diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/standard/file.c | 2 |
2 files changed, 2 insertions, 1 deletions
@@ -1,6 +1,7 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 30 Mar 2006, PHP 5.1.3RC2 +- Fixed safe_mode check for source argument of the copy() function. (Ilia) - Fixed mysqli bigint conversion under Windows (Georg) - Fixed XSS inside phpinfo() with long inputs. (Ilia) - Check 2nd parameter of tempnam() against path components. (Ilia) diff --git a/ext/standard/file.c b/ext/standard/file.c index 12816c75c5..bc5ee3d2c1 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1767,7 +1767,7 @@ no_stat: } safe_to_copy: - srcstream = php_stream_open_wrapper(src, "rb", STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS, NULL); + srcstream = php_stream_open_wrapper(src, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); if (!srcstream) { return ret; |