Mirrors
/
php
mirror of https://github.com/php/php-src
3
0
Fork 0
Code Releases Activity
Browse Source

Fixed safe_mode validation inside tempnam() when the directory path does not end with a /).

experimental/the_5_4_that_isnt_5_4
Ilia Alshanetsky 17 years ago
parent
e2b9a01e70
commit
ad9bbf26ab
2 changed files with 3 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      NEWS
  2. 2
      ext/standard/file.c

2
NEWS
View File

@ -15,6 +15,8 @@ PHP NEWS
- Added stream filter support to mcrypt extension (ported from
mcrypt_filter). (Stas)
- Fixed safe_mode validation inside tempnam() when the directory path does
not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
- Fixed possible crash when a error/warning is raised during php startup.

2
ext/standard/file.c
View File

@ -836,7 +836,7 @@ PHP_FUNCTION(tempnam)
return;
}
if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}

Write Preview
Loading…
Cancel
Save