Index: main/fopen_wrappers.c =================================================================== RCS file: /repository/php-src/main/fopen_wrappers.c,v retrieving revision 1.175 diff -u -p -d -r1.175 fopen_wrappers.c --- main/fopen_wrappers.c 3 Aug 2005 14:08:28 -0000 1.175 +++ main/fopen_wrappers.c 11 Aug 2005 22:57:54 -0000 @@ -187,12 +187,12 @@ PHPAPI int php_check_open_basedir_ex(con } /* }}} */ -/* {{{ php_check_safe_mode_include_dir +/* {{{ php_check_safe_mode_dir_ex */ -PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC) +static int php_check_safe_mode_dir_ex(char *path, char *safe_mode_dir TSRMLS_DC) { if (PG(safe_mode)) { - if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) { + if (safe_mode_dir && *safe_mode_dir) { char *pathbuf; char *ptr; char *end; @@ -202,7 +202,7 @@ PHPAPI int php_check_safe_mode_include_d if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) return -1; - pathbuf = estrdup(PG(safe_mode_include_dir)); + pathbuf = estrdup(safe_mode_dir); ptr = pathbuf; @@ -237,6 +237,14 @@ PHPAPI int php_check_safe_mode_include_d } /* }}} */ +PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC) { + return php_check_safe_mode_dir_ex(path, PG(safe_mode_include_dir) TSRMLS_CC); +} + +PHPAPI int php_check_safe_mode_exec_dir(char *path TSRMLS_DC) { + return php_check_safe_mode_dir_ex(path, PG(safe_mode_exec_dir) TSRMLS_CC); +} + /* {{{ php_fopen_and_set_opened_path */ static FILE *php_fopen_and_set_opened_path(const char *path, char *mode, char **opened_path TSRMLS_DC) Index: main/fopen_wrappers.h =================================================================== RCS file: /repository/php-src/main/fopen_wrappers.h,v retrieving revision 1.44 diff -u -p -d -r1.44 fopen_wrappers.h --- main/fopen_wrappers.h 3 Aug 2005 14:08:29 -0000 1.44 +++ main/fopen_wrappers.h 11 Aug 2005 22:57:54 -0000 @@ -32,6 +32,7 @@ PHPAPI int php_check_open_basedir_ex(con PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path TSRMLS_DC); PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC); +PHPAPI int php_check_safe_mode_exec_dir(char *path TSRMLS_DC); PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **opened_path TSRMLS_DC); Index: main/streams/plain_wrapper.c =================================================================== RCS file: /repository/php-src/main/streams/plain_wrapper.c,v retrieving revision 1.52 diff -u -p -d -r1.52 plain_wrapper.c --- main/streams/plain_wrapper.c 3 Aug 2005 14:08:42 -0000 1.52 +++ main/streams/plain_wrapper.c 11 Aug 2005 22:57:54 -0000 @@ -947,7 +947,10 @@ static int php_plain_files_url_stater(ph url += sizeof("file://") - 1; } - if (PG(safe_mode) &&(!php_checkuid_ex(url, NULL, CHECKUID_CHECK_FILE_AND_DIR, (flags & PHP_STREAM_URL_STAT_QUIET) ? CHECKUID_NO_ERRORS : 0))) { + if (PG(safe_mode) && (!php_check_safe_mode_include_dir(url TSRMLS_CC) || !php_check_safe_mode_exec_dir(url TSRMLS_CC))) { + /* it's ok, the file is in one of our safe_mode_include_dir/safe_mode_exec_dir dirs, so we can stat() it */ + } + else if (PG(safe_mode) && (!php_checkuid_ex(url, NULL, CHECKUID_CHECK_FILE_AND_DIR, (flags & PHP_STREAM_URL_STAT_QUIET) ? CHECKUID_NO_ERRORS : 0))) { return -1; }