2 files changed, 11 insertions, 3 deletions

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index cbfe5455b8..c2e7bb2859 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -2490,7 +2490,11 @@ PHP_FUNCTION(move_uploaded_file)
 	if (!zend_hash_exists(SG(rfc1867_uploaded_files), Z_STRVAL_PP(path), Z_STRLEN_PP(path)+1)) {
 		RETURN_FALSE;
 	}
-
+	
+	if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(new_path), NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+ 		RETURN_FALSE;
+ 	}
+	
 	V_UNLINK(Z_STRVAL_PP(new_path));
 	if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path))==0) {
 		successful=1;
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 2808d41a6b..e2062405b5 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1691,7 +1691,7 @@ PHP_FUNCTION(copy)
 {
 	pval **source, **target;
 	PLS_FETCH();
-	
+
 	if (ARG_COUNT(ht) != 2 || zend_get_parameters_ex(2, &source, &target) == FAILURE) {
 		WRONG_PARAM_COUNT;
 	}
@@ -1702,7 +1702,11 @@ PHP_FUNCTION(copy)
 	if (PG(safe_mode) &&(!php_checkuid((*source)->value.str.val, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}
-	
+
+	if (PG(safe_mode) &&(!php_checkuid((*target)->value.str.val, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+		RETURN_FALSE;
+	}
+
 	if (php_copy_file(Z_STRVAL_PP(source), Z_STRVAL_PP(target))==SUCCESS) {
 		RETURN_TRUE;
 	} else {