream, buf, buflen, NULL);
 		php_stream_close(stream);
--- a/ext/pdo_mysql/mysql_driver.c
+++ b/ext/pdo_mysql/mysql_driver.c
@ -649,7 +649,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 			goto cleanup;
 		}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 		if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
 #else
 		if (PG(open_basedir) && PG(open_basedir)[0] != '\0') 
--- a/ext/pdo_sqlite/sqlite_driver.c
+++ b/ext/pdo_sqlite/sqlite_driver.c
@ -643,11 +643,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC)
 			return NULL;
 		}
 		if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			efree(fullpath);
 			return NULL;
 		}
 		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 			efree(fullpath);
 			return NULL;
@ -705,7 +700,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS
 	if (!filename) {
 		zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC,
-			"safe_mode/open_basedir prohibits opening %s",
+			"open_basedir prohibits opening %s",
 			dbh->data_source);
 		goto cleanup;
 	}
@ -718,7 +713,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS
 		goto cleanup;
 	}
-	if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+	if (PG(open_basedir) && *PG(open_basedir)) {
 		sqlite3_set_authorizer(H->db, authorizer, NULL);
 	}
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@ -2879,7 +2879,7 @@ PHP_FUNCTION(pg_trace)
 	ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
-	stream = php_stream_open_wrapper(z_filename, mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+	stream = php_stream_open_wrapper(z_filename, mode, REPORT_ERRORS, NULL);
 	if (!stream) {
 		RETURN_FALSE;
@ -3339,10 +3339,6 @@ PHP_FUNCTION(pg_lo_import)
 		WRONG_PARAM_COUNT;
 	}
 	if (PG(safe_mode) &&(!php_checkuid(file_in, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(file_in TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -3476,10 +3472,6 @@ PHP_FUNCTION(pg_lo_export)
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) &&(!php_checkuid(file_out, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(file_out TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@ -1327,7 +1327,7 @@ int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int a
 	if (!pphar) {
 		pphar = &mydata;
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		return FAILURE;
 	}
@ -1491,7 +1491,7 @@ int phar_open_from_filename(char *fname, int fname_len, char *alias, int alias_l
 	} else if (error && *error) {
 		return FAILURE;
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		return FAILURE;
 	}
@ -2357,7 +2357,7 @@ int phar_open_executed_filename(char *alias, int alias_len, char **error TSRMLS_
 	FREE_ZVAL(halt_constant);
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		return FAILURE;
 	}
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@ -1754,7 +1754,7 @@ phar_spl_fileinfo:
 			return ZEND_HASH_APPLY_STOP;
 		}
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "Iterator %v returned a path \"%s\" that safe mode prevents opening", ce->name, fname);
@ -3943,7 +3943,7 @@ PHP_METHOD(Phar, addFile)
 		return;
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, safe_mode restrictions prevent this", fname);
 		return;
@ -4187,11 +4187,11 @@ PHP_METHOD(Phar, delMetadata)
 	}
 }
 /* }}} */
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
-#define OPENBASEDIR_CHECKPATH(filename) \
+#define PHAR_OPENBASEDIR_CHECKPATH(filename) \
 	(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
 #else
-#define OPENBASEDIR_CHECKPATH(filename) \
+#define PHAR_OPENBASEDIR_CHECKPATH(filename) \
 	php_check_open_basedir(filename TSRMLS_CC)
 #endif
@ -4235,7 +4235,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
 		return FAILURE;
 	}
-	if (OPENBASEDIR_CHECKPATH(fullpath)) {
+	if (PHAR_OPENBASEDIR_CHECKPATH(fullpath)) {
 		spprintf(error, 4096, "Cannot extract \"%s\" to \"%s\", openbasedir/safe mode restrictions in effect", entry->filename, fullpath);
 		efree(fullpath);
 		return FAILURE;
@ -4285,7 +4285,11 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
 		return SUCCESS;
 	}
 #if PHP_API_VERSION < 20100412
 	fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 	fp = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
 #endif
 	if (!fp) {
 		spprintf(error, 4096, "Cannot extract \"%s\", could not open for writing \"%s\"", entry->filename, fullpath);
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@ -201,7 +201,7 @@ int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len,
 			entry.tmp = estrndup(filename, filename_len);
 		}
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && !is_phar && (!php_checkuid(entry.tmp, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		efree(entry.tmp);
 		efree(entry.filename);
@ -850,7 +850,7 @@ int phar_open_archive_fp(phar_archive_data *phar TSRMLS_DC) /* {{{ */
 	if (phar_get_pharfp(phar TSRMLS_CC)) {
 		return SUCCESS;
 	}
-#if PHP_MAJOR_VERSION < 6
+#if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) && (!php_checkuid(phar->fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		return FAILURE;
 	}
--- a/ext/posix/posix.c
+++ b/ext/posix/posix.c
@ -840,8 +840,7 @@ PHP_FUNCTION(posix_mkfifo)
 		RETURN_FALSE;
 	}
-	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
+	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
 			(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
 		RETURN_FALSE;
 	}
@ -875,8 +874,7 @@ PHP_FUNCTION(posix_mknod)
 		RETURN_FALSE;
 	}
-	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
+	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
 			(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
 		RETURN_FALSE;
 	}
@ -961,8 +959,7 @@ PHP_FUNCTION(posix_access)
 		RETURN_FALSE;
 	}
-	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
+	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
 			(PG(safe_mode) && (!php_checkuid_ex(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS)))) {
 		efree(path);
 		POSIX_G(last_error) = EPERM;
 		RETURN_FALSE;
--- a/ext/posix/tests/posix_access.phpt
+++ b/ext/posix/tests/posix_access.phpt
@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
 if (posix_geteuid() == 0) {
    die('SKIP Cannot run test as root.');
 }
 if (PHP_VERSION_ID < 503099) {
    die('SKIP Safe mode is no longer available.');
 }
 ?>
 --INI--
 safe_mode = 1
--- a/ext/posix/tests/posix_access_error_modes.phpt
+++ b/ext/posix/tests/posix_access_error_modes.phpt
@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
 if (posix_geteuid() == 0) {
    die('SKIP Cannot run test as root.');
 }
 if (PHP_VERSION_ID < 503099) {
    die('SKIP Safe mode is no longer available.');
 }
 ?>
 --INI--
 safe_mode = 1
--- a/ext/posix/tests/posix_access_error_wrongparams.phpt
+++ b/ext/posix/tests/posix_access_error_wrongparams.phpt
@ -13,6 +13,9 @@ if (!extension_loaded('posix')) {
 if (posix_geteuid() == 0) {
    die('SKIP Cannot run test as root.');
 }
 if (PHP_VERSION_ID < 503099) {
    die('SKIP Safe mode is no longer available.');
 }
 ?>
 --INI--
 safe_mode = 1
--- a/ext/posix/tests/posix_access_safemode.phpt
+++ b/ext/posix/tests/posix_access_safemode.phpt
@ -11,6 +11,9 @@ if (!extension_loaded('posix')) {
 if (posix_geteuid() == 0) {
    die('SKIP Cannot run test as root.');
 }
 if (PHP_VERSION_ID < 503099) {
    die('SKIP Safe mode is no longer available.');
 }
 --INI--
 safe_mode = 1
 --FILE--
--- a/ext/posix/tests/posix_mkfifo_safemode.phpt
+++ b/ext/posix/tests/posix_mkfifo_safemode.phpt
@ -17,6 +17,9 @@ if (!extension_loaded('posix')) {
 if (posix_geteuid() == 0) {
    die('SKIP Cannot run test as root.');
 }
 if (PHP_VERSION_ID < 503099) {
    die('SKIP Safe mode is no longer available.');
 }
 ?>
 --INI--
 safe_mode = 1
--- a/ext/pspell/pspell.c
+++ b/ext/pspell/pspell.c
@ -402,11 +402,6 @@ static PHP_FUNCTION(pspell_new_personal)
 	}
 #endif
 	if (PG(safe_mode) && (!php_checkuid(personal, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		delete_pspell_config(config);
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(personal TSRMLS_CC)) {
 		delete_pspell_config(config);
 		RETURN_FALSE;
@ -836,10 +831,6 @@ static void pspell_config_path(INTERNAL_FUNCTION_PARAMETERS, char *option)
 	PSPELL_FETCH_CONFIG;
 	if (PG(safe_mode) && (!php_checkuid(value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(value TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -891,10 +882,6 @@ static PHP_FUNCTION(pspell_config_repl)
 	pspell_config_replace(config, "save-repl", "true");
 	if (PG(safe_mode) && (!php_checkuid(repl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(repl TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@ -171,20 +171,14 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 		if (data->fd != -1) {
 #ifndef PHP_WIN32
 			/* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */
-			if (PG(safe_mode) || PG(open_basedir)) {
+			if (PG(open_basedir)) {
 				struct stat sbuf;
 				if (fstat(data->fd, &sbuf)) {
 					close(data->fd);
 					return;
 				}
-				if (
+				if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
 					S_ISLNK(sbuf.st_mode) &&
 					(
 						php_check_open_basedir(buf TSRMLS_CC) ||
 						(PG(safe_mode) && !php_checkuid(buf, NULL, CHECKUID_CHECK_FILE_AND_DIR))
 					)
 				) {
 					close(data->fd);
 					return;
 				}
@ -274,9 +268,6 @@ PS_OPEN_FUNC(files)
 		/* if save path is an empty string, determine the temporary dir */
 		save_path = php_get_temporary_directory();
 		if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			return FAILURE;
 		}
 		if (php_check_open_basedir(save_path TSRMLS_CC)) {
 			return FAILURE;
 		}
--- a/ext/session/session.c
+++ b/ext/session/session.c
@ -567,10 +567,6 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
 			p = new_value;
 		}
 		if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			return FAILURE;
 		}
 		if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) {
 			return FAILURE;
 		}
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@ -118,7 +118,7 @@ static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, ph
 	namelen = spprintf(&name, 0, "%s://%s:%d", (use_ssl && !*use_proxy)? "ssl" : "tcp", host, port);
 	stream = php_stream_xport_create(name, namelen,
-		ENFORCE_SAFE_MODE | REPORT_ERRORS,
+		REPORT_ERRORS,
 		STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
 		NULL /*persistent_id*/,
 		timeout,
--- a/ext/soap/php_xml.c
+++ b/ext/soap/php_xml.c
@ -179,7 +179,7 @@ int php_stream_xmlIO_match_wrapper(const char *filename)
 void *php_stream_xmlIO_open_wrapper(const char *filename)
 {
 	TSRMLS_FETCH();
-	return php_stream_open_wrapper((char*)filename, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+	return php_stream_open_wrapper((char*)filename, "rb", REPORT_ERRORS, NULL);
 }
 int php_stream_xmlIO_read(void *context, char *buffer, int len)
--- a/ext/spl/php_spl.c
+++ b/ext/spl/php_spl.c
@ -231,7 +231,7 @@ static int spl_autoload(const char *class_name, const char * lc_name, int class_
 	class_file_len = spprintf(&class_file, 0, "%s%s", lc_name, file_extension);
-	ret = php_stream_open_for_zend_ex(class_file, &file_handle, ENFORCE_SAFE_MODE|USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
+	ret = php_stream_open_for_zend_ex(class_file, &file_handle, USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
 	if (ret == SUCCESS) {
 		if (!file_handle.opened_path) {
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@ -221,7 +221,7 @@ static void spl_filesystem_dir_open(spl_filesystem_object* intern, char *path TS
 	intern->type = SPL_FS_DIR;
 	intern->_path_len = strlen(path);
-	intern->u.dir.dirp = php_stream_opendir(path, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);
+	intern->u.dir.dirp = php_stream_opendir(path, REPORT_ERRORS, NULL);
 	if (intern->_path_len > 1 && IS_SLASH_AT(path, intern->_path_len-1)) {
 		intern->_path = estrndup(path, --intern->_path_len);
@ -245,7 +245,7 @@ static int spl_filesystem_file_open(spl_filesystem_object *intern, int use_inclu
 {
 	intern->type = SPL_FS_FILE;
 	intern->u.file.context = php_stream_context_from_zval(intern->u.file.zcontext, 0);
-	intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, intern->u.file.context);
+	intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, intern->u.file.context);
 	if (!intern->file_name_len || !intern->u.file.stream) {
 		if (!EG(exception)) {
--- a/ext/sqlite/pdo_sqlite2.c
+++ b/ext/sqlite/pdo_sqlite2.c
@ -522,11 +522,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC)
 			return NULL;
 		}
 		if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			efree(fullpath);
 			return NULL;
 		}
 		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 			efree(fullpath);
 			return NULL;
@ -585,7 +580,7 @@ static int pdo_sqlite2_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRML
 	if (!filename) {
 		zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC,
-				"safe_mode/open_basedir prohibits opening %s",
+				"open_basedir prohibits opening %s",
 				dbh->data_source);
 		goto cleanup;
 	}
--- a/ext/sqlite/sess_sqlite.c
+++ b/ext/sqlite/sess_sqlite.c
@ -42,7 +42,6 @@ PS_OPEN_FUNC(sqlite)
 	char *errmsg = NULL;
 	sqlite *db;
 	/* TODO: do we need a safe_mode check here? */
 	db = sqlite_open(save_path, 0666, &errmsg);
 	if (db == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, 
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@ -1066,9 +1066,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg
 		case SQLITE_COPY:
 			if (strncmp(arg4, ":memory:", sizeof(":memory:") - 1)) {
 				TSRMLS_FETCH();
 				if (PG(safe_mode) && (!php_checkuid(arg4, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 					return SQLITE_DENY;
 				}
 				if (php_check_open_basedir(arg4 TSRMLS_CC)) {
 					return SQLITE_DENY;
@ -1079,9 +1076,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg
 		case SQLITE_ATTACH:
 			if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) {
 				TSRMLS_FETCH();
 				if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 					return SQLITE_DENY;
 				}
 				if (php_check_open_basedir(arg3 TSRMLS_CC)) {
 					return SQLITE_DENY;
@ -1510,7 +1504,7 @@ static struct php_sqlite_db *php_sqlite_open(char *filename, int mode, char *per
 	/* authorizer hook so we can enforce safe mode
 	 * Note: the declaration of php_sqlite_authorizer is correct for 2.8.2 of libsqlite,
 	 * and IS backwards binary compatible with earlier versions */
-	if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+	if (PG(open_basedir) && *PG(open_basedir)) {
 		sqlite_set_authorizer(sdb, php_sqlite_authorizer, NULL);
 	}
@ -1566,8 +1560,7 @@ PHP_FUNCTION(sqlite_popen)
 			RETURN_FALSE;
 		}
-		if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || 
+		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 				php_check_open_basedir(fullpath TSRMLS_CC)) {
 			efree(fullpath);
 			RETURN_FALSE;
 		}
@ -1648,8 +1641,7 @@ PHP_FUNCTION(sqlite_open)
 			}
 		}
-		if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
+		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 				php_check_open_basedir(fullpath TSRMLS_CC)) {
 			efree(fullpath);
 			zend_restore_error_handling(&error_handling TSRMLS_CC);
 			if (object) {
@ -1697,8 +1689,7 @@ PHP_FUNCTION(sqlite_factory)
 			RETURN_NULL();
 		}
-		if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
+		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 				php_check_open_basedir(fullpath TSRMLS_CC)) {
 			efree(fullpath);
 			zend_restore_error_handling(&error_handling TSRMLS_CC);
 			RETURN_NULL();
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@ -120,11 +120,13 @@ PHP_METHOD(sqlite3, open)
 			return;
 		}
 #if PHP_API_VERSION < 20100412
 		if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "safe_mode prohibits opening %s", fullpath);
 			efree(fullpath);
 			return;
 		}
 #endif
 		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 			zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "open_basedir prohibits opening %s", fullpath);
@ -158,7 +160,11 @@ PHP_METHOD(sqlite3, open)
 	}
 #endif
 #if PHP_API_VERSION < 20100412
 	if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
 #else
 	if (PG(open_basedir) && *PG(open_basedir)) {
 #endif
 		sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL);
 	}
@ -1779,14 +1785,18 @@ static zend_function_entry php_sqlite3_result_class_methods[] = {
 */
 static int php_sqlite3_authorizer(void *autharg, int access_type, const char *arg3, const char *arg4, const char *arg5, const char *arg6)
 {
 	TSRMLS_FETCH();
 	switch (access_type) {
 		case SQLITE_ATTACH:
 		{
 			if (strncmp(arg3, ":memory:", sizeof(":memory:")-1)) {
 				TSRMLS_FETCH();
 #if PHP_API_VERSION < 20100412
 				if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 					return SQLITE_DENY;
 				}
 #endif
 				if (php_check_open_basedir(arg3 TSRMLS_CC)) {
 					return SQLITE_DENY;
 				}
--- a/ext/sqlite3/tests/sqlite3_21_security.phpt
+++ b/ext/sqlite3/tests/sqlite3_21_security.phpt
@ -1,5 +1,5 @@
 --TEST--
-SQLite3 open_basedir / safe_mode checks
+SQLite3 open_basedir checks
 --SKIPIF--
 <?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
 --INI--
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@ -34,7 +34,6 @@
 #include "zend_operators.h"
 #include "ext/standard/php_dns.h"
 #include "ext/standard/php_uuencode.h"
 #include "safe_mode.h"
 #ifdef PHP_WIN32
 #include "win32/php_win32_globals.h"
@ -3351,41 +3350,6 @@ const zend_function_entry basic_functions[] = { /* {{{ */
 };
 /* }}} */
 static PHP_INI_MH(OnUpdateSafeModeProtectedEnvVars) /* {{{ */
 {
 	char *protected_vars, *protected_var;
 	char *token_buf;
 	int dummy = 1;
 	protected_vars = estrndup(new_value, new_value_length);
 	zend_hash_clean(&BG(sm_protected_env_vars));
 	protected_var = php_strtok_r(protected_vars, ", ", &token_buf);
 	while (protected_var) {
 		zend_hash_update(&BG(sm_protected_env_vars), protected_var, strlen(protected_var), &dummy, sizeof(int), NULL);
 		protected_var = php_strtok_r(NULL, ", ", &token_buf);
 	}
 	efree(protected_vars);
 	return SUCCESS;
 }
 /* }}} */
 static PHP_INI_MH(OnUpdateSafeModeAllowedEnvVars) /* {{{ */
 {
 	if (BG(sm_allowed_env_vars)) {
 		free(BG(sm_allowed_env_vars));
 	}
 	BG(sm_allowed_env_vars) = zend_strndup(new_value, new_value_length);
 	return SUCCESS;
 }
 /* }}} */
 PHP_INI_BEGIN() /* {{{ */
 	PHP_INI_ENTRY_EX("safe_mode_protected_env_vars", SAFE_MODE_PROTECTED_ENV_VARS, PHP_INI_SYSTEM, OnUpdateSafeModeProtectedEnvVars, NULL)
 	PHP_INI_ENTRY_EX("safe_mode_allowed_env_vars",   SAFE_MODE_ALLOWED_ENV_VARS,   PHP_INI_SYSTEM, OnUpdateSafeModeAllowedEnvVars,   NULL)
 PHP_INI_END()
 /* }}} */
 static const zend_module_dep standard_deps[] = { /* {{{ */
 	ZEND_MOD_OPTIONAL("session")
 	{NULL, NULL, NULL}
@ -3462,8 +3426,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /*
 	BG(left) = -1;
 	BG(user_tick_functions) = NULL;
 	BG(user_filter_map) = NULL;
 	zend_hash_init(&BG(sm_protected_env_vars), 5, NULL, NULL, 1);
 	BG(sm_allowed_env_vars) = NULL;
 	memset(&BG(url_adapt_state_ex), 0, sizeof(BG(url_adapt_state_ex)));
@ -3479,10 +3441,6 @@ static void basic_globals_ctor(php_basic_globals *basic_globals_p TSRMLS_DC) /*
 static void basic_globals_dtor(php_basic_globals *basic_globals_p TSRMLS_DC) /* {{{ */
 {
 	zend_hash_destroy(&BG(sm_protected_env_vars));
 	if (BG(sm_allowed_env_vars)) {
 		free(BG(sm_allowed_env_vars));
 	}
 	if (BG(url_adapt_state_ex).tags) {
 		zend_hash_destroy(BG(url_adapt_state_ex).tags);
 		free(BG(url_adapt_state_ex).tags);
@ -3594,8 +3552,6 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */
 	test_class_startup();
 #endif
 	REGISTER_INI_ENTRIES();
 	register_phpinfo_constants(INIT_FUNC_ARGS_PASSTHRU);
 	register_html_constants(INIT_FUNC_ARGS_PASSTHRU);
 	register_string_constants(INIT_FUNC_ARGS_PASSTHRU);
@ -3676,8 +3632,6 @@ PHP_MSHUTDOWN_FUNCTION(basic) /* {{{ */
 	php_unregister_url_stream_wrapper("ftp" TSRMLS_CC);
 #endif
 	UNREGISTER_INI_ENTRIES();
 	PHP_MSHUTDOWN(browscap)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
 	PHP_MSHUTDOWN(array)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
 	PHP_MSHUTDOWN(assert)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
@ -4061,39 +4015,6 @@ PHP_FUNCTION(putenv)
 		}
 #endif
 		if (PG(safe_mode)) {
 			/* Check the protected list */
 			if (zend_hash_exists(&BG(sm_protected_env_vars), pe.key, pe.key_len)) {
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", pe.key);
 				efree(pe.putenv_string);
 				efree(pe.key);
 				RETURN_FALSE;
 			}
 			/* Check the allowed list */
 			if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) {
 				char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars));
 				char *strtok_buf = NULL;
 				char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf);
 				zend_bool allowed = 0;
 				while (allowed_prefix) {
 					if (!strncmp(allowed_prefix, pe.key, strlen(allowed_prefix))) {
 						allowed = 1;
 						break;
 					}
 					allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf);
 				}
 				efree(allowed_env_vars);
 				if (!allowed) {
 					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", pe.key);
 					efree(pe.putenv_string);
 					efree(pe.key);
 					RETURN_FALSE;
 				}
 			}
 		}
 		zend_hash_del(&BG(putenv_ht), pe.key, pe.key_len+1);
 		/* find previous value */
@ -4694,7 +4615,7 @@ PHPAPI int _php_error_log_ex(int opt_err, char *message, int message_len, char *
 			break;
 		case 3:		/*save to a file */
-			stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+			stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | REPORT_ERRORS, NULL);
 			if (!stream) {
 				return FAILURE;
 			}
@ -5141,10 +5062,6 @@ PHP_FUNCTION(highlight_file)
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -5391,18 +5308,14 @@ PHP_FUNCTION(ini_set)
 	}
 #define _CHECK_PATH(var, var_len, ini) php_ini_check_path(var, var_len, ini, sizeof(ini))
-	/* safe_mode & basedir check */
+	/* open basedir check */
-	if (PG(safe_mode) || PG(open_basedir)) {
+	if (PG(open_basedir)) {
 		if (_CHECK_PATH(varname, varname_len, "error_log") ||
 			_CHECK_PATH(varname, varname_len, "java.class.path") ||
 			_CHECK_PATH(varname, varname_len, "java.home") ||
 			_CHECK_PATH(varname, varname_len, "mail.log") ||
 			_CHECK_PATH(varname, varname_len, "java.library.path") ||
 			_CHECK_PATH(varname, varname_len, "vpopmail.directory")) {
 			if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 				zval_dtor(return_value);
 				RETURN_FALSE;
 			}
 			if (php_check_open_basedir(new_value TSRMLS_CC)) {
 				zval_dtor(return_value);
 				RETURN_FALSE;
@ -5410,17 +5323,6 @@ PHP_FUNCTION(ini_set)
 		}
 	}
 	/* checks that ensure the user does not overwrite certain ini settings when safe_mode is enabled */
 	if (PG(safe_mode)) {
 		if (!strncmp("max_execution_time", varname, sizeof("max_execution_time")) ||
 			!strncmp("memory_limit", varname, sizeof("memory_limit")) ||
 			!strncmp("child_terminate", varname, sizeof("child_terminate"))
 		) {
 			zval_dtor(return_value);
 			RETURN_FALSE;
 		}
 	}
 	if (zend_alter_ini_entry_ex(varname, varname_len + 1, new_value, new_value_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME, 0 TSRMLS_CC) == FAILURE) {
 		zval_dtor(return_value);
 		RETURN_FALSE;
@ -5797,10 +5699,6 @@ PHP_FUNCTION(move_uploaded_file)
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) && (!php_checkuid(new_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(new_path TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
--- a/ext/standard/basic_functions.h
+++ b/ext/standard/basic_functions.h
@ -176,9 +176,6 @@ typedef struct _php_basic_globals {
 	zval *active_ini_file_section;
 	HashTable sm_protected_env_vars;
 	char *sm_allowed_env_vars;
 	/* pageinfo.c */
 	long page_uid;
 	long page_gid;
@ -240,11 +237,6 @@ typedef struct {
 } putenv_entry;
 #endif
 /* Values are comma-delimited
 */
 #define SAFE_MODE_PROTECTED_ENV_VARS	"LD_LIBRARY_PATH"
 #define SAFE_MODE_ALLOWED_ENV_VARS		"PHP_"
 PHPAPI double php_get_nan(void);
 PHPAPI double php_get_inf(void);
--- a/ext/standard/dir.c
+++ b/ext/standard/dir.c
@ -215,7 +215,7 @@ static void _php_do_opendir(INTERNAL_FUNCTION_PARAMETERS, int createobject)
 	context = php_stream_context_from_zval(zcontext, 0);
-	dirp = php_stream_opendir(dirname, ENFORCE_SAFE_MODE|REPORT_ERRORS, context);
+	dirp = php_stream_opendir(dirname, REPORT_ERRORS, context);
 	if (dirp == NULL) {
 		RETURN_FALSE;
@ -319,7 +319,7 @@ PHP_FUNCTION(chdir)
 		RETURN_FALSE;
 	}
-	if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
+	if (php_check_open_basedir(str TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
 	ret = VCWD_CHDIR(str);
@ -481,7 +481,7 @@ PHP_FUNCTION(glob)
 	/* now catch the FreeBSD style of "no matches" */
 	if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
 no_results:
-		if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+		if (PG(open_basedir) && *PG(open_basedir)) {
 			struct stat s;
 			if (0 != VCWD_STAT(pattern, &s) || S_IFDIR != (s.st_mode & S_IFMT)) {
@ -494,11 +494,8 @@ no_results:
 	array_init(return_value);
 	for (n = 0; n < globbuf.gl_pathc; n++) {
-		if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+		if (PG(open_basedir) && *PG(open_basedir)) {
-			if (PG(safe_mode) && (!php_checkuid_ex(globbuf.gl_pathv[n], NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS))) {
+			if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) {
 				basedir_limit = 1;
 				continue;
 			} else if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) {
 				basedir_limit = 1;
 				continue;
 			}
--- a/ext/standard/dl.c
+++ b/ext/standard/dl.c
@ -63,9 +63,6 @@ PHPAPI PHP_FUNCTION(dl)
 	if (!PG(enable_dl)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't enabled");
 		RETURN_FALSE;
 	} else if (PG(safe_mode)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Dynamically loaded extensions aren't allowed when running in Safe Mode");
 		RETURN_FALSE;
 	}
 	if (filename_len >= MAXPATHLEN) {
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@ -22,7 +22,6 @@
 #include "php.h"
 #include <ctype.h>
 #include "php_string.h"
 #include "safe_mode.h"
 #include "ext/standard/head.h"
 #include "ext/standard/file.h"
 #include "basic_functions.h"
@ -63,51 +62,21 @@ PHPAPI int php_exec(int type, char *cmd, zval *array, zval *return_value TSRMLS_
 	FILE *fp;
 	char *buf, *tmp=NULL;
 	int l = 0, pclose_return;
-	char *cmd_p, *b, *c, *d=NULL;
+	char *b, *c, *d=NULL;
 	php_stream *stream;
 	size_t buflen, bufl = 0;
 #if PHP_SIGCHILD
 	void (*sig_handler)() = NULL;
 #endif
 	if (PG(safe_mode)) {
 		if ((c = strchr(cmd, ' '))) {
 			*c = '\0';
 			c++;
 		}
 		if (strstr(cmd, "..")) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path");
 			goto err;
 		}
 		b = strrchr(cmd, PHP_DIR_SEPARATOR);
 #ifdef PHP_WIN32
 		if (b && *b == '\\' && b == cmd) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path.");
 			goto err;
 		}
 #endif
 		spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : ""));
 		if (c) {
 			*(c - 1) = ' ';
 		}
 		cmd_p = php_escape_shell_cmd(d);
 		efree(d);
 		d = cmd_p;
 	} else {
 		cmd_p = cmd;
 	}
 #if PHP_SIGCHILD
 	sig_handler = signal (SIGCHLD, SIG_DFL);
 #endif
 #ifdef PHP_WIN32
-	fp = VCWD_POPEN(cmd_p, "rb");
+	fp = VCWD_POPEN(cmd, "rb");
 #else
-	fp = VCWD_POPEN(cmd_p, "r");
+	fp = VCWD_POPEN(cmd, "r");
 #endif
 	if (!fp) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd);
@ -484,11 +453,6 @@ PHP_FUNCTION(shell_exec)
 		return;
 	}
 	if (PG(safe_mode)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute using backquotes in Safe Mode");
 		RETURN_FALSE;
 	}
 #ifdef PHP_WIN32
 	if ((in=VCWD_POPEN(command, "rt"))==NULL) {
 #else
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@ -70,7 +70,6 @@
 #endif
 #include "ext/standard/head.h"
 #include "safe_mode.h"
 #include "php_string.h"
 #include "file.h"
@ -386,7 +385,7 @@ PHP_FUNCTION(get_meta_tags)
 	}
 	md.stream = php_stream_open_wrapper(filename, "rb",
-			(use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS,
+			(use_include_path ? USE_PATH : 0) | REPORT_ERRORS,
 			NULL);
 	if (!md.stream)	{
 		RETURN_FALSE;
@ -546,7 +545,7 @@ PHP_FUNCTION(file_get_contents)
 	context = php_stream_context_from_zval(zcontext, 0);
 	stream = php_stream_open_wrapper_ex(filename, "rb",
-				(use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS,
+				(use_include_path ? USE_PATH : 0) | REPORT_ERRORS,
 				NULL, context);
 	if (!stream) {
 		RETURN_FALSE;
@ -615,7 +614,7 @@ PHP_FUNCTION(file_put_contents)
 	}
 	mode[2] = '\0';
-	stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+	stream = php_stream_open_wrapper_ex(filename, mode, ((flags & PHP_FILE_USE_INCLUDE_PATH) ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
 	if (stream == NULL) {
 		RETURN_FALSE;
 	}
@ -750,7 +749,7 @@ PHP_FUNCTION(file)
 	context = php_stream_context_from_zval(zcontext, flags & PHP_FILE_NO_DEFAULT_CONTEXT);
-	stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+	stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
 	if (!stream) {
 		RETURN_FALSE;
 	}
@ -836,10 +835,6 @@ PHP_FUNCTION(tempnam)
 		return;
 	}
 	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(dir TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -896,7 +891,7 @@ PHP_NAMED_FUNCTION(php_if_fopen)
 	context = php_stream_context_from_zval(zcontext, 0);
-	stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+	stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
 	if (stream == NULL) {
 		RETURN_FALSE;
@ -942,7 +937,7 @@ PHP_FUNCTION(popen)
 	int command_len, mode_len;
 	FILE *fp;
 	php_stream *stream;
-	char *posix_mode, *b, *buf = 0, *tmp;
+	char *posix_mode, *buf = 0;
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &command, &command_len, &mode, &mode_len) == FAILURE) {
 		return;
@ -957,49 +952,14 @@ PHP_FUNCTION(popen)
 		}
 	}
 #endif
 	if (PG(safe_mode)){
 		b = strchr(command, ' ');
 		if (!b) {
 			b = strrchr(command, '/');
 		} else {
 			char *c;
-			c = command;
+	fp = VCWD_POPEN(command, posix_mode);
-			while((*b != '/') && (b != c)) {
+	if (!fp) {
-				b--;
+		php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno));
-			}
+		efree(posix_mode);
-			if (b == c) {
+		RETURN_FALSE;
 				b = NULL;
 			}
 		}
 		if (b) {
 			spprintf(&buf, 0, "%s%s", PG(safe_mode_exec_dir), b);
 		} else {
 			spprintf(&buf, 0, "%s/%s", PG(safe_mode_exec_dir), command);
 		}
 		tmp = php_escape_shell_cmd(buf);
 		fp = VCWD_POPEN(tmp, posix_mode);
 		efree(tmp);
 		if (!fp) {
 			php_error_docref2(NULL TSRMLS_CC, buf, posix_mode, E_WARNING, "%s", strerror(errno));
 			efree(posix_mode);
 			efree(buf);
 			RETURN_FALSE;
 		}
 		efree(buf);
 	} else {
 		fp = VCWD_POPEN(command, posix_mode);
 		if (!fp) {
 			php_error_docref2(NULL TSRMLS_CC, command, posix_mode, E_WARNING, "%s", strerror(errno));
 			efree(posix_mode);
 			RETURN_FALSE;
 		}
 	}
 	stream = php_stream_fopen_from_pipe(fp, mode);
 	if (stream == NULL)	{
@ -1361,10 +1321,6 @@ PHPAPI int php_mkdir_ex(char *dir, long mode, int options TSRMLS_DC)
 {
 	int ret;
 	if (PG(safe_mode) && (!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		return -1;
 	}
 	if (php_check_open_basedir(dir TSRMLS_CC)) {
 		return -1;
 	}
@ -1440,7 +1396,7 @@ PHP_FUNCTION(readfile)
 	context = php_stream_context_from_zval(zcontext, 0);
-	stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+	stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, context);
 	if (stream) {
 		size = php_stream_passthru(stream);
 		php_stream_close(stream);
@ -1561,7 +1517,7 @@ PHP_FUNCTION(unlink)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s does not allow unlinking", wrapper->wops->label ? wrapper->wops->label : "Wrapper");
 		RETURN_FALSE;
 	}
-	RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, ENFORCE_SAFE_MODE | REPORT_ERRORS, context TSRMLS_CC));
+	RETURN_BOOL(wrapper->wops->unlink(wrapper, filename, REPORT_ERRORS, context TSRMLS_CC));
 }
 /* }}} */
@ -1684,10 +1640,6 @@ PHP_FUNCTION(copy)
 		return;
 	}
 	if (PG(safe_mode) &&(!php_checkuid(source, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(source TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -1704,13 +1656,13 @@ PHP_FUNCTION(copy)
 PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC) /* {{{ */
 {
-	return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC);
+	return php_copy_file_ex(src, dest, 0 TSRMLS_CC);
 }
 /* }}} */
 /* {{{ php_copy_file
 */
-PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC)
+PHPAPI int php_copy_file_ex(char *src, char *dest, int src_flg TSRMLS_DC)
 {
 	php_stream *srcstream = NULL, *deststream = NULL;
 	int ret = FAILURE;
@ -1781,13 +1733,13 @@ no_stat:
 	}
 safe_to_copy:
-	srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL);
+	srcstream = php_stream_open_wrapper(src, "rb", src_flg | REPORT_ERRORS, NULL);
 	if (!srcstream) {
 		return ret;
 	}
-	deststream = php_stream_open_wrapper(dest, "wb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+	deststream = php_stream_open_wrapper(dest, "wb", REPORT_ERRORS, NULL);
 	if (srcstream && deststream) {
 		ret = php_stream_copy_to_stream_ex(srcstream, deststream, PHP_STREAM_COPY_ALL, NULL);
@ -2376,10 +2328,6 @@ PHP_FUNCTION(realpath)
 	}
 	if (VCWD_REALPATH(filename, resolved_path_buff)) {
 		if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			RETURN_FALSE;
 		}
 		if (php_check_open_basedir(resolved_path_buff TSRMLS_CC)) {
 			RETURN_FALSE;
 		}
--- a/ext/standard/filestat.c
+++ b/ext/standard/filestat.c
@ -19,7 +19,6 @@
 /* $Id$ */
 #include "php.h"
 #include "safe_mode.h"
 #include "fopen_wrappers.h"
 #include "php_globals.h"
@ -434,10 +433,6 @@ static void php_do_chgrp(INTERNAL_FUNCTION_PARAMETERS, int do_lchgrp) /* {{{ */
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
 		RETURN_FALSE;
 	}
 	/* Check the basedir */
 	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		RETURN_FALSE;
@ -535,10 +530,6 @@ static void php_do_chown(INTERNAL_FUNCTION_PARAMETERS, int do_lchown) /* {{{ */
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
 		RETURN_FALSE;
 	}
 	/* Check the basedir */
 	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		RETURN_FALSE;
@ -603,36 +594,12 @@ PHP_FUNCTION(chmod)
 		return;
 	}
 	if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
 		RETURN_FALSE;
 	}
 	/* Check the basedir */
 	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
 	imode = (mode_t) mode;
 	/* In safe mode, do not allow to setuid files.
 	 * Setuiding files could allow users to gain privileges
 	 * that safe mode doesn't give them. */
 	if (PG(safe_mode)) {
 		php_stream_statbuf ssb;
 		if (php_stream_stat_path_ex(filename, 0, &ssb, NULL)) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "stat failed for %s", filename);
 			RETURN_FALSE;
 		}
 		if ((imode & 04000) != 0 && (ssb.sb.st_mode & 04000) == 0) {
 			imode ^= 04000;
 		}
 		if ((imode & 02000) != 0 && (ssb.sb.st_mode & 02000) == 0) {
 			imode ^= 02000;
 		}
 		if ((imode & 01000) != 0 && (ssb.sb.st_mode & 01000) == 0) {
 			imode ^= 01000;
 		}
 	}
 	ret = VCWD_CHMOD(filename, imode);
 	if (ret == -1) {
@ -680,11 +647,6 @@ PHP_FUNCTION(touch)
 			WRONG_PARAM_COUNT;
 	}
 	/* Safe-mode */
 	if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	/* Check the basedir */
 	if (php_check_open_basedir(filename TSRMLS_CC)) {
 		RETURN_FALSE;
@ -771,28 +733,13 @@ PHPAPI void php_stat(const char *filename, php_stat_len filename_length, int typ
 	};
 	char *local;
 	php_stream_wrapper *wrapper;
 	char safe_mode_buf[MAXPATHLEN];
 	if (!filename_length) {
 		RETURN_FALSE;
 	}
-	if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper) {
+	if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper && php_check_open_basedir(local TSRMLS_CC)) {
-		if (php_check_open_basedir(local TSRMLS_CC)) {
+		RETURN_FALSE;
 			RETURN_FALSE;
 		} else if (PG(safe_mode)) {
 			if (type == FS_IS_X) {
 				if (strstr(local, "..")) {
 					RETURN_FALSE;
 				} else {
 					char *b = strrchr(local, PHP_DIR_SEPARATOR);
 					snprintf(safe_mode_buf, MAXPATHLEN, "%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : local));
 					local = (char *)&safe_mode_buf;
 				}
 			} else if (!php_checkuid_ex(local, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS, CHECKUID_NO_ERRORS)) {
 				RETURN_FALSE;
 			}
 		}
 	}
 	if (IS_ACCESS_CHECK(type)) {
--- a/ext/standard/fsock.c
+++ b/ext/standard/fsock.c
@ -76,7 +76,7 @@ static void php_fsockopen_stream(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 		ZVAL_STRING(zerrstr, "", 1);
 	}
-	stream = php_stream_xport_create(hostname, hostname_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
+	stream = php_stream_xport_create(hostname, hostname_len, REPORT_ERRORS,
 			STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, hashkey, &tv, NULL, &errstr, &err);
 	if (port > 0) {
--- a/ext/standard/ftok.c
+++ b/ext/standard/ftok.c
@ -47,9 +47,9 @@ PHP_FUNCTION(ftok)
 	if (proj_len != 1){
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Project identifier is invalid");
 		RETURN_LONG(-1);
-    }
+	}
-	if ((PG(safe_mode) && (!php_checkuid(pathname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pathname TSRMLS_CC)) {
+	if (php_check_open_basedir(pathname TSRMLS_CC)) {
 		RETURN_LONG(-1);
 	}
--- a/ext/standard/head.c
+++ b/ext/standard/head.c
@ -31,7 +31,6 @@
 #endif
 #include "php_globals.h"
 #include "safe_mode.h"
 /* Implementation of the language Header() function */
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@ -131,7 +131,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
 			Z_TYPE_PP(tmpzval) != IS_STRING ||
 			Z_STRLEN_PP(tmpzval) <= 0) {
 			php_url_free(resource);
-			return php_stream_open_wrapper_ex(path, mode, ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
+			return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
 		}
 		/* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
 		request_fulluri = 1;
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@ -1313,7 +1313,7 @@ PHP_FUNCTION(getimagesize)
 		array_init(*info);
 	}
-	stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|ENFORCE_SAFE_MODE, NULL);
+	stream = php_stream_open_wrapper(arg1, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH, NULL);
 	if (!stream) {
 		RETURN_FALSE;
--- a/ext/standard/iptc.c
+++ b/ext/standard/iptc.c
@ -190,10 +190,6 @@ PHP_FUNCTION(iptcembed)
 		return;
 	}
 	if (PG(safe_mode) && (!php_checkuid(jpeg_file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(jpeg_file TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@ -47,7 +47,6 @@
 #include <errno.h>
 #include <ctype.h>
 #include "safe_mode.h"
 #include "php_link.h"
 #include "php_string.h"
@ -64,10 +63,6 @@ PHP_FUNCTION(readlink)
 		return;
 	}
 	if (PG(safe_mode) && !php_checkuid(link, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(link TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -144,14 +139,6 @@ PHP_FUNCTION(symlink)
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(dest_p TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -200,14 +187,6 @@ PHP_FUNCTION(link)
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
 		RETURN_FALSE;
 	}
 	if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
 		RETURN_FALSE;
 	}
 	if (php_check_open_basedir(dest_p TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
--- a/ext/standard/link_win32.c
+++ b/ext/standard/link_win32.c
@ -39,7 +39,6 @@
 #include <errno.h>
 #include <ctype.h>
 #include "safe_mode.h"
 #include "php_link.h"
 #include "php_string.h"
@ -91,7 +90,7 @@ PHP_FUNCTION(readlink)
 		return;
 	}
-	if (OPENBASEDIR_CHECKPATH(link)) {
+	if (php_check_open_basedir(link TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
 	if (!expand_filepath(link, path_resolved TSRMLS_CC)) {
@ -209,11 +208,11 @@ PHP_FUNCTION(symlink)
 		RETURN_FALSE;
 	}
-	if (OPENBASEDIR_CHECKPATH(dest_p)) {
+	if (php_check_open_basedir(dest_p TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
-	if (OPENBASEDIR_CHECKPATH(source_p)) {
+	if (php_check_open_basedir(source_p TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
@ -264,11 +263,11 @@ PHP_FUNCTION(link)
 		RETURN_FALSE;
 	}
-	if (OPENBASEDIR_CHECKPATH(source_p)) {
+	if (php_check_open_basedir(source_p TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
-	if (OPENBASEDIR_CHECKPATH(dest_p)) {
+	if (php_check_open_basedir(dest_p TSRMLS_CC)) {
 		RETURN_FALSE;
 	}
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@ -41,7 +41,6 @@
 #include "php_mail.h"
 #include "php_ini.h"
 #include "safe_mode.h"
 #include "exec.h"
 #ifdef PHP_WIN32
@ -105,14 +104,7 @@ PHP_FUNCTION(mail)
 	char *to_r, *subject_r;
 	char *p, *e;
-	if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss",	&to, &to_len, &subject, &subject_len, &message, &message_len, &headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect.  The fifth parameter is disabled in SAFE MODE");
 		RETURN_FALSE;
 	}
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss",	&to, &to_len, &subject, &subject_len, &message, &message_len,
 																	&headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE
 	) {
 		return;
 	}
--- a/ext/standard/md5.c
+++ b/ext/standard/md5.c
@ -89,7 +89,7 @@ PHP_NAMED_FUNCTION(php_if_md5_file)
 		return;
 	}
-	stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
+	stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
 	if (!stream) {
 		RETURN_FALSE;
 	}
--- a/ext/standard/pack.c
+++ b/ext/standard/pack.c
@ -39,7 +39,6 @@
 #include <sys/param.h>
 #endif
 #include "ext/standard/head.h"
 #include "safe_mode.h"
 #include "php_string.h"
 #include "pack.h"
 #if HAVE_PWD_H
--- a/ext/standard/proc_open.c
+++ b/ext/standard/proc_open.c
@ -28,7 +28,6 @@
 #include <stdio.h>
 #include <ctype.h>
 #include "php_string.h"
 #include "safe_mode.h"
 #include "ext/standard/head.h"
 #include "ext/standard/basic_functions.h"
 #include "ext/standard/file.h"
@ -153,33 +152,6 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent
 				if (string_length == 0) {
 					continue;
 				}
 				if (PG(safe_mode)) {
 					/* Check the protected list */
 					if (zend_hash_exists(&BG(sm_protected_env_vars), string_key, string_length - 1)) {
 						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", string_key);
 						return env;
 					}
 					/* Check the allowed list */
 					if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) {
 						char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars));
 						char *strtok_buf = NULL;
 						char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf);
 						zend_bool allowed = 0;
 						while (allowed_prefix) {
 							if (!strncmp(allowed_prefix, string_key, strlen(allowed_prefix))) {
 								allowed = 1;
 								break;
 							}
 							allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf);
 						}
 						efree(allowed_env_vars);
 						if (!allowed) {
 							php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", string_key);
 							return env;
 						}
 					}
 				}
 				l = string_length + el_len + 1;
 				memcpy(p, string_key, string_length);
@ -278,53 +250,6 @@ static void proc_open_rsrc_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC)
 }
 /* }}} */
 /* {{{ php_make_safe_mode_command */
 static int php_make_safe_mode_command(char *cmd, char **safecmd, int is_persistent TSRMLS_DC)
 {
 	int lcmd, larg0;
 	char *space, *sep, *arg0;
 	if (!PG(safe_mode)) {
 		*safecmd = pestrdup(cmd, is_persistent);
 		return SUCCESS;
 	}
 	lcmd = strlen(cmd);
 	arg0 = estrndup(cmd, lcmd);
 	space = memchr(arg0, ' ', lcmd);
 	if (space) {
 		*space = '\0';
 		larg0 = space - arg0;
 	} else {
 		larg0 = lcmd;
 	}
 	if (php_memnstr(arg0, "..", sizeof("..")-1, arg0 + larg0)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path");
 		efree(arg0);
 		return FAILURE;
 	}
 	sep = zend_memrchr(arg0, PHP_DIR_SEPARATOR, larg0);
 	spprintf(safecmd, 0, "%s%s%s%s", PG(safe_mode_exec_dir), (sep ? sep : "/"), (sep ? "" : arg0), (space ? cmd + larg0 : ""));
 	efree(arg0);
 	arg0 = php_escape_shell_cmd(*safecmd);
 	efree(*safecmd);
 	if (is_persistent) {
 		*safecmd = pestrdup(arg0, 1);
 		efree(arg0);
 	} else {
 		*safecmd = arg0;
 	}
 	return SUCCESS;
 }
 /* }}} */
 /* {{{ PHP_MINIT_FUNCTION(proc_open) */
 PHP_MINIT_FUNCTION(proc_open)
 {
@ -541,9 +466,7 @@ PHP_FUNCTION(proc_open)
 		RETURN_FALSE;
 	}
-	if (FAILURE == php_make_safe_mode_command(command, &command, is_persistent TSRMLS_CC)) {
+	command = pestrdup(command, is_persistent);
 		RETURN_FALSE;
 	}
 #ifdef PHP_WIN32
 	if (other_options) {
@ -695,7 +618,7 @@ PHP_FUNCTION(proc_open)
 				/* try a wrapper */
 				stream = php_stream_open_wrapper(Z_STRVAL_PP(zfile), Z_STRVAL_PP(zmode),
-						ENFORCE_SAFE_MODE|REPORT_ERRORS|STREAM_WILL_CAST, NULL);
+						REPORT_ERRORS|STREAM_WILL_CAST, NULL);
 				/* force into an fd */
 				if (stream == NULL || FAILURE == php_stream_cast(stream,
--- a/ext/standard/sha1.c
+++ b/ext/standard/sha1.c
@ -79,7 +79,7 @@ PHP_FUNCTION(sha1_file)
 		return;
 	}
-	stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL);
+	stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
 	if (!stream) {
 		RETURN_FALSE;
 	}
--- a/ext/standard/streamsfuncs.c
+++ b/ext/standard/streamsfuncs.c
@ -128,7 +128,7 @@ PHP_FUNCTION(stream_socket_client)
 		ZVAL_STRING(zerrstr, "", 1);
 	}
-	stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
+	stream = php_stream_xport_create(host, host_len, REPORT_ERRORS,
 			STREAM_XPORT_CLIENT | (flags & PHP_STREAM_CLIENT_CONNECT ? STREAM_XPORT_CONNECT : 0) |
 			(flags & PHP_STREAM_CLIENT_ASYNC_CONNECT ? STREAM_XPORT_CONNECT_ASYNC : 0),
 			hashkey, &tv, context, &errstr, &err);
@ -204,7 +204,7 @@ PHP_FUNCTION(stream_socket_server)
 		ZVAL_STRING(zerrstr, "", 1);
 	}
-	stream = php_stream_xport_create(host, host_len, ENFORCE_SAFE_MODE | REPORT_ERRORS,
+	stream = php_stream_xport_create(host, host_len, REPORT_ERRORS,
 			STREAM_XPORT_SERVER | flags,
 			NULL, NULL, context, &errstr, &err);
--- a/ext/standard/tests/file/bug22414.phpt
+++ b/ext/standard/tests/file/bug22414.phpt
@ -1,7 +1,6 @@
 --TEST--
 Bug #22414 (passthru() does not read data correctly)
 --INI--
 safe_mode=
 output_handler=
 --FILE--
 <?php
--- a/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt
+++ b/ext/standard/tests/general_functions/get_cfg_var_variation8.phpt
@ -4,17 +4,17 @@ Test function get_cfg_var() by calling deprecated option
 Francesco Fullone ff@ideato.it
 #PHPTestFest Cesena Italia on 2009-06-20
 --INI--
-safe_mode=1
+magic_quotes_gpc=1
 --SKIPIF--
 <?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?>
 --FILE--
 <?php
 echo "*** Test by calling method or function with deprecated option ***\n";
-var_dump(get_cfg_var( 'safe_mode' ) );
+var_dump(get_cfg_var( 'magic_quotes_gpc' ) );
 ?>
 --EXPECTF--
-Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in %s on line 0
+Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in %s on line 0
 *** Test by calling method or function with deprecated option ***
 string(1) "1"
--- a/ext/standard/tests/general_functions/putenv_error1.phpt
+++ b/ext/standard/tests/general_functions/putenv_error1.phpt
@ -5,6 +5,8 @@ Brian DeShong <brian@deshong.net>
 --INI--
 safe_mode=1
 safe_mode_allowed_env_vars=TESTING_
 --SKIPIF--
 <?php if (PHP_VERSION_ID < 503099) { die('SKIP Safe mode is no longer available'); } ?>
 --FILE--
 <?php
 putenv('FOO=bar');
--- a/ext/standard/tests/general_functions/putenv_error2.phpt
+++ b/ext/standard/tests/general_functions/putenv_error2.phpt
@ -5,6 +5,8 @@ Brian DeShong <brian@deshong.net>
 --INI--
 safe_mode=1
 safe_mode_protected_env_vars=FOO,BAZ
 --SKIPIF--
 <?php if (PHP_VERSION_ID < 503099) { die('SKIP Safe mode is no longer available'); } ?>
 --FILE--
 <?php
 putenv('FOO=bar');
--- a/ext/tidy/tidy.c
+++ b/ext/tidy/tidy.c
@ -29,7 +29,6 @@
 #include "php_ini.h"
 #include "ext/standard/info.h"
 #include "safe_mode.h"
 #include "tidy.h"
 #include "buffio.h"
@ -74,7 +73,7 @@
            _php_tidy_apply_config_array(_doc, HASH_OF(*_val) TSRMLS_CC); \
        } else { \
            convert_to_string_ex(_val); \
-            TIDY_SAFE_MODE_CHECK(Z_STRVAL_PP(_val)); \
+            TIDY_OPEN_BASE_DIR_CHECK(Z_STRVAL_PP(_val)); \
            switch (tidyLoadConfig(_doc, Z_STRVAL_PP(_val))) { \
              case -1: \
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not load configuration file '%s'", Z_STRVAL_PP(_val)); \
@ -156,8 +155,8 @@
       zend_hash_update(_table, #_key, sizeof(#_key), (void *)&tmp, sizeof(zval *), NULL); \
   }
-#define TIDY_SAFE_MODE_CHECK(filename) \
+#define TIDY_OPEN_BASE_DIR_CHECK(filename) \
-if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { \
+if (php_check_open_basedir(filename TSRMLS_CC)) { \
 	RETURN_FALSE; \
 } \
@ -641,7 +640,7 @@ static char *php_tidy_file_to_mem(char *filename, zend_bool use_include_path, in
 	php_stream *stream;
 	char *data = NULL;
-	if (!(stream = php_stream_open_wrapper(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE, NULL))) {
+	if (!(stream = php_stream_open_wrapper(filename, "rb", (use_include_path ? USE_PATH : 0), NULL))) {
 		return NULL;
 	}
 	if ((*len = (int) php_stream_copy_to_mem(stream, &data, PHP_STREAM_COPY_ALL, 0)) == 0) {
--- a/ext/xmlwriter/php_xmlwriter.c
+++ b/ext/xmlwriter/php_xmlwriter.c
@ -679,7 +679,7 @@ static void *php_xmlwriter_streams_IO_open_write_wrapper(const char *filename TS
 	php_stream_wrapper *wrapper = NULL;
 	void *ret_val = NULL;
-	ret_val = php_stream_open_wrapper_ex((char *)filename, "wb", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, NULL);
+	ret_val = php_stream_open_wrapper_ex((char *)filename, "wb", REPORT_ERRORS, NULL, NULL);
 	return ret_val;
 }
 /* }}} */
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@ -184,7 +184,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 		php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
-		if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
+		if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
 			efree(file_dirname_fullpath);
 			efree(file_basename);
 			free(new_state.cwd);
@ -238,7 +238,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 	 * is required, does a file can have a different
 	 * safemode status as its parent folder?
 	 */
-	if (OPENBASEDIR_CHECKPATH(fullpath)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(fullpath)) {
 		efree(fullpath);
 		efree(file_dirname_fullpath);
 		efree(file_basename);
@ -255,7 +255,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 		return 0;
 	}
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
 	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
 	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
@ -288,7 +288,7 @@ static int php_zip_add_file(struct zip *za, const char *filename, int filename_l
 	char resolved_path[MAXPATHLEN];
-	if (OPENBASEDIR_CHECKPATH(filename)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 		return -1;
 	}
@ -530,7 +530,7 @@ int php_zip_glob(char *pattern, int pattern_len, long flags, zval *return_value
 	/* we assume that any glob pattern will match files from one directory only
 	   so checking the dirname of the first match should be sufficient */
 	strncpy(cwd, globbuf.gl_pathv[0], MAXPATHLEN);
-	if (OPENBASEDIR_CHECKPATH(cwd)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(cwd)) {
 		return -1;
 	}
@ -592,7 +592,7 @@ int php_zip_pcre(char *regexp, int regexp_len, char *path, int path_len, zval *r
 	} 
 #endif
-	if (OPENBASEDIR_CHECKPATH(path)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(path)) {
 		return -1;
 	}
@ -1163,7 +1163,7 @@ static PHP_NAMED_FUNCTION(zif_zip_open)
 		RETURN_FALSE;
 	}
-	if (OPENBASEDIR_CHECKPATH(filename)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 		RETURN_FALSE;
 	}
@ -1452,7 +1452,7 @@ static ZIPARCHIVE_METHOD(open)
 		RETURN_FALSE;
 	}
-	if (OPENBASEDIR_CHECKPATH(filename)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 		RETURN_FALSE;
 	}
--- a/ext/zip/php_zip.h
+++ b/ext/zip/php_zip.h
@ -43,12 +43,12 @@ extern zend_module_entry zip_module_entry;
 # endif
 #endif
-/* {{{ OPENBASEDIR_CHECKPATH(filename) */
+/* {{{ ZIP_OPENBASEDIR_CHECKPATH(filename) */
-#if (PHP_MAJOR_VERSION < 6)
+#if PHP_API_VERSION < 20100412
-# define OPENBASEDIR_CHECKPATH(filename) \
+# define ZIP_OPENBASEDIR_CHECKPATH(filename) \
 	(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
 #else
-#define OPENBASEDIR_CHECKPATH(filename) \
+#define ZIP_OPENBASEDIR_CHECKPATH(filename) \
 	php_check_open_basedir(filename TSRMLS_CC)
 #endif
 /* }}} */
--- a/ext/zip/zip_stream.c
+++ b/ext/zip/zip_stream.c
@ -120,7 +120,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D
 	}
 	if (filename) {
-		if (OPENBASEDIR_CHECKPATH(filename)) {
+		if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 			return NULL;
 		}
@ -201,7 +201,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper,
 	php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
 	fragment++;
-	if (OPENBASEDIR_CHECKPATH(file_dirname)) {
+	if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname)) {
 		efree(file_basename);
 		return NULL;
 	}
--- a/ext/zlib/zlib.c
+++ b/ext/zlib/zlib.c
@ -44,7 +44,6 @@
 #endif
 #include "ext/standard/head.h"
 #include "safe_mode.h"
 #include "ext/standard/php_standard.h"
 #include "ext/standard/info.h"
 #include "php_zlib.h"
@ -373,7 +372,7 @@ static PHP_FUNCTION(gzfile)
 	use_include_path = flags ? USE_PATH : 0;
 	/* using a stream here is a bit more efficient (resource wise) than php_gzopen_wrapper */
-	stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
+	stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
 	if (stream == NULL) {
 		/* Error reporting is already done by stream code */
 		RETURN_FALSE;
@ -415,7 +414,7 @@ static PHP_FUNCTION(gzopen)
 	use_include_path = flags ? USE_PATH : 0;
-	stream = php_stream_gzopen(NULL, filename, mode, use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
+	stream = php_stream_gzopen(NULL, filename, mode, use_include_path | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC);
 	if (!stream) {
 		RETURN_FALSE;
@ -444,7 +443,7 @@ static PHP_FUNCTION(readgzfile)
 	use_include_path = flags ? USE_PATH : 0;
-	stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE, NULL, NULL STREAMS_CC TSRMLS_CC);
+	stream = php_stream_gzopen(NULL, filename, "rb", use_include_path, NULL, NULL STREAMS_CC TSRMLS_CC);
 	if (!stream) {
 		RETURN_FALSE;
 	}
--- a/main/SAPI.c
+++ b/main/SAPI.c
@ -674,75 +674,12 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
 					}
 				}
 			} else if (!STRCASECMP(header_line, "WWW-Authenticate")) { /* HTTP Authentication */
 				sapi_update_response_code(401 TSRMLS_CC); /* authentication-required */
-				if(PG(safe_mode)) 
+				myuid = php_getuid(TSRMLS_C);
-#if (HAVE_PCRE || HAVE_BUNDLED_PCRE) && !defined(COMPILE_DL_PCRE)
+				efree(header_line);
 				{
 					zval *repl_temp;
 					char *ptr = colon_offset+1, *result, *newheader;
 					int ptr_len=0, result_len = 0, newlen = 0;
-					/* skip white space */
+				sapi_header.header_len = spprintf(&sapi_header.header, 0, "WWW-Authenticate: Basic realm=\"%ld\"", myuid);
 					while (isspace(*ptr)) {
 						ptr++;
 					}
 					myuid = php_getuid(TSRMLS_C);
 					ptr_len = strlen(ptr);
 					MAKE_STD_ZVAL(repl_temp);
 					Z_TYPE_P(repl_temp) = IS_STRING;
 					Z_STRLEN_P(repl_temp) = spprintf(&Z_STRVAL_P(repl_temp), 0, "realm=\"\\1-%ld\"", myuid);
 					/* Modify quoted realm value */
 					result = php_pcre_replace("/realm=\"(.*?)\"/i", 16,
 											 ptr, ptr_len,
 											 repl_temp,
 											 0, &result_len, -1, NULL TSRMLS_CC);
 					if(result_len==ptr_len) {
 						efree(result);
 						efree(Z_STRVAL_P(repl_temp));
 						Z_STRLEN_P(repl_temp) = spprintf(&Z_STRVAL_P(repl_temp), 0, "realm=\\1-%ld\\2", myuid);
 						/* modify unquoted realm value */
 						result = php_pcre_replace("/realm=([^\\s]+)(.*)/i", 21, 
 											 	ptr, ptr_len,
 											 	repl_temp,
 											 	0, &result_len, -1, NULL TSRMLS_CC);
 						if(result_len==ptr_len) {
 							char *lower_temp = estrdup(ptr);	
 							char conv_temp[32];
 							int conv_len;
 							php_strtolower(lower_temp,strlen(lower_temp));
 							/* If there is no realm string at all, append one */
 							if(!strstr(lower_temp,"realm")) {
 								efree(result);
 								conv_len = slprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
 								result = emalloc(ptr_len+conv_len+1);
 								result_len = ptr_len+conv_len;
 								memcpy(result, ptr, ptr_len);	
 								memcpy(result+ptr_len, conv_temp, conv_len);
 								*(result+ptr_len+conv_len) = '\0';
 							}
 							efree(lower_temp);
 						}
 					}
 					newlen = spprintf(&newheader, 0, "WWW-Authenticate: %s", result);
 					efree(header_line);
 					sapi_header.header = newheader;
 					sapi_header.header_len = newlen;
 					efree(result);
 					efree(Z_STRVAL_P(repl_temp));
 					efree(repl_temp);
 				} 
 #else
 				{
 					myuid = php_getuid();
 					efree(header_line);
 					sapi_header.header_len = spprintf(&sapi_header.header, 0, "WWW-Authenticate: Basic realm=\"%ld\"", myuid);
 				}
 #endif
 			}
 			if (sapi_header.header==header_line) {
 				*colon_offset = ':';
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@ -39,7 +39,6 @@
 #include <sys/param.h>
 #endif
 #include "safe_mode.h"
 #include "ext/standard/head.h"
 #include "ext/standard/php_standard.h"
 #include "zend_compile.h"
@ -312,55 +311,6 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
 }
 /* }}} */
 /* {{{ php_check_safe_mode_include_dir
 */
 PHPAPI int php_check_safe_mode_include_dir(const char *path TSRMLS_DC)
 {
 	if (PG(safe_mode)) {
 		if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) {
 			char *pathbuf;
 			char *ptr;
 			char *end;
 			char resolved_name[MAXPATHLEN];
 			/* Resolve the real path into resolved_name */
 			if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) {
 				return -1;
 			}
 			pathbuf = estrdup(PG(safe_mode_include_dir));
 			ptr = pathbuf;
 			while (ptr && *ptr) {
 				end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
 				if (end != NULL) {
 					*end = '\0';
 					end++;
 				}
 				/* Check the path */
 #ifdef PHP_WIN32
 				if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0)
 #else
 				if (strncmp(ptr, resolved_name, strlen(ptr)) == 0)
 #endif
 				{
 					/* File is in the right directory */
 					efree(pathbuf);
 					return 0;
 				}
 				ptr = end;
 			}
 			efree(pathbuf);
 		}
 		return -1;
 	}
 	/* Nothing to check... */
 	return 0;
 }
 /* }}} */
 /* {{{ php_fopen_and_set_opened_path
 */
 static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, char **opened_path TSRMLS_DC)
@ -650,7 +600,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
 	char *pathbuf, *ptr, *end;
 	char *exec_fname;
 	char trypath[MAXPATHLEN];
 	struct stat sb;
 	FILE *fp;
 	int path_length;
 	int filename_length;
@ -668,33 +617,15 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
 	/* Relative path open */
 	if (*filename == '.') {
 		if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
 			return NULL;
 		}
 		return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
 	}
 	/*
 	 * files in safe_mode_include_dir (or subdir) are excluded from
 	 * safe mode GID/UID checks
 	 */
 	/* Absolute path open */
 	if (IS_ABSOLUTE_PATH(filename, filename_length)) {
 		if (php_check_safe_mode_include_dir(filename TSRMLS_CC) == 0) {
 			/* filename is in safe_mode_include_dir (or subdir) */
 			return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
 		}
 		if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
 			return NULL;
 		}
 		return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
 	}
 	if (!path || (path && !*path)) {
 		if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
 			return NULL;
 		}
 		return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
 	}
@ -733,21 +664,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
 		if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) {
 			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN);
 		}
 		if (PG(safe_mode)) {
 			if (VCWD_STAT(trypath, &sb) == 0) {
 				/* file exists ... check permission */
 				if (php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0 ||
 					php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)
 				) {
 					/* UID ok, or trypath is in safe_mode_include_dir */
 					fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
 				} else {
 					fp = NULL;
 				}
 				efree(pathbuf);
 				return fp;
 			}
 		}
 		fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
 		if (fp) {
 			efree(pathbuf);
--- a/Show more
+++ b/Show more