Fixed bug #31054 (safe_mode & open_basedir checks only check first

include_path value).

2 files changed, 10 insertions, 8 deletions

diff --git a/NEWS b/NEWS
index a8ee9b013d..446ac3958d 100644
--- a/NEWS
+++ b/NEWS
@@ -34,6 +34,8 @@ PHP                                                                        NEWS
   PHP). (Marcus)
 - Fixed bug #31256 (PHP_EVAL_LIBLINE configure macro does not handle -pthread).
   (Jani)
+- Fixed bug #31054 (safe_mode & open_basedir checks only check first 
+  include_path value). (Ilia)
 - Fixed bug #29683 (headers_list() returns empty array). (Tony)
 - Fixed bug #28355 (glob wont error if dir is not readable). (Hartmut)
 - Fixed bugs #20382, #28024, #30532, #32086, #32270, #32555, #32588, #33056
diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c
index 8ef2ae080e..7bc149fa56 100644
--- a/main/streams/plain_wrapper.c
+++ b/main/streams/plain_wrapper.c
@@ -1297,24 +1297,24 @@ not_relative_path:
 			end++;
 		}
 		snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
-		
-		if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(trypath TSRMLS_CC)) {
-			stream = NULL;
-			goto stream_done;
+
+		if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir_ex(trypath, 0 TSRMLS_CC)) {
+			ptr = end;
+			continue;
 		}
 		
 		if (PG(safe_mode)) {
 			if (VCWD_STAT(trypath, &sb) == 0) {
 				/* file exists ... check permission */
 				if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) ||
-						php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) {
+						php_checkuid_ex(trypath, mode, CHECKUID_CHECK_MODE_PARAM, CHECKUID_NO_ERRORS)) {
 					/* UID ok, or trypath is in safe_mode_include_dir */
 					stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
-				} else {
-					stream = NULL;
+					goto stream_done;
 				}
-				goto stream_done;
 			}
+			ptr = end;
+			continue;
 		}
 		stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
 		if (stream) {