Propagate STREAM_DISABLE_OPEN_BASEDIR src flag to php_stream_stat_path_ex

Otherwise we can get open_basedir warnings from the stat call while still
performing the actual copy.

Fixes GH-11138
Closes GH-11156

NEWS

@@ -8,6 +8,10 @@ PHP                                                                        NEWS
 - PGSQL:
   . Fixed parameter parsing of pg_lo_export(). (kocsismate)
 
+- Standard:
+  . Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for
+    source file). (ilutov)
+
 11 May 2023, PHP 8.1.19
 
 - Core:

Zend/tests/gh11138.phpt

@@ -0,0 +1,28 @@
+--TEST--
+move_uploaded_file() emits open_basedir warning for source file
+--POST_RAW--
+Content-type: multipart/form-data, boundary=AaB03x
+
+--AaB03x
+content-disposition: form-data; name="file"; filename="file.txt"
+Content-Type: text/plain
+
+foo
+--AaB03x--
+--FILE--
+<?php
+
+ini_set('open_basedir', __DIR__);
+
+$destination = __DIR__ . '/gh11138.tmp';
+var_dump(move_uploaded_file($_FILES['file']['tmp_name'], $destination));
+echo file_get_contents($destination), "\n";
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/gh11138.tmp');
+?>
+--EXPECT--
+bool(true)
+foo

ext/standard/file.c

@@ -1669,8 +1669,9 @@ PHPAPI int php_copy_file_ctx(const char *src, const char *dest, int src_flg, php
 	php_stream *srcstream = NULL, *deststream = NULL;
 	int ret = FAILURE;
 	php_stream_statbuf src_s, dest_s;
+	int src_stat_flags = (src_flg & STREAM_DISABLE_OPEN_BASEDIR) ? PHP_STREAM_URL_STAT_IGNORE_OPEN_BASEDIR : 0;
 
-	switch (php_stream_stat_path_ex(src, 0, &src_s, ctx)) {
+	switch (php_stream_stat_path_ex(src, src_stat_flags, &src_s, ctx)) {
 		case -1:
 			/* non-statable stream */
 			goto safe_to_copy;