[PHP-DEV] patch to allow file-uploads in safe_mode without user-id fiddleing From: Thies C. Arntzen (thies <email protected>)
Date: 01/08/01

Index: main/safe_mode.c
===================================================================
RCS file: /repository/php4/main/safe_mode.c,v
retrieving revision 1.24
diff -u -u -r1.24 safe_mode.c
--- main/safe_mode.c 2000/12/16 20:52:43 1.24
+++ main/safe_mode.c 2001/01/08 19:01:25
@@ -121,6 +121,14 @@
         if (duid == (uid=php_getuid())) {
                 return 1;
         } else {
+ SLS_FETCH();
+
+ if (SG(rfc1867_uploaded_files)) {
+ if (zend_hash_exists(SG(rfc1867_uploaded_files),filename,strlen(filename)+1)) {
+ return 1;
+ }
+ }
+
                 php_error(E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", uid, filename, duid);
                 return 0;
         }

am i way off or is this something we should allow?

explanation: allow access to every rfc1867_uploaded_files in
safe_mode even if itÄs not owned by the same UID as the script.

tc 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>