Recently we've experienced an issue regarding the safe mode check in
tempnam() which was introduced in r288945 4 months ago. When calling
tempnam("/tmp/foo"), with /tmp/foo being a directory, it turned out that
the safe mode UID check was performed on /tmp instead of /tmp/foo. When
calling tempnam("/tmp/foo/"), everything worked as expected. Changing
the mode parameter for the php_checkuid call from
CHECKUID_ALLOW_ONLY_DIR to CHECKUID_CHECK_FILE_AND_DIR fixes this issue.
A patch for PHP_5_2 is attached. Is the chosen approach correct? I
have been unable to come up with a fitting unit test because I could not
figure out how to create the necessary directory scaffolding in e.g.
/tmp with safe_mode=1 already being set in the --INI-- section of the test.
- Martin
Index: file.c
===================================================================
--- file.c (revision 294764)
+++ file.c (working copy)
@@ -828,7 +828,7 @@
convert_to_string_ex(arg1);
convert_to_string_ex(arg2);
- if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(arg1), NULL,
CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
