Permalink
Browse files

Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.

  • Loading branch information...
1 parent 8c15aa2 commit 80bdbc8f66134c206d441edb765b5eb86234f135 @rlerdorf rlerdorf committed Sep 29, 2009
Showing with 8 additions and 0 deletions.
  1. +4 −0 NEWS
  2. +4 −0 ext/standard/file.c
View
4 NEWS
@@ -8,6 +8,10 @@
- Implemented FR #49253 (added support for libcurl's CERTINFO option).
(Linus Nielsen Feltzing <linus@haxx.se>)
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
+ (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
+ Stachowiak. (Rasmus)
- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
- Fixed bug #49647 (DOMUserData does not exist). (Rob)
- Fixed bug #49630 (imap_listscan function missing). (Felipe)
View
@@ -846,6 +846,10 @@ PHP_FUNCTION(tempnam)
return;
}
+ if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+ RETURN_FALSE;
+ }
+
if (php_check_open_basedir(dir TSRMLS_CC)) {
RETURN_FALSE;
}

0 comments on commit 80bdbc8

Please sign in to comment.