@- Allow access to uploaded files in safe_mode. Beware that you can only

@ read the file. If you copy it to new location the copy will not have the @ right UID and you script won't be able to access that copy. (Thies)
author: Thies C. Arntzen <thies@php.net> 2001-01-09 11:58:57 +0000
committer: Thies C. Arntzen <thies@php.net> 2001-01-09 11:58:57 +0000
commit: 0719e7e0061068e60d54d77088bdc9aff9bd170c (patch)
tree: cdc4de06cf0ad9e516ad34930189c9587ecd920b /main/safe_mode.c
parent: e247b206e07fddb7e6d34c5e67589c25d53d2782 (diff)
download: php-git-0719e7e0061068e60d54d77088bdc9aff9bd170c.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/main/safe_mode.c b/main/safe_mode.c
index d8ae18fa12..d677a48977 100644
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -121,6 +121,14 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
 	if (duid == (uid=php_getuid())) {
 		return 1;
 	} else {
+		SLS_FETCH();
+
+		if (SG(rfc1867_uploaded_files)) {
+			if (zend_hash_exists(SG(rfc1867_uploaded_files),filename,strlen(filename)+1)) {
+				return 1;
+			}
+		}
+
 		php_error(E_WARNING, "SAFE MODE Restriction in effect.  The script whose uid is %ld is not allowed to access %s owned by uid %ld", uid, filename, duid);
 		return 0;
 	}
author	Thies C. Arntzen <thies@php.net>	2001-01-09 11:58:57 +0000
committer	Thies C. Arntzen <thies@php.net>	2001-01-09 11:58:57 +0000
commit	0719e7e0061068e60d54d77088bdc9aff9bd170c (patch)
tree	cdc4de06cf0ad9e516ad34930189c9587ecd920b /main/safe_mode.c
parent	e247b206e07fddb7e6d34c5e67589c25d53d2782 (diff)
download	php-git-0719e7e0061068e60d54d77088bdc9aff9bd170c.tar.gz